{"openvas": [{"lastseen": "2019-05-29T18:36:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9529", "CVE-2014-8134", "CVE-2015-1420", "CVE-2015-1593", "CVE-2014-9090", "CVE-2015-3291", "CVE-2015-3339", "CVE-2014-8989", "CVE-2015-1421", "CVE-2014-8159", "CVE-2014-8559", "CVE-2015-5697", "CVE-2015-0239", "CVE-2015-3636", "CVE-2015-1333", "CVE-2015-0275", "CVE-2015-3290", "CVE-2015-2150", "CVE-2014-9428", "CVE-2014-8133", "CVE-2014-9419", "CVE-2014-9585", "CVE-2015-2042", "CVE-2015-2666"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-08-13T00:00:00", "id": "OPENVAS:1361412562310869857", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869857", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2015-12917", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2015-12917\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869857\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-13 06:35:44 +0200 (Thu, 13 Aug 2015)\");\n script_cve_id(\"CVE-2015-5697\", \"CVE-2015-3290\", \"CVE-2015-3291\", \"CVE-2015-1333\",\n \"CVE-2015-1420\", \"CVE-2015-3636\", \"CVE-2015-3339\", \"CVE-2015-2150\",\n \"CVE-2015-2666\", \"CVE-2014-8159\", \"CVE-2015-2042\", \"CVE-2015-1421\",\n \"CVE-2015-0275\", \"CVE-2015-1593\", \"CVE-2015-0239\", \"CVE-2014-9585\",\n \"CVE-2014-9529\", \"CVE-2014-9419\", \"CVE-2014-9428\", \"CVE-2014-8989\",\n \"CVE-2014-8559\", \"CVE-2014-8133\", \"CVE-2014-8134\", \"CVE-2014-9090\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2015-12917\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-12917\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163711.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.1.4~100.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9529", "CVE-2014-8134", "CVE-2015-1420", "CVE-2015-1593", "CVE-2014-9090", "CVE-2015-3291", "CVE-2015-3339", "CVE-2014-8989", "CVE-2015-1421", "CVE-2014-8159", "CVE-2014-8559", "CVE-2015-5697", "CVE-2015-0239", "CVE-2015-3636", "CVE-2015-1333", "CVE-2015-0275", "CVE-2015-3290", "CVE-2015-2150", "CVE-2014-9428", "CVE-2014-8133", "CVE-2014-9419", "CVE-2014-9585", "CVE-2015-2042", "CVE-2015-2666"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-08-20T00:00:00", "id": "OPENVAS:1361412562310869889", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869889", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2015-13391", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2015-13391\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869889\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-20 06:43:17 +0200 (Thu, 20 Aug 2015)\");\n script_cve_id(\"CVE-2015-5697\", \"CVE-2015-3290\", \"CVE-2015-3291\", \"CVE-2015-1333\",\n \"CVE-2015-1420\", \"CVE-2015-3636\", \"CVE-2015-3339\", \"CVE-2015-2150\",\n \"CVE-2015-2666\", \"CVE-2014-8159\", \"CVE-2015-2042\", \"CVE-2015-1421\",\n \"CVE-2015-0275\", \"CVE-2015-1593\", \"CVE-2015-0239\", \"CVE-2014-9585\",\n \"CVE-2014-9529\", \"CVE-2014-9419\", \"CVE-2014-9428\", \"CVE-2014-8989\",\n \"CVE-2014-8559\", \"CVE-2014-8133\", \"CVE-2014-8134\", \"CVE-2014-9090\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2015-13391\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-13391\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-August/164193.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.1.5~100.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9529", "CVE-2014-8134", "CVE-2015-1593", "CVE-2014-9090", "CVE-2015-3339", "CVE-2014-8989", "CVE-2015-1421", "CVE-2014-8159", "CVE-2014-8559", "CVE-2015-0239", "CVE-2015-3636", "CVE-2015-0275", "CVE-2015-2150", "CVE-2014-9428", "CVE-2014-8133", "CVE-2014-9419", "CVE-2014-9585", "CVE-2015-2042", "CVE-2015-2666"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-06-09T00:00:00", "id": "OPENVAS:1361412562310869369", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869369", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2015-9127", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2015-9127\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869369\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-09 10:42:19 +0200 (Tue, 09 Jun 2015)\");\n script_cve_id(\"CVE-2015-3636\", \"CVE-2015-3339\", \"CVE-2015-2150\", \"CVE-2015-2666\",\n \"CVE-2014-8159\", \"CVE-2015-2042\", \"CVE-2015-1421\", \"CVE-2015-0275\",\n \"CVE-2015-1593\", \"CVE-2015-0239\", \"CVE-2014-9585\", \"CVE-2014-9529\",\n \"CVE-2014-9419\", \"CVE-2014-9428\", \"CVE-2014-8989\", \"CVE-2014-8559\",\n \"CVE-2014-8133\", \"CVE-2014-8134\", \"CVE-2014-9090\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2015-9127\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-9127\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-June/159317.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.0.4~202.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9529", "CVE-2014-8134", "CVE-2015-1593", "CVE-2014-9090", "CVE-2015-3339", "CVE-2014-8989", "CVE-2015-1421", "CVE-2014-8159", "CVE-2014-8559", "CVE-2015-0239", "CVE-2015-3636", "CVE-2015-0275", "CVE-2015-2150", "CVE-2014-9428", "CVE-2014-8133", "CVE-2014-9419", "CVE-2014-9585", "CVE-2015-2042", "CVE-2015-2666"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-06-09T00:00:00", "id": "OPENVAS:1361412562310869374", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869374", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2015-7736", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2015-7736\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869374\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-09 10:43:39 +0200 (Tue, 09 Jun 2015)\");\n script_cve_id(\"CVE-2015-3636\", \"CVE-2015-3339\", \"CVE-2015-2150\", \"CVE-2015-2666\",\n \"CVE-2014-8159\", \"CVE-2015-2042\", \"CVE-2015-1421\", \"CVE-2015-0275\",\n \"CVE-2015-1593\", \"CVE-2015-0239\", \"CVE-2014-9585\", \"CVE-2014-9529\",\n \"CVE-2014-9419\", \"CVE-2014-9428\", \"CVE-2014-8989\", \"CVE-2014-8559\",\n \"CVE-2014-8133\", \"CVE-2014-8134\", \"CVE-2014-9090\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2015-7736\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-7736\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-May/157897.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.19.7~200.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4692", "CVE-2014-9529", "CVE-2014-8134", "CVE-2015-1420", "CVE-2015-1593", "CVE-2014-9090", "CVE-2015-3339", "CVE-2014-8989", "CVE-2015-1421", "CVE-2014-8159", "CVE-2014-8559", "CVE-2015-0239", "CVE-2015-3636", "CVE-2015-0275", "CVE-2015-2150", "CVE-2014-9428", "CVE-2014-8133", "CVE-2014-9419", "CVE-2014-9585", "CVE-2015-2042", "CVE-2015-2666"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-07-01T00:00:00", "id": "OPENVAS:1361412562310869476", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869476", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2015-10678", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2015-10678\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869476\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-01 06:26:35 +0200 (Wed, 01 Jul 2015)\");\n script_cve_id(\"CVE-2015-1420\", \"CVE-2015-3636\", \"CVE-2015-3339\", \"CVE-2015-2150\",\n \"CVE-2015-2666\", \"CVE-2014-8159\", \"CVE-2015-2042\", \"CVE-2015-1421\",\n \"CVE-2015-0275\", \"CVE-2015-1593\", \"CVE-2015-0239\", \"CVE-2014-9585\",\n \"CVE-2014-9529\", \"CVE-2014-9419\", \"CVE-2014-9428\", \"CVE-2014-8989\",\n \"CVE-2014-8559\", \"CVE-2014-8133\", \"CVE-2014-8134\", \"CVE-2014-9090\",\n \"CVE-2015-4692\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2015-10678\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-10678\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-June/161144.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.0.6~200.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9529", "CVE-2014-8134", "CVE-2015-1420", "CVE-2015-1593", "CVE-2014-9090", "CVE-2015-3339", "CVE-2014-8989", "CVE-2015-1421", "CVE-2014-8159", "CVE-2014-8559", "CVE-2015-0239", "CVE-2015-3636", "CVE-2015-0275", "CVE-2015-2150", "CVE-2014-9428", "CVE-2014-8133", "CVE-2014-9419", "CVE-2014-9585", "CVE-2015-2042", "CVE-2015-2666"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-06-21T00:00:00", "id": "OPENVAS:1361412562310869459", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869459", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2015-9704", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2015-9704\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869459\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-21 05:55:37 +0200 (Sun, 21 Jun 2015)\");\n script_cve_id(\"CVE-2015-1420\", \"CVE-2015-3636\", \"CVE-2015-3339\", \"CVE-2015-2150\", \"CVE-2015-2666\", \"CVE-2014-8159\", \"CVE-2015-2042\", \"CVE-2015-1421\", \"CVE-2015-0275\", \"CVE-2015-1593\", \"CVE-2015-0239\", \"CVE-2014-9585\", \"CVE-2014-9529\", \"CVE-2014-9419\", \"CVE-2014-9428\", \"CVE-2014-8989\", \"CVE-2014-8559\", \"CVE-2014-8133\", \"CVE-2014-8134\", \"CVE-2014-9090\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2015-9704\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-9704\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160328.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.0.5~200.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9529", "CVE-2014-8134", "CVE-2015-1593", "CVE-2014-9090", "CVE-2014-8989", "CVE-2015-1421", "CVE-2014-8159", "CVE-2014-8559", "CVE-2015-0239", "CVE-2015-0275", "CVE-2015-2150", "CVE-2014-9428", "CVE-2014-8133", "CVE-2014-9419", "CVE-2014-9585", "CVE-2015-2042", "CVE-2015-2666"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-03-30T00:00:00", "id": "OPENVAS:1361412562310869136", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869136", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2015-4457", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2015-4457\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869136\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-30 07:00:09 +0200 (Mon, 30 Mar 2015)\");\n script_cve_id(\"CVE-2015-2666\", \"CVE-2014-8159\", \"CVE-2015-2150\", \"CVE-2015-2042\",\n \"CVE-2015-1421\", \"CVE-2015-0275\", \"CVE-2015-1593\", \"CVE-2015-0239\",\n \"CVE-2014-9585\", \"CVE-2014-9529\", \"CVE-2014-9419\", \"CVE-2014-9428\",\n \"CVE-2014-8989\", \"CVE-2014-8559\", \"CVE-2014-8133\", \"CVE-2014-8134\",\n \"CVE-2014-9090\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2015-4457\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-4457\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-March/153329.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.19.2~201.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9529", "CVE-2014-8134", "CVE-2015-1593", "CVE-2014-9090", "CVE-2014-8989", "CVE-2015-1421", "CVE-2014-8159", "CVE-2014-8559", "CVE-2015-0239", "CVE-2015-0275", "CVE-2015-2150", "CVE-2014-9428", "CVE-2014-8133", "CVE-2014-9419", "CVE-2014-9585", "CVE-2015-2042"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-03-21T00:00:00", "id": "OPENVAS:1361412562310869115", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869115", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2015-4059", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2015-4059\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869115\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-21 07:16:42 +0100 (Sat, 21 Mar 2015)\");\n script_cve_id(\"CVE-2014-8159\", \"CVE-2015-2150\", \"CVE-2015-2042\", \"CVE-2015-1421\",\n \"CVE-2015-0275\", \"CVE-2015-1593\", \"CVE-2015-0239\", \"CVE-2014-9585\",\n \"CVE-2014-9529\", \"CVE-2014-9419\", \"CVE-2014-9428\", \"CVE-2014-8989\",\n \"CVE-2014-8559\", \"CVE-2014-8133\", \"CVE-2014-8134\", \"CVE-2014-9090\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2015-4059\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-4059\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-March/152492.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.19.1~201.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9529", "CVE-2014-8134", "CVE-2015-1593", "CVE-2014-9090", "CVE-2015-2922", "CVE-2014-8989", "CVE-2015-1421", "CVE-2014-8159", "CVE-2014-8559", "CVE-2015-0239", "CVE-2015-0275", "CVE-2015-2150", "CVE-2014-9428", "CVE-2014-8133", "CVE-2014-9419", "CVE-2014-9585", "CVE-2015-2042", "CVE-2015-2666"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-04-23T00:00:00", "id": "OPENVAS:1361412562310869284", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869284", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2015-6320", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2015-6320\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869284\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-23 07:30:38 +0200 (Thu, 23 Apr 2015)\");\n script_cve_id(\"CVE-2015-2150\", \"CVE-2015-2666\", \"CVE-2014-8159\", \"CVE-2015-2042\",\n \"CVE-2015-1421\", \"CVE-2015-0275\", \"CVE-2015-1593\", \"CVE-2015-0239\",\n \"CVE-2014-9585\", \"CVE-2014-9529\", \"CVE-2014-9419\", \"CVE-2014-9428\",\n \"CVE-2014-8989\", \"CVE-2014-8559\", \"CVE-2014-8133\", \"CVE-2014-8134\",\n \"CVE-2014-9090\", \"CVE-2015-2922\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2015-6320\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-6320\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155854.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.19.4~200.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9529", "CVE-2014-8134", "CVE-2015-1593", "CVE-2014-9090", "CVE-2014-8989", "CVE-2015-1421", "CVE-2014-8559", "CVE-2015-0239", "CVE-2015-0275", "CVE-2014-9428", "CVE-2014-8133", "CVE-2014-9419", "CVE-2014-9585"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-03-10T00:00:00", "id": "OPENVAS:1361412562310869077", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869077", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2015-3011", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2015-3011\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869077\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-10 06:32:36 +0100 (Tue, 10 Mar 2015)\");\n script_cve_id(\"CVE-2015-1421\", \"CVE-2015-0275\", \"CVE-2015-1593\", \"CVE-2015-0239\",\n \"CVE-2014-9585\", \"CVE-2014-9529\", \"CVE-2014-9419\", \"CVE-2014-9428\",\n \"CVE-2014-8989\", \"CVE-2014-8559\", \"CVE-2014-8133\", \"CVE-2014-8134\",\n \"CVE-2014-9090\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2015-3011\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-3011\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-March/151096.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.18.8~201.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8133", "CVE-2014-8134", "CVE-2014-8159", "CVE-2014-8559", "CVE-2014-8989", "CVE-2014-9090", "CVE-2014-9419", "CVE-2014-9428", "CVE-2014-9529", "CVE-2014-9585", "CVE-2015-0239", "CVE-2015-0275", "CVE-2015-1333", "CVE-2015-1420", "CVE-2015-1421", "CVE-2015-1593", "CVE-2015-2042", "CVE-2015-2150", "CVE-2015-2666", "CVE-2015-3290", "CVE-2015-3291", "CVE-2015-3339", "CVE-2015-3636", "CVE-2015-5697"], "description": "The kernel meta package ", "modified": "2015-08-12T07:05:31", "published": "2015-08-12T07:05:31", "id": "FEDORA:60B8C60918D5", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: kernel-4.1.4-100.fc21", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8133", "CVE-2014-8134", "CVE-2014-8159", "CVE-2014-8559", "CVE-2014-8989", "CVE-2014-9090", "CVE-2014-9419", "CVE-2014-9428", "CVE-2014-9529", "CVE-2014-9585", "CVE-2015-0239", "CVE-2015-0275", "CVE-2015-1421", "CVE-2015-1593", "CVE-2015-2042", "CVE-2015-2150", "CVE-2015-2666", "CVE-2015-3339", "CVE-2015-3636"], "description": "The kernel meta package ", "modified": "2015-05-12T20:41:10", "published": "2015-05-12T20:41:10", "id": "FEDORA:D0CC960762B3", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: kernel-3.19.7-200.fc21", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8133", "CVE-2014-8134", "CVE-2014-8159", "CVE-2014-8559", "CVE-2014-8989", "CVE-2014-9090", "CVE-2014-9419", "CVE-2014-9428", "CVE-2014-9529", "CVE-2014-9585", "CVE-2015-0239", "CVE-2015-0275", "CVE-2015-1421", "CVE-2015-1593", "CVE-2015-2042", "CVE-2015-2150", "CVE-2015-2666", "CVE-2015-3339", "CVE-2015-3636"], "description": "The kernel meta package ", "modified": "2015-06-01T17:07:06", "published": "2015-06-01T17:07:06", "id": "FEDORA:0777460874C8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: kernel-4.0.4-202.fc21", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8133", "CVE-2014-8134", "CVE-2014-8159", "CVE-2014-8559", "CVE-2014-8989", "CVE-2014-9090", "CVE-2014-9419", "CVE-2014-9428", "CVE-2014-9529", "CVE-2014-9585", "CVE-2015-0239", "CVE-2015-0275", "CVE-2015-1420", "CVE-2015-1421", "CVE-2015-1593", "CVE-2015-2042", "CVE-2015-2150", "CVE-2015-2666", "CVE-2015-3339", "CVE-2015-3636", "CVE-2015-4692"], "description": "The kernel meta package ", "modified": "2015-06-30T20:12:56", "published": "2015-06-30T20:12:56", "id": "FEDORA:CE3236087E07", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: kernel-4.0.6-200.fc21", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8133", "CVE-2014-8134", "CVE-2014-8159", "CVE-2014-8559", "CVE-2014-8989", "CVE-2014-9090", "CVE-2014-9419", "CVE-2014-9428", "CVE-2014-9529", "CVE-2014-9585", "CVE-2015-0239", "CVE-2015-0275", "CVE-2015-1420", "CVE-2015-1421", "CVE-2015-1593", "CVE-2015-2042", "CVE-2015-2150", "CVE-2015-2666", "CVE-2015-3339", "CVE-2015-3636"], "description": "The kernel meta package ", "modified": "2015-06-20T23:59:29", "published": "2015-06-20T23:59:29", "id": "FEDORA:51EB2601616F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: kernel-4.0.5-200.fc21", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8133", "CVE-2014-8134", "CVE-2014-8159", "CVE-2014-8559", "CVE-2014-8989", "CVE-2014-9090", "CVE-2014-9419", "CVE-2014-9428", "CVE-2014-9529", "CVE-2014-9585", "CVE-2015-0239", "CVE-2015-0275", "CVE-2015-1421", "CVE-2015-1593", "CVE-2015-2042", "CVE-2015-2150", "CVE-2015-2666"], "description": "The kernel meta package ", "modified": "2015-03-29T04:31:39", "published": "2015-03-29T04:31:39", "id": "FEDORA:92F5160877B4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: kernel-3.19.2-201.fc21", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8133", "CVE-2014-8134", "CVE-2014-8159", "CVE-2014-8559", "CVE-2014-8989", "CVE-2014-9090", "CVE-2014-9419", "CVE-2014-9428", "CVE-2014-9529", "CVE-2014-9585", "CVE-2015-0239", "CVE-2015-0275", "CVE-2015-1421", "CVE-2015-1593", "CVE-2015-2042", "CVE-2015-2150"], "description": "The kernel meta package ", "modified": "2015-03-21T05:01:11", "published": "2015-03-21T05:01:11", "id": "FEDORA:1661D600FD84", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: kernel-3.19.1-201.fc21", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8133", "CVE-2014-8134", "CVE-2014-8159", "CVE-2014-8559", "CVE-2014-8989", "CVE-2014-9090", "CVE-2014-9419", "CVE-2014-9428", "CVE-2014-9529", "CVE-2014-9585", "CVE-2015-0239", "CVE-2015-0275", "CVE-2015-1421", "CVE-2015-1593", "CVE-2015-2042", "CVE-2015-2150", "CVE-2015-2666", "CVE-2015-2922"], "description": "The kernel meta package ", "modified": "2015-04-22T22:54:38", "published": "2015-04-22T22:54:38", "id": "FEDORA:B9C4760130DC", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: kernel-3.19.4-200.fc21", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8133", "CVE-2014-8134", "CVE-2014-8559", "CVE-2014-8989", "CVE-2014-9090", "CVE-2014-9419", "CVE-2014-9428", "CVE-2014-9529", "CVE-2014-9585", "CVE-2015-0239", "CVE-2015-0275", "CVE-2015-1421", "CVE-2015-1593"], "description": "The kernel meta package ", "modified": "2015-03-09T08:17:35", "published": "2015-03-09T08:17:35", "id": "FEDORA:E1CE2605E17A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: kernel-3.18.8-201.fc21", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-8133", "CVE-2014-8134", "CVE-2014-8559", "CVE-2014-8989", "CVE-2014-9090", "CVE-2014-9419", "CVE-2014-9428", "CVE-2014-9529", "CVE-2014-9585"], "description": "The kernel meta package ", "modified": "2015-01-26T02:31:22", "published": "2015-01-26T02:31:22", "id": "FEDORA:4F15F6087C54", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: kernel-3.18.3-201.fc21", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "f5": [{"lastseen": "2020-04-06T22:39:40", "bulletinFamily": "software", "cvelist": ["CVE-2014-8559", "CVE-2015-3212", "CVE-2015-1333", "CVE-2015-0275", "CVE-2015-4700"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-04-08T21:00:00", "published": "2019-04-08T21:00:00", "id": "F5:K05211147", "href": "https://support.f5.com/csp/article/K05211147", "title": "Kernel vulnerabilities CVE-2014-8559, CVE-2015-0275, CVE-2015-1333, CVE-2015-3212, and CVE-2015-4700", "type": "f5", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-06-08T00:16:12", "bulletinFamily": "software", "cvelist": ["CVE-2014-9419"], "edition": 1, "description": "\nF5 Product Development has assigned ID 530413 (BIG-IP), ID 530553 (BIG-IQ), ID 530554 (Enterprise Manager), ID 520651 (FirePass), ID 461496 (ARX), and INSTALLER-1299 (Traffix) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 11.0.0 - 11.6.0* \n10.1.0 - 10.2.4* \n| 12.0.0 \n| Low | Linux kernel \n \nBIG-IP AAM | 11.4.0 - 11.6.0* \n| 12.0.0 \n| Low | Linux kernel \nBIG-IP AFM | 11.3.0 - 11.6.0* \n| 12.0.0 \n| Low | Linux kernel \nBIG-IP Analytics | 11.0.0 - 11.6.0* \n| 12.0.0 \n| Low | Linux kernel \nBIG-IP APM | 11.0.0 - 11.6.0* \n10.1.0 - 10.2.4* \n| 12.0.0 \n| Low | Linux kernel \nBIG-IP ASM | 11.0.0 - 11.6.0* \n10.1.0 - 10.2.4* \n| 12.0.0 \n| Low | Linux kernel \nBIG-IP DNS \n| None \n| 12.0.0 \n| Not vulnerable | None \nBIG-IP Edge Gateway \n| 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4* \n| None \n| Low | Linux kernel \nBIG-IP GTM | 11.0.0 - 11.6.0* \n10.1.0 - 10.2.4* \n| None \n| Low | Linux kernel \nBIG-IP Link Controller | 11.0.0 - 11.6.0* \n10.1.0 - 10.2.4* \n| 12.0.0 \n| Low | Linux kernel \nBIG-IP PEM | 11.3.0 - 11.6.0* \n| 12.0.0 \n| Low | Linux kernel \nBIG-IP PSM | 11.0.0 - 11.4.1* \n10.1.0 - 10.2.4* \n| None \n| Low | Linux kernel \nBIG-IP WebAccelerator | 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4* \n| None \n| Low | Linux kernel \nBIG-IP WOM | 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4* \n| None \n| Low | Linux kernel \nARX | 6.0.0 - 6.4.0* \n| None \n| Low | Linux kernel \n \nEnterprise Manager | 3.0.0 - 3.1.1* \n| None | Low | Linux kernel \n \nFirePass | 7.0.0* \n6.0.0 - 6.1.0* \n| None \n| Low | Linux kernel \n \nBIG-IQ Cloud | 4.0.0 - 4.5.0* \n| None \n| Low | Linux kernel \nBIG-IQ Device | 4.2.0 - 4.5.0* \n| None \n| Low | Linux kernel \nBIG-IQ Security | 4.0.0 - 4.5.0* \n| None \n| Low | Linux kernel \nBIG-IQ ADC | 4.5.0* \n| None \n| Low | Linux kernel \nLineRate | None \n| 2.5.0 - 2.6.1 \n| Not vulnerable | None \n \nF5 WebSafe | None \n| 1.0.0 \n| Not vulnerable | None \n \nTraffix SDC | 4.0.0 - 4.4.0* \n3.3.2 - 3.5.1* \n| None \n| Low | Linux kernel \n \n* Although the software of the affected F5 products contains the vulnerable code, the affected F5 products do not use the vulnerable code in a way that exposes the vulnerability in a standard configuration. An attacker must have local shell access to the affected F5 products to trigger an exploit.\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nTo mitigate this vulnerability for affected F5 products, you should only permit management access to F5 products over a secure network and limit shell access to only trusted users. For more information about securing access to BIG-IP/Enterprise Manager systems, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x - 12.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13902>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2016-01-09T02:25:00", "published": "2015-11-06T21:25:00", "href": "https://support.f5.com/csp/article/K17551", "id": "F5:K17551", "title": "Linux kernel vulnerability CVE-2014-9419", "type": "f5", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2020-04-06T22:40:48", "bulletinFamily": "software", "cvelist": ["CVE-2014-8134"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-09-07T02:46:00", "published": "2015-08-13T20:55:00", "id": "F5:K17120", "href": "https://support.f5.com/csp/article/K17120", "title": "Linux kernel vulnerability CVE-2014-8134", "type": "f5", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-06-08T00:16:33", "bulletinFamily": "software", "cvelist": ["CVE-2014-9529"], "edition": 1, "description": "\nF5 Product Development has assigned ID 505673 (BIG-IP), ID 525386 (BIG-IQ), ID 525388 (Enterprise Manager), and INSTALLER-1288 (Traffix) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| None \n| Low | Linux subsystem \n \nBIG-IP AAM | 12.0.0 \n11.4.0 - 11.6.0 \n| None \n| Low | Linux subsystem \nBIG-IP AFM | 12.0.0 \n11.3.0 - 11.6.0 \n| None \n| Low | Linux subsystem \nBIG-IP Analytics | 12.0.0 \n11.0.0 - 11.6.0 \n| None \n| Low | Linux subsystem \nBIG-IP APM | 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| None \n| Low | Linux subsystem \nBIG-IP ASM | 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| None \n| Low | Linux subsystem \nBIG-IP DNS | 12.0.0 \n| None \n| Low | Linux subsystem \nBIG-IP Edge Gateway \n| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 \n| None \n| Low | Linux subsystem \nBIG-IP GTM | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| None \n| Low | Linux subsystem \nBIG-IP Link Controller | 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| None \n| Low | Linux subsystem \nBIG-IP PEM | 12.0.0 \n11.3.0 - 11.6.0 \n| None \n| Low | Linux subsystem \nBIG-IP PSM | 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 \n| None \n| Low | Linux subsystem \nBIG-IP WebAccelerator | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 \n| None \n| Low | Linux subsystem \nBIG-IP WOM | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 \n| None \n| Low | Linux subsystem \nARX | None \n| 6.0.0 - 6.4.0 \n| Not vulnerable | None \n \nEnterprise Manager | 3.0.0 - 3.1.1 \n| None | Low | Linux subsystem \nFirePass | None \n| 7.0.0 \n6.0.0 - 6.1.0 \n| Not vulnerable \n| None \n \nBIG-IQ Cloud | 4.0.0 - 4.5.0 \n| None \n| Low | Linux subsystem \nBIG-IQ Device | 4.2.0 - 4.5.0 \n| None \n| Low | Linux subsystem \nBIG-IQ Security | 4.0.0 - 4.5.0 \n| None \n| Low | Linux subsystem \nBIG-IQ ADC | 4.5.0 \n| None \n| Low | Linux subsystem \nLineRate | None \n| 2.5.0 - 2.6.1 \n| Not vulnerable \n| None \n \nF5 WebSafe | None \n| 1.0.0 \n| Not vulnerable | None \n \nTraffix SDC | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 \n| None \n| Low | Linux subsystem \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nTo mitigate this vulnerability for affected F5 products, you should only permit management access over a secure network and limit shell access to trusted users. For more information about securing access to BIG-IP and Enterprise Manager systems, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2016-01-09T02:33:00", "published": "2015-09-08T22:57:00", "id": "F5:K17239", "href": "https://support.f5.com/csp/article/K17239", "title": "Linux kernel vulnerability CVE-2014-9529", "type": "f5", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-04-06T22:40:22", "bulletinFamily": "software", "cvelist": ["CVE-2014-9585"], "description": "\nF5 Product Development has assigned ID 527563, ID 505679 (BIG-IP), ID 525391 (BIG-IQ), ID 525392 (Enterprise Manager), and INSTALLER-1302 (Traffix) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv2 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 14.x | None | Not applicable | Low | [2.1](<https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=\\(AV:L/AC:L/Au:N/C:N/I:P/A:N\\)>) | Linux kernel \n13.x | None | Not applicable \n12.x | None | Not applicable \n11.x | 11.6.0 - 11.6.1 \n11.0.0 - 11.5.4 | 11.6.2 \n11.5.5 \nEnterprise Manager | 3.x | 3.0.0 - 3.1.1 | None | Low | [2.1](<https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=\\(AV:L/AC:L/Au:N/C:N/I:P/A:N\\)>) | Linux kernel \nBIG-IQ Centralized Management | 6.x | None | Not applicable | Low | [2.1](<https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=\\(AV:L/AC:L/Au:N/C:N/I:P/A:N\\)>) | Linux kernel \n5.x | 5.0.0 - 5.1.0 | 5.2.0 \nF5 iWorkflow | 2.x | None | Not applicable | Not vulnerable | None | None \nTraffix SDC | 5.x | None | Not applicable | Not vulnerable | None | None \n \n1The CVSSv2 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nTo mitigate this vulnerability, you should only permit management access to F5 products over a secure network and limit shell access to trusted users. For more information about securing access to BIG-IP and Enterprise Manager systems, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 1, "modified": "2019-06-17T19:22:00", "published": "2015-09-08T19:41:00", "id": "F5:K17241", "href": "https://support.f5.com/csp/article/K17241", "title": "Linux kernel vulnerability CVE-2014-9585", "type": "f5", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-04-10T17:14:49", "bulletinFamily": "software", "cvelist": ["CVE-2014-8133"], "description": "\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table: \n\n\nAdditionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H17132 on the **Diagnostics** > **Identified** > **Low** screen.\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 10.1.0 - 10.2.4| 11.0.0 - 11.6.0| Low| Linux kernel* \nBIG-IP AAM| None| 11.4.0 - 11.6.0| Not vulnerable| None \nBIG-IP AFM| None| 11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP Analytics| None| 11.0.0 - 11.6.0| Not vulnerable| None \nBIG-IP APM| 10.1.0 - 10.2.4| 11.0.0 - 11.6.0| Low| Linux kernel* \nBIG-IP ASM| 10.1.0 - 10.2.4| 11.0.0 - 11.6.0| Low| Linux kernel* \nBIG-IP Edge Gateway| 10.1.0 - 10.2.4| 11.0.0 - 11.3.0| Low| Linux kernel* \nBIG-IP GTM| 10.1.0 - 10.2.4| 11.0.0 - 11.6.0| Low| Linux kernel* \nBIG-IP Link Controller| 10.1.0 - 10.2.4| 11.0.0 - 11.6.0| Low| Linux kernel* \nBIG-IP PEM| None| 11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP PSM| 10.1.0 - 10.2.4| 11.0.0 - 11.4.1| Low| Linux kernel* \nBIG-IP WebAccelerator| 10.1.0 - 10.2.4| 11.0.0 - 11.3.0| Low| Linux kernel* \nBIG-IP WOM| 10.1.0 - 10.2.4| 11.0.0 - 11.3.0| Low| Linux kernel* \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\n*This vulnerability affects only 32-bit based systems. To determine if your BIG-IP device is a 32-bit based system, you can type the following command from the BIG-IP command line:\n\nuname -m\n\n32-bit systems will return **i686** or** i386** and 64-bit systems will return **x86_64**.\n\nThe F5 vulnerability severity has been marked as LOW due to the requirement that the attacker has local access and exposes partial confidentiality and/or integrity.\n\nTo mitigate this vulnerability for the BIG-IP system, you should permit management access to F5 products only over a secure network, and limit shell access to trusted users. For more information, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 1, "modified": "2017-04-06T19:01:00", "published": "2015-08-25T00:34:00", "id": "F5:K17132", "href": "https://support.f5.com/csp/article/K17132", "title": "Linux kernel vulnerability CVE-2014-8133", "type": "f5", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-16T00:21:25", "bulletinFamily": "software", "cvelist": ["CVE-2015-3339"], "description": "\nF5 Product Development has assigned ID 540018 (BIG-IP), ID 569537 (BIG-IQ), and ID 569538 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H95345942 on the **Diagnostics** > **Identified** > **Medium** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 \n11.6.0 - 11.6.1 \n11.0.0 - 11.5.4 \n10.1.0 - 10.2.4 | 13.0.0 \n12.1.0 - 12.1.2 \n12.0.0 HF3 \n11.6.2 \n11.5.5 | Medium | Linux kernel \nBIG-IP AAM | 12.0.0 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.0.0 \n12.1.0 - 12.1.2 \n12.0.0 HF3 \n11.6.2 \n11.5.5 | Medium | Linux kernel \nBIG-IP AFM | 12.0.0 \n11.6.0 - 11.6.1 \n11.3.0 - 11.5.4 | 13.0.0 \n12.1.0 - 12.1.2 \n12.0.0 HF3 \n11.6.2 \n11.5.5 | Medium | Linux kernel \nBIG-IP Analytics | 12.0.0 \n11.6.0 - 11.6.1 \n11.0.0 - 11.5.4 | 13.0.0 \n12.1.0 - 12.1.2 \n12.0.0 HF3 \n11.6.2 \n11.5.5 | Medium | Linux kernel \nBIG-IP APM | 12.0.0 \n11.6.0 - 11.6.1 \n11.0.0 - 11.5.4 \n10.1.0 - 10.2.4 | 13.0.0 \n12.1.0 - 12.1.2 \n12.0.0 HF3 \n11.6.2 \n11.5.5 | Medium | Linux kernel \nBIG-IP ASM | 12.0.0 \n11.6.0 - 11.6.1 \n11.0.0 - 11.5.4 \n10.1.0 - 10.2.4 | 13.0.0 \n12.1.0 - 12.1.2 \n12.0.0 HF3 \n11.6.2 \n11.5.5 | Medium | Linux kernel \nBIG-IP DNS | 12.0.0 | 13.0.0 \n12.1.0 - 12.1.2 \n12.0.0 HF3 | Medium | Linux kernel \nBIG-IP Edge Gateway | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None | Medium | Linux kernel \nBIG-IP GTM | 11.6.0 - 11.6.1 \n11.0.0 - 11.5.4 \n10.1.0 - 10.2.4 | 11.6.2 \n11.5.5 | Medium | Linux kernel \nBIG-IP Link Controller | 12.0.0 \n11.6.0 - 11.6.1 \n11.0.0 - 11.5.4 \n10.1.0 - 10.2.4 | 13.0.0 \n12.1.0 - 12.1.2 \n12.0.0 HF3 \n11.6.2 \n11.5.5 | Medium | Linux kernel \nBIG-IP PEM | 12.0.0 \n11.6.0 - 11.6.1 \n11.3.0 - 11.5.4 | 13.0.0 \n12.1.0 - 12.1.2 \n12.0.0 HF3 \n11.6.2 \n11.5.5 | Medium | Linux kernel \nBIG-IP PSM | 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 | None | Medium | Linux kernel \nBIG-IP WebAccelerator | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None | Medium | Linux kernel \nBIG-IP WOM | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | None | Medium | Linux kernel \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | 3.0.0 - 3.1.1 | None | Medium | Linux kernel \nFirePass | None | 7.0.0 | Not vulnerable | None \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Medium | Linux kernel \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Medium | Linux kernel \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Medium | Linux kernel \nBIG-IQ ADC | 4.5.0 | None | Medium | Linux kernel \nBIG-IQ Centralized Management | 4.6.0 | None | Medium | Linux kernel \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Medium | Linux kernel \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 | 4.4 CF 9 and later* | Medium | Linux kernel \n \n* Fix is included in the October 2015 security update.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not **vulnerable column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>).\n\nMitigation\n\nBIG-IP\n\nTo mitigate this vulnerability, allow only trusted admin users to have access to Advanced Shell (**bash**). Appliance mode does not expose this issue, as users are not allowed Advanced Shell (**bash**) access in this mode.\n\nTraffix SDC\n\nTo mitigate this vulnerability, you can upgrade with the Traffix package for October 2015 (4.4 CF 9) or later versions, which includes the kernel fix. For more information, refer to the F5 Traffix representative for your region.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n", "edition": 1, "modified": "2017-10-31T21:27:00", "published": "2016-01-29T22:05:00", "id": "F5:K95345942", "href": "https://support.f5.com/csp/article/K95345942", "title": "Linux kernel vulnerability CVE-2015-3339", "type": "f5", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:23:15", "bulletinFamily": "software", "cvelist": ["CVE-2014-8134"], "edition": 1, "description": "**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nRecommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n * SOL10322: FirePass hotfix matrix\n * SOL12766: ARX hotfix matrix\n * SOL3430: Installing FirePass hotfixes\n * SOL6664: Obtaining and installing OPSWAT hotfixes\n * SOL10942: Installing OPSWAT hotfixes on BIG-IP APM systems\n", "modified": "2015-08-13T00:00:00", "published": "2015-08-13T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/100/sol17120.html", "id": "SOL17120", "title": "SOL17120 - Linux kernel vulnerability CVE-2014-8134", "type": "f5", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-26T17:22:58", "bulletinFamily": "software", "cvelist": ["CVE-2014-9419"], "edition": 1, "description": "* Although the software of the affected F5 products contains the vulnerable code, the affected F5 products do not use the vulnerable code in a way that exposes the vulnerability in a standard configuration. An attacker must have local shell access to the affected F5 products to trigger an exploit.\n\nRecommended Action\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability for affected F5 products, you should only permit management access to F5 products over a secure network and limit shell access to only trusted users. For more information about securing access to BIG-IP/Enterprise Manager systems, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x - 12.x) and SOL13092: Overview of securing access to the BIG-IP system.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2015-11-06T00:00:00", "published": "2015-11-06T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/500/sol17551.html", "id": "SOL17551", "title": "SOL17551 - Linux kernel vulnerability CVE-2014-9419", "type": "f5", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-02T18:43:59", "bulletinFamily": "software", "cvelist": ["CVE-2014-9529"], "edition": 1, "description": "**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nRecommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability for affected F5 products, you should only permit management access over a secure network and limit shell access to trusted users. For more information about securing access to BIG-IP and Enterprise Manager systems, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x) and SOL13092: Overview of securing access to the BIG-IP system.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2015-09-08T00:00:00", "published": "2015-09-08T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/200/sol17239.html", "id": "SOL17239", "title": "SOL17239 - Linux kernel vulnerability CVE-2014-9529", "type": "f5", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-06T13:23:37", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates in kernel-uek.", "edition": 24, "published": "2015-08-04T00:00:00", "title": "OracleVM 3.3 : kernel-uek (OVMSA-2015-0109)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3215", "CVE-2015-2830", "CVE-2014-9529", "CVE-2015-1593", "CVE-2015-2922", "CVE-2015-3339", "CVE-2014-8989", "CVE-2015-1421", "CVE-2014-8159", "CVE-2015-0239", "CVE-2015-3636", "CVE-2015-2150", "CVE-2014-8171", "CVE-2014-9585"], "modified": "2015-08-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "x-cpe:/o:oracle:vm:3.3", "p-cpe:/a:oracle:vm:kernel-uek-firmware"], "id": "ORACLEVM_OVMSA-2015-0109.NASL", "href": "https://www.tenable.com/plugins/nessus/85188", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2015-0109.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85188);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-3215\", \"CVE-2014-8159\", \"CVE-2014-8171\", \"CVE-2014-8989\", \"CVE-2014-9529\", \"CVE-2014-9585\", \"CVE-2015-0239\", \"CVE-2015-1421\", \"CVE-2015-1593\", \"CVE-2015-2150\", \"CVE-2015-2830\", \"CVE-2015-2922\", \"CVE-2015-3339\", \"CVE-2015-3636\");\n script_bugtraq_id(67341, 71154, 71367, 71880, 71990, 72356, 72607, 72842, 73014, 73060, 73699, 74243, 74293, 74315, 74450);\n\n script_name(english:\"OracleVM 3.3 : kernel-uek (OVMSA-2015-0109)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates in kernel-uek.\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2015-August/000358.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6d706370\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:oracle:vm:3.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! ereg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-3.8.13-98.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-firmware-3.8.13-98.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:50:25", "description": "The remote Oracle Linux host is missing a security update for\nthe Unbreakable Enterprise kernel package(s).", "edition": 24, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-08-03T00:00:00", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3064)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3215", "CVE-2015-2830", "CVE-2014-9529", "CVE-2015-1593", "CVE-2015-2922", "CVE-2015-3339", "CVE-2014-8989", "CVE-2015-1421", "CVE-2014-8159", "CVE-2015-0239", "CVE-2015-3636", "CVE-2015-2150", "CVE-2014-8171", "CVE-2014-9585"], "modified": "2015-08-03T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-98.el7uek", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-98.el6uek", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:dtrace-modules-shared-headers", "p-cpe:/a:oracle:linux:dtrace-modules-provider-headers", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-debug"], "id": "ORACLELINUX_ELSA-2015-3064.NASL", "href": "https://www.tenable.com/plugins/nessus/85177", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from Oracle Linux\n# Security Advisory ELSA-2015-3064.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85177);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-3215\", \"CVE-2014-8159\", \"CVE-2014-8171\", \"CVE-2014-8989\", \"CVE-2014-9529\", \"CVE-2014-9585\", \"CVE-2015-0239\", \"CVE-2015-1421\", \"CVE-2015-1593\", \"CVE-2015-2150\", \"CVE-2015-2830\", \"CVE-2015-2922\", \"CVE-2015-3339\", \"CVE-2015-3636\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3064)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Oracle Linux host is missing a security update for\nthe Unbreakable Enterprise kernel package(s).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-July/005260.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-July/005261.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-98.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-98.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-provider-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-shared-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-3215\", \"CVE-2014-8159\", \"CVE-2014-8171\", \"CVE-2014-8989\", \"CVE-2014-9529\", \"CVE-2014-9585\", \"CVE-2015-0239\", \"CVE-2015-1421\", \"CVE-2015-1593\", \"CVE-2015-2150\", \"CVE-2015-2830\", \"CVE-2015-2922\", \"CVE-2015-3339\", \"CVE-2015-3636\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2015-3064\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"3.8\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"dtrace-modules-3.8.13-98.el6uek-0.4.5-2.el6\")) flag++;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"dtrace-modules-provider-headers-0.4.5-2.el6\")) flag++;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"dtrace-modules-shared-headers-0.4.5-2.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-3.8.13-98.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-3.8.13-98.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-3.8.13-98.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-devel-3.8.13-98.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-doc-3.8.13-98.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-3.8.13-98.el6uek\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"dtrace-modules-3.8.13-98.el7uek-0.4.5-3.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"dtrace-modules-provider-headers-0.4.5-3.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"dtrace-modules-shared-headers-0.4.5-3.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-3.8.13-98.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-3.8.13-98.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-devel-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-3.8.13-98.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-devel-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-devel-3.8.13-98.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-doc-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-doc-3.8.13-98.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-firmware-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-3.8.13-98.el7uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:28:27", "description": "The Linux kernel was updated to fix bugs and security issues :\n\nFollowing security issues were fixed: CVE-2015-2830: A flaw was found\nin the way the Linux kernels 32-bit emulation implementation handled\nforking or closing of a task with an int80 entry. A local user could\nhave potentially used this flaw to escalate their privileges on the\nsystem.\n\nCVE-2015-2042: A kernel information leak in rds sysctl files was\nfixed.\n\nCVE-2014-9683: Off-by-one error in the ecryptfs_decode_from_filename\nfunction in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the\nLinux kernel allowed local users to cause a denial of service (buffer\noverflow and system crash) or possibly gain privileges via a crafted\nfilename.\n\nCVE-2015-0275: A BUG_ON in ext4 was fixed which could be triggered by\nlocal users.\n\nCVE-2015-2666: A buffer overflow when loading microcode files into the\nkernel could be used by the administrator to execute code in the\nkernel, bypassing secure boot measures.\n\n - CVE-2015-1421: Use-after-free vulnerability in the\n sctp_assoc_update function in net/sctp/associola.c in\n the Linux kernel allowed remote attackers to cause a\n denial of service (slab corruption and panic) or\n possibly have unspecified other impact by triggering an\n INIT collision that leads to improper handling of\n shared-key data.\n\n - CVE-2015-2150: XSA-120: Guests were permitted to modify\n all bits of the PCI command register of passed through\n cards, which could lead to Host system crashes.\n\n - CVE-2015-0777: The XEN usb backend could leak\n information to the guest system due to copying\n uninitialized memory.\n\n - CVE-2015-1593: A integer overflow reduced the\n effectiveness of the stack randomization on 64-bit\n systems.\n\n - CVE-2014-9419: The __switch_to function in\n arch/x86/kernel/process_64.c in the Linux kernel did not\n ensure that Thread Local Storage (TLS) descriptors are\n loaded before proceeding with other steps, which made it\n easier for local users to bypass the ASLR protection\n mechanism via a crafted application that reads a TLS\n base address.\n\n - CVE-2014-9428: The batadv_frag_merge_packets function in\n net/batman-adv/fragmentation.c in the B.A.T.M.A.N.\n implementation in the Linux kernel used an incorrect\n length field during a calculation of an amount of\n memory, which allowed remote attackers to cause a denial\n of service (mesh-node system crash) via fragmented\n packets.\n\n - CVE-2014-8160:\n net/netfilter/nf_conntrack_proto_generic.c in the Linux\n kernel generated incorrect conntrack entries during\n handling of certain iptables rule sets for the SCTP,\n DCCP, GRE, and UDP-Lite protocols, which allowed remote\n attackers to bypass intended access restrictions via\n packets with disallowed port numbers.\n\n - CVE-2014-9529: Race condition in the key_gc_unused_keys\n function in security/keys/gc.c in the Linux kernel\n allowed local users to cause a denial of service (memory\n corruption or panic) or possibly have unspecified other\n impact via keyctl commands that trigger access to a key\n structure member during garbage collection of a key.\n\n - CVE-2014-9420: The rock_continue function in\n fs/isofs/rock.c in the Linux kernel did not restrict the\n number of Rock Ridge continuation entries, which allowed\n local users to cause a denial of service (infinite loop,\n and system crash or hang) via a crafted iso9660 image.\n\n - CVE-2014-9584: The parse_rock_ridge_inode_internal\n function in fs/isofs/rock.c in the Linux kernel did not\n validate a length value in the Extensions Reference (ER)\n System Use Field, which allowed local users to obtain\n sensitive information from kernel memory via a crafted\n iso9660 image.\n\n - CVE-2014-9585: The vdso_addr function in\n arch/x86/vdso/vma.c in the Linux kernel did not properly\n choose memory locations for the vDSO area, which made it\n easier for local users to bypass the ASLR protection\n mechanism by guessing a location at the end of a PMD.\n\n - CVE-2014-8559: The d_walk function in fs/dcache.c in the\n Linux kernel through did not properly maintain the\n semantics of rename_lock, which allowed local users to\n cause a denial of service (deadlock and system hang) via\n a crafted application.\n\n - CVE-2014-8134: The paravirt_ops_setup function in\n arch/x86/kernel/kvm.c in the Linux kernel used an\n improper paravirt_enabled setting for KVM guest kernels,\n which made it easier for guest OS users to bypass the\n ASLR protection mechanism via a crafted application that\n reads a 16-bit value.\n\nFollowing bugs were fixed :\n\n - powerpc/pci: Fix IO space breakage after\n of_pci_range_to_resource() change (bnc#922542).\n\n - cifs: fix use-after-free bug in find_writable_file\n (bnc#909477).\n\n - usb: Do not allow usb_alloc_streams on unconfigured\n devices (bsc#920581).\n\n - fuse: honour max_read and max_write in direct_io mode\n (bnc#918954).\n\n - switch iov_iter_get_pages() to passing maximal number of\n pages (bnc#918954).\n\n - bcache: fix a livelock in btree lock v2 (bnc#910440)\n (bnc#910440). Updated because another version went\n upstream\n\n - drm/i915: Initialise userptr mmu_notifier serial to 1\n (bnc#918970).\n\n - NFS: Don't try to reclaim delegation open state if\n recovery failed (boo#909634).\n\n - NFSv4: Ensure that we call FREE_STATEID when NFSv4.x\n stateids are revoked (boo#909634).\n\n - NFSv4: Fix races between nfs_remove_bad_delegation() and\n delegation return (boo#909634).\n\n - NFSv4: Ensure that we remove NFSv4.0 delegations when\n state has expired (boo#909634).\n\n - Fixing lease renewal (boo#909634).\n\n - bcache: Fix a bug when detaching (bsc#908582).\n\n - fix a leak in bch_cached_dev_run() (bnc#910440).\n\n - bcache: unregister reboot notifier when bcache fails to\n register a block device (bnc#910440).\n\n - bcache: fix a livelock in btree lock (bnc#910440).\n\n - bcache: [BUG] clear BCACHE_DEV_UNLINK_DONE flag when\n attaching a backing device (bnc#910440).\n\n - bcache: Add a cond_resched() call to gc (bnc#910440).\n\n - storvsc: ring buffer failures may result in I/O freeze\n (bnc#914175).\n\n - ALSA: seq-dummy: remove deadlock-causing events on close\n (boo#916608).\n\n - ALSA: pcm: Zero-clear reserved fields of PCM status\n ioctl in compat mode (boo#916608).\n\n - ALSA: bebob: Uninitialized id returned by\n saffirepro_both_clk_src_get (boo#916608).\n\n - ALSA: hda - Fix built-in mic on Compaq Presario CQ60\n (bnc#920604).\n\n - ALSA: hda - Fix regression of HD-audio controller\n fallback modes (bsc#921313).\n\n - [media] sound: Update au0828 quirks table (boo#916608).\n\n - [media] sound: simplify au0828 quirk table (boo#916608).\n\n - ALSA: usb-audio: Add mic volume fix quirk for Logitech\n Webcam C210 (boo#916608).\n\n - ALSA: usb-audio: extend KEF X300A FU 10 tweak to Arcam\n rPAC (boo#916608).\n\n - ALSA: usb-audio: Add ctrl message delay quirk for\n Marantz/Denon devices (boo#916608).\n\n - ALSA: usb-audio: Fix memory leak in FTU quirk\n (boo#916608).\n\n - ALSA: usb-audio: Fix device_del() sysfs warnings at\n disconnect (boo#916608).\n\n - ALSA: hda - Add new GPU codec ID 0x10de0072 to snd-hda\n (boo#916608).\n\n - ALSA: hda - Fix wrong gpio_dir & gpio_mask hint setups\n for IDT/STAC codecs (boo#916608).\n\n - ALSA: hda/realtek - New codec support for ALC298\n (boo#916608).\n\n - ALSA: hda/realtek - New codec support for ALC256\n (boo#916608).\n\n - ALSA: hda/realtek - Add new Dell desktop for ALC3234\n headset mode (boo#916608).\n\n - ALSA: hda - Add EAPD fixup for ASUS Z99He laptop\n (boo#916608).\n\n - ALSA: hda - Fix built-in mic at resume on Lenovo Ideapad\n S210 (boo#916608).\n\n - ALSA: hda/realtek - Add headset Mic support for new Dell\n machine (boo#916608).\n\n - ALSA: hda_intel: Add DeviceIDs for Sunrise Point-LP\n (boo#916608).\n\n - ALSA: hda_intel: Add Device IDs for Intel Sunrise Point\n PCH (boo#916608).\n\n - ALSA: hda - add codec ID for Braswell display audio\n codec (boo#916608).\n\n - ALSA: hda - add PCI IDs for Intel Braswell (boo#916608).\n\n - ALSA: hda - Add dock support for Thinkpad T440\n (17aa:2212) (boo#916608).\n\n - ALSA: hda - Set up GPIO for Toshiba Satellite S50D\n (bnc#915858).\n\n - rpm/kernel-binary.spec.in: Fix build if there is no\n *.crt file\n\n - mm, vmscan: prevent kswapd livelock due to\n pfmemalloc-throttled process being killed (VM\n Functionality bnc#910150).\n\n - Input: evdev - fix EVIOCG(type) ioctl (bnc#904899).\n\n - mnt: Implicitly add MNT_NODEV on remount when it was\n implicitly added by mount (bsc#907988).\n\n - Btrfs: fix scrub race leading to use-after-free\n (bnc#915456).\n\n - Btrfs: fix setup_leaf_for_split() to avoid leaf\n corruption (bnc#915454).\n\n - Btrfs: fix fsync log replay for inodes with a mix of\n regular refs and extrefs (bnc#915425).\n\n - Btrfs: fix fsync when extend references are added to an\n inode (bnc#915425).\n\n - Btrfs: fix directory inconsistency after fsync log\n replay (bnc#915425).\n\n - Btrfs: make xattr replace operations atomic\n (bnc#913466).\n\n - Btrfs: fix directory recovery from fsync log\n (bnc#895797).\n\n - Btrfs: simplify insert_orphan_item (boo#926385).\n\n - Btrfs: set proper message level for skinny metadata.\n\n - Btrfs: make sure we wait on logged extents when fsycning\n two subvols.\n\n - Btrfs: fix lost return value due to variable shadowing.\n\n - Btrfs: fix leak of path in btrfs_find_item.\n\n - Btrfs: fix fsync data loss after adding hard link to\n inode.\n\n - Btrfs: fix fs corruption on transaction abort if device\n supports discard.\n\n - Btrfs: fix data loss in the fast fsync path.\n\n - Btrfs: don't delay inode ref updates during log replay.\n\n - Btrfs: do not move em to modified list when unpinning.\n\n - Btrfs:__add_inode_ref: out of bounds memory read when\n looking for extended ref.\n\n - Btrfs: fix inode eviction infinite loop after cloning\n into it (boo#905088).\n\n - bcache: add mutex lock for bch_is_open (bnc#908612).\n\n - bcache: Correct printing of btree_gc_max_duration_ms\n (bnc#908610).\n\n - bcache: fix crash with incomplete cache set\n (bnc#908608).\n\n - bcache: fix memory corruption in init error path\n (bnc#908606).\n\n - bcache: Fix more early shutdown bugs (bnc#908605).\n\n - bcache: fix use-after-free in btree_gc_coalesce()\n (bnc#908604).\n\n - bcache: Fix an infinite loop in journal replay\n (bnc#908603).\n\n - bcache: fix typo in bch_bkey_equal_header (bnc#908598).\n\n - bcache: Make sure to pass GFP_WAIT to mempool_alloc()\n (bnc#908596).\n\n - bcache: fix crash on shutdown in passthrough mode\n (bnc#908594).\n\n - bcache: fix lockdep warnings on shutdown (bnc#908593).\n\n - bcache allocator: send discards with correct size\n (bnc#908592).\n\n - bcache: Fix to remove the rcu_sched stalls (bnc#908589).\n\n - bcache: Fix a journal replay bug (bnc#908588).\n\n - Update x86_64 config files: CONFIG_SENSORS_NCT6683=m The\n nct6683 driver is already enabled on i386 and history\n suggests that it not being enabled on x86_64 is by\n mistake.\n\n - rpm/kernel-binary.spec.in: Own the modules directory in\n the devel package (bnc#910322)\n\n - Revert 'iwlwifi: mvm: treat EAPOLs like mgmt frames wrt\n rate' (bnc#900811).\n\n - mm: free compound page with correct order (bnc#913695).\n\n - drm/i915: More cautious with pch fifo underruns\n (boo#907039).\n\n - Refresh patches.arch/arm64-0039-generic-pci.patch (fix\n PCI bridge support)\n\n - x86/microcode/intel: Fish out the stashed microcode for\n the BSP (bsc#903589).\n\n - x86, microcode: Reload microcode on resume (bsc#903589).\n\n - x86, microcode: Don't initialize microcode code on\n paravirt (bsc#903589).\n\n - x86, microcode, intel: Drop unused parameter\n (bsc#903589).\n\n - x86, microcode, AMD: Do not use smp_processor_id() in\n preemtible context (bsc#903589).\n\n - x86, microcode: Update BSPs microcode on resume\n (bsc#903589).\n\n - x86, microcode, AMD: Fix ucode patch stashing on 32-bit\n (bsc#903589).\n\n - x86, microcode: Fix accessing dis_ucode_ldr on 32-bit\n (bsc#903589).\n\n - x86, microcode, AMD: Fix early ucode loading on 32-bit\n (bsc#903589).\n\n - Bluetooth: Add support for Broadcom BCM20702A0 variants\n firmware download (bnc#911311).\n\n - drm/radeon: fix sad_count check for dce3 (bnc#911356).\n\n - drm/i915: Don't call intel_prepare_page_flip() multiple\n times on gen2-4 (bnc#911835).\n\n - udf: Check component length before reading it.\n\n - udf: Check path length when reading symlink.\n\n - udf: Verify symlink size before loading it.\n\n - udf: Verify i_size when loading inode.\n\n - arm64: Enable DRM\n\n - arm64: Enable generic PHB driver (bnc#912061).\n\n - ACPI / video: Add some Samsung models to\n disable_native_backlight list (boo#905681).\n\n - asus-nb-wmi: Add another wapf=4 quirk (boo#911438).\n\n - asus-nb-wmi: Add wapf4 quirk for the X550VB\n (boo#911438).\n\n - asus-nb-wmi: Add wapf4 quirk for the U32U (boo#911438).\n\n - asus-nb-wmi: Add wapf4 quirk for the X550CC\n (boo#911438).\n\n - asus-nb-wmi: Constify asus_quirks DMI table\n (boo#911438).\n\n - asus-nb-wmi: Add wapf4 quirk for the X550CL\n (boo#911438).\n\n - asus-nb-wmi.c: Rename x401u quirk to wapf4 (boo#911438).\n\n - asus-nb-wmi: Add ASUSTeK COMPUTER INC. X200CA\n (boo#911438).\n\n - WAPF 4 for ASUSTeK COMPUTER INC. X75VBP WLAN ON\n (boo#911438).\n\n - Input: synaptics - gate forcepad support by DMI check\n (bnc#911578).\n\n - ext4: introduce aging to extent status tree\n (bnc#893428).\n\n - ext4: cleanup flag definitions for extent status tree\n (bnc#893428).\n\n - ext4: limit number of scanned extents in status tree\n shrinker (bnc#893428).\n\n - ext4: move handling of list of shrinkable inodes into\n extent status code (bnc#893428).\n\n - ext4: change LRU to round-robin in extent status tree\n shrinker (bnc#893428).\n\n - ext4: cache extent hole in extent status tree for\n ext4_da_map_blocks() (bnc#893428).\n\n - ext4: fix block reservation for bigalloc filesystems\n (bnc#893428).\n\n - ext4: track extent status tree shrinker delay statictics\n (bnc#893428).\n\n - ext4: improve extents status tree trace point\n (bnc#893428).\n\n - rpm/kernel-binary.spec.in: Provide name-version-release\n for kgraft packages (bnc#901925)\n\n - rpm/kernel-binary.spec.in: Fix including the secure boot\n cert in /etc/uefi/certs\n\n - doc/README.SUSE: update Solid Driver team contacts\n\n - rpm/kernel-binary.spec.in: Do not sign firmware files\n (bnc#867199)\n\n - Port module signing changes from SLE11-SP3 (fate#314508)\n\n - doc/README.PATCH-POLICY.SUSE: add patch policy / best\n practices document after installation.\n\n - Update config files. (boo#925479) Do not set\n CONFIG_SYSTEM_TRUSTED_KEYRING until we need it in future\n openSUSE version: e.g. MODULE_SIG, IMA, PKCS7(new),\n KEXEC_BZIMAGE_VERIFY_SIG(new)\n\n - Input: xpad - use proper endpoint type (bnc#926397).\n\n - md: don't require sync_min to be a multiple of\n chunk_size (bnc#910500).", "edition": 19, "published": "2015-04-14T00:00:00", "title": "openSUSE Security Update : Linux Kernel (openSUSE-2015-302)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2830", "CVE-2014-9529", "CVE-2014-8134", "CVE-2014-9420", "CVE-2015-1593", "CVE-2014-8160", "CVE-2015-1421", "CVE-2014-8559", "CVE-2015-0777", "CVE-2014-9584", "CVE-2015-0275", "CVE-2014-9683", "CVE-2015-2150", "CVE-2014-9428", "CVE-2014-9419", "CVE-2014-9585", "CVE-2015-2042", "CVE-2015-2666"], "modified": "2015-04-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:hdjmod-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:xen-doc-html", "p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:hdjmod-kmp-default", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-pae", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools", "p-cpe:/a:novell:opensuse:crash-eppic", "p-cpe:/a:novell:opensuse:kernel-pae-debuginfo", "p-cpe:/a:novell:opensuse:bbswitch-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-debugsource", "p-cpe:/a:novell:opensuse:pcfclock-debuginfo", "p-cpe:/a:novell:opensuse:xen-devel", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:bbswitch-kmp-default", "p-cpe:/a:novell:opensuse:vhba-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:bbswitch-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:ipset-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-debugsource", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop", "p-cpe:/a:novell:opensuse:virtualbox-qt", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:hdjmod-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debugsource", "p-cpe:/a:novell:opensuse:cloop-kmp-xen", "p-cpe:/a:novell:opensuse:kernel-obs-qa-xen", "p-cpe:/a:novell:opensuse:virtualbox-debugsource", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-default", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "p-cpe:/a:novell:opensuse:xen-kmp-desktop", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:python-virtualbox", "p-cpe:/a:novell:opensuse:pcfclock-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo", "p-cpe:/a:novell:opensuse:ipset-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo", "p-cpe:/a:novell:opensuse:libipset3-debuginfo", "p-cpe:/a:novell:opensuse:bbswitch-kmp-xen", "p-cpe:/a:novell:opensuse:vhba-kmp-desktop", "p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo", "p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-xen", "p-cpe:/a:novell:opensuse:crash-gcore-debuginfo", "p-cpe:/a:novell:opensuse:crash-eppic-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae", "p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop", "p-cpe:/a:novell:opensuse:crash-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-desktop", "p-cpe:/a:novell:opensuse:cloop-debugsource", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-pae", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo", "p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-base", "p-cpe:/a:novell:opensuse:pcfclock-debugsource", "p-cpe:/a:novell:opensuse:pcfclock-kmp-pae", "p-cpe:/a:novell:opensuse:bbswitch-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:bbswitch-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:vhba-kmp-xen", "p-cpe:/a:novell:opensuse:vhba-kmp-pae", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:xtables-addons", "p-cpe:/a:novell:opensuse:crash-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debugsource", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:crash-debugsource", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:ipset-devel", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:cloop-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-xen", "p-cpe:/a:novell:opensuse:cloop-kmp-pae", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:cloop-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-kmp-default", "p-cpe:/a:novell:opensuse:crash-devel", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-32bit", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:ipset-kmp-default", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-xen-debugsource", "p-cpe:/a:novell:opensuse:pcfclock-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:crash-kmp-desktop", "p-cpe:/a:novell:opensuse:crash-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:bbswitch-kmp-desktop", "p-cpe:/a:novell:opensuse:bbswitch-kmp-pae", "p-cpe:/a:novell:opensuse:hdjmod-kmp-pae", "p-cpe:/a:novell:opensuse:xen-debugsource", "p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop", "p-cpe:/a:novell:opensuse:crash-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:virtualbox-websrv", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:cloop-kmp-default", "p-cpe:/a:novell:opensuse:pcfclock", "p-cpe:/a:novell:opensuse:libipset3", "p-cpe:/a:novell:opensuse:crash", "p-cpe:/a:novell:opensuse:kernel-desktop-devel", "p-cpe:/a:novell:opensuse:xen-tools", "p-cpe:/a:novell:opensuse:cloop", "p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop", "p-cpe:/a:novell:opensuse:bbswitch", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae", "p-cpe:/a:novell:opensuse:kernel-xen-debuginfo", "p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-desktop", "p-cpe:/a:novell:opensuse:ipset-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop", "p-cpe:/a:novell:opensuse:vhba-kmp-default", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:xen-tools-domU", "p-cpe:/a:novell:opensuse:kernel-desktop", "p-cpe:/a:novell:opensuse:xen-kmp-default", "p-cpe:/a:novell:opensuse:hdjmod-kmp-xen", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae", "p-cpe:/a:novell:opensuse:hdjmod-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:xtables-addons-debuginfo", "p-cpe:/a:novell:opensuse:ipset-debugsource", "p-cpe:/a:novell:opensuse:crash-gcore", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-devel", "p-cpe:/a:novell:opensuse:bbswitch-debugsource", "p-cpe:/a:novell:opensuse:virtualbox", "p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:ipset", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-debugsource", "p-cpe:/a:novell:opensuse:crash-kmp-default", "p-cpe:/a:novell:opensuse:kernel-desktop-debugsource"], "id": "OPENSUSE-2015-302.NASL", "href": "https://www.tenable.com/plugins/nessus/82756", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-302.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82756);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-8134\", \"CVE-2014-8160\", \"CVE-2014-8559\", \"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9428\", \"CVE-2014-9529\", \"CVE-2014-9584\", \"CVE-2014-9585\", \"CVE-2014-9683\", \"CVE-2015-0275\", \"CVE-2015-0777\", \"CVE-2015-1421\", \"CVE-2015-1593\", \"CVE-2015-2042\", \"CVE-2015-2150\", \"CVE-2015-2666\", \"CVE-2015-2830\");\n\n script_name(english:\"openSUSE Security Update : Linux Kernel (openSUSE-2015-302)\");\n script_summary(english:\"Check for the openSUSE-2015-302 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Linux kernel was updated to fix bugs and security issues :\n\nFollowing security issues were fixed: CVE-2015-2830: A flaw was found\nin the way the Linux kernels 32-bit emulation implementation handled\nforking or closing of a task with an int80 entry. A local user could\nhave potentially used this flaw to escalate their privileges on the\nsystem.\n\nCVE-2015-2042: A kernel information leak in rds sysctl files was\nfixed.\n\nCVE-2014-9683: Off-by-one error in the ecryptfs_decode_from_filename\nfunction in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the\nLinux kernel allowed local users to cause a denial of service (buffer\noverflow and system crash) or possibly gain privileges via a crafted\nfilename.\n\nCVE-2015-0275: A BUG_ON in ext4 was fixed which could be triggered by\nlocal users.\n\nCVE-2015-2666: A buffer overflow when loading microcode files into the\nkernel could be used by the administrator to execute code in the\nkernel, bypassing secure boot measures.\n\n - CVE-2015-1421: Use-after-free vulnerability in the\n sctp_assoc_update function in net/sctp/associola.c in\n the Linux kernel allowed remote attackers to cause a\n denial of service (slab corruption and panic) or\n possibly have unspecified other impact by triggering an\n INIT collision that leads to improper handling of\n shared-key data.\n\n - CVE-2015-2150: XSA-120: Guests were permitted to modify\n all bits of the PCI command register of passed through\n cards, which could lead to Host system crashes.\n\n - CVE-2015-0777: The XEN usb backend could leak\n information to the guest system due to copying\n uninitialized memory.\n\n - CVE-2015-1593: A integer overflow reduced the\n effectiveness of the stack randomization on 64-bit\n systems.\n\n - CVE-2014-9419: The __switch_to function in\n arch/x86/kernel/process_64.c in the Linux kernel did not\n ensure that Thread Local Storage (TLS) descriptors are\n loaded before proceeding with other steps, which made it\n easier for local users to bypass the ASLR protection\n mechanism via a crafted application that reads a TLS\n base address.\n\n - CVE-2014-9428: The batadv_frag_merge_packets function in\n net/batman-adv/fragmentation.c in the B.A.T.M.A.N.\n implementation in the Linux kernel used an incorrect\n length field during a calculation of an amount of\n memory, which allowed remote attackers to cause a denial\n of service (mesh-node system crash) via fragmented\n packets.\n\n - CVE-2014-8160:\n net/netfilter/nf_conntrack_proto_generic.c in the Linux\n kernel generated incorrect conntrack entries during\n handling of certain iptables rule sets for the SCTP,\n DCCP, GRE, and UDP-Lite protocols, which allowed remote\n attackers to bypass intended access restrictions via\n packets with disallowed port numbers.\n\n - CVE-2014-9529: Race condition in the key_gc_unused_keys\n function in security/keys/gc.c in the Linux kernel\n allowed local users to cause a denial of service (memory\n corruption or panic) or possibly have unspecified other\n impact via keyctl commands that trigger access to a key\n structure member during garbage collection of a key.\n\n - CVE-2014-9420: The rock_continue function in\n fs/isofs/rock.c in the Linux kernel did not restrict the\n number of Rock Ridge continuation entries, which allowed\n local users to cause a denial of service (infinite loop,\n and system crash or hang) via a crafted iso9660 image.\n\n - CVE-2014-9584: The parse_rock_ridge_inode_internal\n function in fs/isofs/rock.c in the Linux kernel did not\n validate a length value in the Extensions Reference (ER)\n System Use Field, which allowed local users to obtain\n sensitive information from kernel memory via a crafted\n iso9660 image.\n\n - CVE-2014-9585: The vdso_addr function in\n arch/x86/vdso/vma.c in the Linux kernel did not properly\n choose memory locations for the vDSO area, which made it\n easier for local users to bypass the ASLR protection\n mechanism by guessing a location at the end of a PMD.\n\n - CVE-2014-8559: The d_walk function in fs/dcache.c in the\n Linux kernel through did not properly maintain the\n semantics of rename_lock, which allowed local users to\n cause a denial of service (deadlock and system hang) via\n a crafted application.\n\n - CVE-2014-8134: The paravirt_ops_setup function in\n arch/x86/kernel/kvm.c in the Linux kernel used an\n improper paravirt_enabled setting for KVM guest kernels,\n which made it easier for guest OS users to bypass the\n ASLR protection mechanism via a crafted application that\n reads a 16-bit value.\n\nFollowing bugs were fixed :\n\n - powerpc/pci: Fix IO space breakage after\n of_pci_range_to_resource() change (bnc#922542).\n\n - cifs: fix use-after-free bug in find_writable_file\n (bnc#909477).\n\n - usb: Do not allow usb_alloc_streams on unconfigured\n devices (bsc#920581).\n\n - fuse: honour max_read and max_write in direct_io mode\n (bnc#918954).\n\n - switch iov_iter_get_pages() to passing maximal number of\n pages (bnc#918954).\n\n - bcache: fix a livelock in btree lock v2 (bnc#910440)\n (bnc#910440). Updated because another version went\n upstream\n\n - drm/i915: Initialise userptr mmu_notifier serial to 1\n (bnc#918970).\n\n - NFS: Don't try to reclaim delegation open state if\n recovery failed (boo#909634).\n\n - NFSv4: Ensure that we call FREE_STATEID when NFSv4.x\n stateids are revoked (boo#909634).\n\n - NFSv4: Fix races between nfs_remove_bad_delegation() and\n delegation return (boo#909634).\n\n - NFSv4: Ensure that we remove NFSv4.0 delegations when\n state has expired (boo#909634).\n\n - Fixing lease renewal (boo#909634).\n\n - bcache: Fix a bug when detaching (bsc#908582).\n\n - fix a leak in bch_cached_dev_run() (bnc#910440).\n\n - bcache: unregister reboot notifier when bcache fails to\n register a block device (bnc#910440).\n\n - bcache: fix a livelock in btree lock (bnc#910440).\n\n - bcache: [BUG] clear BCACHE_DEV_UNLINK_DONE flag when\n attaching a backing device (bnc#910440).\n\n - bcache: Add a cond_resched() call to gc (bnc#910440).\n\n - storvsc: ring buffer failures may result in I/O freeze\n (bnc#914175).\n\n - ALSA: seq-dummy: remove deadlock-causing events on close\n (boo#916608).\n\n - ALSA: pcm: Zero-clear reserved fields of PCM status\n ioctl in compat mode (boo#916608).\n\n - ALSA: bebob: Uninitialized id returned by\n saffirepro_both_clk_src_get (boo#916608).\n\n - ALSA: hda - Fix built-in mic on Compaq Presario CQ60\n (bnc#920604).\n\n - ALSA: hda - Fix regression of HD-audio controller\n fallback modes (bsc#921313).\n\n - [media] sound: Update au0828 quirks table (boo#916608).\n\n - [media] sound: simplify au0828 quirk table (boo#916608).\n\n - ALSA: usb-audio: Add mic volume fix quirk for Logitech\n Webcam C210 (boo#916608).\n\n - ALSA: usb-audio: extend KEF X300A FU 10 tweak to Arcam\n rPAC (boo#916608).\n\n - ALSA: usb-audio: Add ctrl message delay quirk for\n Marantz/Denon devices (boo#916608).\n\n - ALSA: usb-audio: Fix memory leak in FTU quirk\n (boo#916608).\n\n - ALSA: usb-audio: Fix device_del() sysfs warnings at\n disconnect (boo#916608).\n\n - ALSA: hda - Add new GPU codec ID 0x10de0072 to snd-hda\n (boo#916608).\n\n - ALSA: hda - Fix wrong gpio_dir & gpio_mask hint setups\n for IDT/STAC codecs (boo#916608).\n\n - ALSA: hda/realtek - New codec support for ALC298\n (boo#916608).\n\n - ALSA: hda/realtek - New codec support for ALC256\n (boo#916608).\n\n - ALSA: hda/realtek - Add new Dell desktop for ALC3234\n headset mode (boo#916608).\n\n - ALSA: hda - Add EAPD fixup for ASUS Z99He laptop\n (boo#916608).\n\n - ALSA: hda - Fix built-in mic at resume on Lenovo Ideapad\n S210 (boo#916608).\n\n - ALSA: hda/realtek - Add headset Mic support for new Dell\n machine (boo#916608).\n\n - ALSA: hda_intel: Add DeviceIDs for Sunrise Point-LP\n (boo#916608).\n\n - ALSA: hda_intel: Add Device IDs for Intel Sunrise Point\n PCH (boo#916608).\n\n - ALSA: hda - add codec ID for Braswell display audio\n codec (boo#916608).\n\n - ALSA: hda - add PCI IDs for Intel Braswell (boo#916608).\n\n - ALSA: hda - Add dock support for Thinkpad T440\n (17aa:2212) (boo#916608).\n\n - ALSA: hda - Set up GPIO for Toshiba Satellite S50D\n (bnc#915858).\n\n - rpm/kernel-binary.spec.in: Fix build if there is no\n *.crt file\n\n - mm, vmscan: prevent kswapd livelock due to\n pfmemalloc-throttled process being killed (VM\n Functionality bnc#910150).\n\n - Input: evdev - fix EVIOCG(type) ioctl (bnc#904899).\n\n - mnt: Implicitly add MNT_NODEV on remount when it was\n implicitly added by mount (bsc#907988).\n\n - Btrfs: fix scrub race leading to use-after-free\n (bnc#915456).\n\n - Btrfs: fix setup_leaf_for_split() to avoid leaf\n corruption (bnc#915454).\n\n - Btrfs: fix fsync log replay for inodes with a mix of\n regular refs and extrefs (bnc#915425).\n\n - Btrfs: fix fsync when extend references are added to an\n inode (bnc#915425).\n\n - Btrfs: fix directory inconsistency after fsync log\n replay (bnc#915425).\n\n - Btrfs: make xattr replace operations atomic\n (bnc#913466).\n\n - Btrfs: fix directory recovery from fsync log\n (bnc#895797).\n\n - Btrfs: simplify insert_orphan_item (boo#926385).\n\n - Btrfs: set proper message level for skinny metadata.\n\n - Btrfs: make sure we wait on logged extents when fsycning\n two subvols.\n\n - Btrfs: fix lost return value due to variable shadowing.\n\n - Btrfs: fix leak of path in btrfs_find_item.\n\n - Btrfs: fix fsync data loss after adding hard link to\n inode.\n\n - Btrfs: fix fs corruption on transaction abort if device\n supports discard.\n\n - Btrfs: fix data loss in the fast fsync path.\n\n - Btrfs: don't delay inode ref updates during log replay.\n\n - Btrfs: do not move em to modified list when unpinning.\n\n - Btrfs:__add_inode_ref: out of bounds memory read when\n looking for extended ref.\n\n - Btrfs: fix inode eviction infinite loop after cloning\n into it (boo#905088).\n\n - bcache: add mutex lock for bch_is_open (bnc#908612).\n\n - bcache: Correct printing of btree_gc_max_duration_ms\n (bnc#908610).\n\n - bcache: fix crash with incomplete cache set\n (bnc#908608).\n\n - bcache: fix memory corruption in init error path\n (bnc#908606).\n\n - bcache: Fix more early shutdown bugs (bnc#908605).\n\n - bcache: fix use-after-free in btree_gc_coalesce()\n (bnc#908604).\n\n - bcache: Fix an infinite loop in journal replay\n (bnc#908603).\n\n - bcache: fix typo in bch_bkey_equal_header (bnc#908598).\n\n - bcache: Make sure to pass GFP_WAIT to mempool_alloc()\n (bnc#908596).\n\n - bcache: fix crash on shutdown in passthrough mode\n (bnc#908594).\n\n - bcache: fix lockdep warnings on shutdown (bnc#908593).\n\n - bcache allocator: send discards with correct size\n (bnc#908592).\n\n - bcache: Fix to remove the rcu_sched stalls (bnc#908589).\n\n - bcache: Fix a journal replay bug (bnc#908588).\n\n - Update x86_64 config files: CONFIG_SENSORS_NCT6683=m The\n nct6683 driver is already enabled on i386 and history\n suggests that it not being enabled on x86_64 is by\n mistake.\n\n - rpm/kernel-binary.spec.in: Own the modules directory in\n the devel package (bnc#910322)\n\n - Revert 'iwlwifi: mvm: treat EAPOLs like mgmt frames wrt\n rate' (bnc#900811).\n\n - mm: free compound page with correct order (bnc#913695).\n\n - drm/i915: More cautious with pch fifo underruns\n (boo#907039).\n\n - Refresh patches.arch/arm64-0039-generic-pci.patch (fix\n PCI bridge support)\n\n - x86/microcode/intel: Fish out the stashed microcode for\n the BSP (bsc#903589).\n\n - x86, microcode: Reload microcode on resume (bsc#903589).\n\n - x86, microcode: Don't initialize microcode code on\n paravirt (bsc#903589).\n\n - x86, microcode, intel: Drop unused parameter\n (bsc#903589).\n\n - x86, microcode, AMD: Do not use smp_processor_id() in\n preemtible context (bsc#903589).\n\n - x86, microcode: Update BSPs microcode on resume\n (bsc#903589).\n\n - x86, microcode, AMD: Fix ucode patch stashing on 32-bit\n (bsc#903589).\n\n - x86, microcode: Fix accessing dis_ucode_ldr on 32-bit\n (bsc#903589).\n\n - x86, microcode, AMD: Fix early ucode loading on 32-bit\n (bsc#903589).\n\n - Bluetooth: Add support for Broadcom BCM20702A0 variants\n firmware download (bnc#911311).\n\n - drm/radeon: fix sad_count check for dce3 (bnc#911356).\n\n - drm/i915: Don't call intel_prepare_page_flip() multiple\n times on gen2-4 (bnc#911835).\n\n - udf: Check component length before reading it.\n\n - udf: Check path length when reading symlink.\n\n - udf: Verify symlink size before loading it.\n\n - udf: Verify i_size when loading inode.\n\n - arm64: Enable DRM\n\n - arm64: Enable generic PHB driver (bnc#912061).\n\n - ACPI / video: Add some Samsung models to\n disable_native_backlight list (boo#905681).\n\n - asus-nb-wmi: Add another wapf=4 quirk (boo#911438).\n\n - asus-nb-wmi: Add wapf4 quirk for the X550VB\n (boo#911438).\n\n - asus-nb-wmi: Add wapf4 quirk for the U32U (boo#911438).\n\n - asus-nb-wmi: Add wapf4 quirk for the X550CC\n (boo#911438).\n\n - asus-nb-wmi: Constify asus_quirks DMI table\n (boo#911438).\n\n - asus-nb-wmi: Add wapf4 quirk for the X550CL\n (boo#911438).\n\n - asus-nb-wmi.c: Rename x401u quirk to wapf4 (boo#911438).\n\n - asus-nb-wmi: Add ASUSTeK COMPUTER INC. X200CA\n (boo#911438).\n\n - WAPF 4 for ASUSTeK COMPUTER INC. X75VBP WLAN ON\n (boo#911438).\n\n - Input: synaptics - gate forcepad support by DMI check\n (bnc#911578).\n\n - ext4: introduce aging to extent status tree\n (bnc#893428).\n\n - ext4: cleanup flag definitions for extent status tree\n (bnc#893428).\n\n - ext4: limit number of scanned extents in status tree\n shrinker (bnc#893428).\n\n - ext4: move handling of list of shrinkable inodes into\n extent status code (bnc#893428).\n\n - ext4: change LRU to round-robin in extent status tree\n shrinker (bnc#893428).\n\n - ext4: cache extent hole in extent status tree for\n ext4_da_map_blocks() (bnc#893428).\n\n - ext4: fix block reservation for bigalloc filesystems\n (bnc#893428).\n\n - ext4: track extent status tree shrinker delay statictics\n (bnc#893428).\n\n - ext4: improve extents status tree trace point\n (bnc#893428).\n\n - rpm/kernel-binary.spec.in: Provide name-version-release\n for kgraft packages (bnc#901925)\n\n - rpm/kernel-binary.spec.in: Fix including the secure boot\n cert in /etc/uefi/certs\n\n - doc/README.SUSE: update Solid Driver team contacts\n\n - rpm/kernel-binary.spec.in: Do not sign firmware files\n (bnc#867199)\n\n - Port module signing changes from SLE11-SP3 (fate#314508)\n\n - doc/README.PATCH-POLICY.SUSE: add patch policy / best\n practices document after installation.\n\n - Update config files. (boo#925479) Do not set\n CONFIG_SYSTEM_TRUSTED_KEYRING until we need it in future\n openSUSE version: e.g. MODULE_SIG, IMA, PKCS7(new),\n KEXEC_BZIMAGE_VERIFY_SIG(new)\n\n - Input: xpad - use proper endpoint type (bnc#926397).\n\n - md: don't require sync_min to be a multiple of\n chunk_size (bnc#910500).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=867199\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=893428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=895797\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=900811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=901925\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=903589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=903640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=904899\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=905088\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=905681\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=907039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=907818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=907988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=908582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=908588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=908589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=908592\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=908593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=908594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=908596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=908598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=908603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=908604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=908605\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=908606\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=908608\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=908610\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=908612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=909077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=909078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=909477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=909634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=910150\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=910322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=910440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=910500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=911311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=911325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=911326\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=911356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=911438\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=911578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=911835\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=912061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=912202\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=912429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=912705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=913059\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=913466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=913695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=914175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=915425\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=915454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=915456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=915577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=915858\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=916608\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=917830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=917839\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=918333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=918954\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=918970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=919018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=919032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=919463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=920581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=920604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=921313\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=922542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=922944\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=925479\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=926240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=926385\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=926397\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=927018\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-eppic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-eppic-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-gcore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-gcore-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libipset3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libipset3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-0.8-3.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-debugsource-0.8-3.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-default-0.8_k3.16.7_21-3.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-default-debuginfo-0.8_k3.16.7_21-3.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-desktop-0.8_k3.16.7_21-3.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-desktop-debuginfo-0.8_k3.16.7_21-3.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-pae-0.8_k3.16.7_21-3.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-pae-debuginfo-0.8_k3.16.7_21-3.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-xen-0.8_k3.16.7_21-3.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-xen-debuginfo-0.8_k3.16.7_21-3.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-2.639-14.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-debuginfo-2.639-14.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-debugsource-2.639-14.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-default-2.639_k3.16.7_21-14.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-default-debuginfo-2.639_k3.16.7_21-14.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-desktop-2.639_k3.16.7_21-14.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-desktop-debuginfo-2.639_k3.16.7_21-14.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-pae-2.639_k3.16.7_21-14.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-pae-debuginfo-2.639_k3.16.7_21-14.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-xen-2.639_k3.16.7_21-14.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-xen-debuginfo-2.639_k3.16.7_21-14.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-7.0.8-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-debuginfo-7.0.8-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-debugsource-7.0.8-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-devel-7.0.8-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-eppic-7.0.8-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-eppic-debuginfo-7.0.8-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-gcore-7.0.8-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-gcore-debuginfo-7.0.8-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-default-7.0.8_k3.16.7_21-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-default-debuginfo-7.0.8_k3.16.7_21-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-desktop-7.0.8_k3.16.7_21-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-desktop-debuginfo-7.0.8_k3.16.7_21-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-pae-7.0.8_k3.16.7_21-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-pae-debuginfo-7.0.8_k3.16.7_21-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-xen-7.0.8_k3.16.7_21-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-xen-debuginfo-7.0.8_k3.16.7_21-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-debugsource-1.28-18.10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-default-1.28_k3.16.7_21-18.10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-default-debuginfo-1.28_k3.16.7_21-18.10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-desktop-1.28_k3.16.7_21-18.10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-desktop-debuginfo-1.28_k3.16.7_21-18.10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-pae-1.28_k3.16.7_21-18.10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-pae-debuginfo-1.28_k3.16.7_21-18.10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-xen-1.28_k3.16.7_21-18.10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-xen-debuginfo-1.28_k3.16.7_21-18.10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-6.23-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-debuginfo-6.23-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-debugsource-6.23-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-devel-6.23-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-default-6.23_k3.16.7_21-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-default-debuginfo-6.23_k3.16.7_21-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-desktop-6.23_k3.16.7_21-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-desktop-debuginfo-6.23_k3.16.7_21-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-pae-6.23_k3.16.7_21-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-pae-debuginfo-6.23_k3.16.7_21-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-xen-6.23_k3.16.7_21-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-xen-debuginfo-6.23_k3.16.7_21-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-default-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-default-base-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-default-base-debuginfo-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-default-debuginfo-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-default-debugsource-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-default-devel-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-devel-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-macros-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-obs-build-3.16.7-21.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-obs-build-debugsource-3.16.7-21.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-obs-qa-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-obs-qa-xen-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-source-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-source-vanilla-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-syms-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libipset3-6.23-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libipset3-debuginfo-6.23-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-0.44-260.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-debuginfo-0.44-260.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-debugsource-0.44-260.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-kmp-default-0.44_k3.16.7_21-260.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-kmp-default-debuginfo-0.44_k3.16.7_21-260.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-kmp-desktop-0.44_k3.16.7_21-260.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-kmp-desktop-debuginfo-0.44_k3.16.7_21-260.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-kmp-pae-0.44_k3.16.7_21-260.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-kmp-pae-debuginfo-0.44_k3.16.7_21-260.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"python-virtualbox-4.3.20-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"python-virtualbox-debuginfo-4.3.20-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-debugsource-20140629-2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-default-20140629_k3.16.7_21-2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-default-debuginfo-20140629_k3.16.7_21-2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-desktop-20140629_k3.16.7_21-2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-desktop-debuginfo-20140629_k3.16.7_21-2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-pae-20140629_k3.16.7_21-2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-pae-debuginfo-20140629_k3.16.7_21-2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-xen-20140629_k3.16.7_21-2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-xen-debuginfo-20140629_k3.16.7_21-2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-4.3.20-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-debuginfo-4.3.20-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-debugsource-4.3.20-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-devel-4.3.20-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-desktop-icons-4.3.20-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-kmp-default-4.3.20_k3.16.7_21-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-kmp-default-debuginfo-4.3.20_k3.16.7_21-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-kmp-desktop-4.3.20_k3.16.7_21-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-kmp-desktop-debuginfo-4.3.20_k3.16.7_21-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-kmp-pae-4.3.20_k3.16.7_21-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-kmp-pae-debuginfo-4.3.20_k3.16.7_21-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-tools-4.3.20-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-tools-debuginfo-4.3.20-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-x11-4.3.20-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-x11-debuginfo-4.3.20-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-host-kmp-default-4.3.20_k3.16.7_21-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-host-kmp-default-debuginfo-4.3.20_k3.16.7_21-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-host-kmp-desktop-4.3.20_k3.16.7_21-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-host-kmp-desktop-debuginfo-4.3.20_k3.16.7_21-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-host-kmp-pae-4.3.20_k3.16.7_21-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-host-kmp-pae-debuginfo-4.3.20_k3.16.7_21-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-qt-4.3.20-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-qt-debuginfo-4.3.20-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-websrv-4.3.20-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-websrv-debuginfo-4.3.20-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xen-debugsource-4.4.1_08-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xen-devel-4.4.1_08-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xen-libs-4.4.1_08-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xen-libs-debuginfo-4.4.1_08-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xen-tools-domU-4.4.1_08-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xen-tools-domU-debuginfo-4.4.1_08-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-2.6-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-debuginfo-2.6-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-debugsource-2.6-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-default-2.6_k3.16.7_21-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-default-debuginfo-2.6_k3.16.7_21-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-desktop-2.6_k3.16.7_21-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-desktop-debuginfo-2.6_k3.16.7_21-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-pae-2.6_k3.16.7_21-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-pae-debuginfo-2.6_k3.16.7_21-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-xen-2.6_k3.16.7_21-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-xen-debuginfo-2.6_k3.16.7_21-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-base-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-base-debuginfo-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-debugsource-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-devel-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-devel-debuginfo-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-desktop-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-desktop-base-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-desktop-base-debuginfo-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-desktop-debuginfo-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-desktop-debugsource-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-desktop-devel-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-ec2-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-ec2-base-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-ec2-base-debuginfo-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-ec2-debuginfo-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-ec2-debugsource-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-ec2-devel-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-pae-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-pae-base-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-pae-base-debuginfo-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-pae-debuginfo-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-pae-debugsource-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-pae-devel-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-vanilla-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-vanilla-debuginfo-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-vanilla-debugsource-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-vanilla-devel-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-xen-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-xen-base-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-xen-base-debuginfo-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-xen-debuginfo-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-xen-debugsource-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-xen-devel-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-base-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-desktop-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-desktop-base-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-desktop-base-debuginfo-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-desktop-debuginfo-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-desktop-debugsource-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-desktop-devel-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-ec2-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-ec2-base-debuginfo-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-ec2-debuginfo-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-ec2-debugsource-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-pae-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-pae-base-debuginfo-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-pae-debuginfo-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-pae-debugsource-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-vanilla-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-vanilla-debuginfo-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-vanilla-debugsource-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-xen-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.16.7-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-4.4.1_08-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-doc-html-4.4.1_08-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-kmp-default-4.4.1_08_k3.16.7_21-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-kmp-default-debuginfo-4.4.1_08_k3.16.7_21-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-kmp-desktop-4.4.1_08_k3.16.7_21-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-kmp-desktop-debuginfo-4.4.1_08_k3.16.7_21-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.4.1_08-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.4.1_08-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-tools-4.4.1_08-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.4.1_08-15.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bbswitch / bbswitch-debugsource / bbswitch-kmp-default / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:28:27", "description": "A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation\nof the SYSTENTER instruction when the guest OS does not initialize the\nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a\ndenial of service of the guest OS (crash) or potentially gain\nprivileges on the guest OS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's\nThread Local Storage (TLS) implementation allowing users to bypass the\nespfix to obtain information that could be used to bypass the Address\nSpace Layout Randomization (ASLR) protection mechanism. A local user\ncould exploit this flaw to obtain potentially sensitive information\nfrom kernel memory. (CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules\nare specified and the conntrack protocol handler module is not loaded\ninto the Linux kernel. This flaw can cause the firewall rules on the\nsystem to be bypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local\nuser could exploit this flaw to cause a denial of service (deadlock\nand system hang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are\nhandled in certain namespace scenarios. A local user could exploit\nthis flaw to bypass file permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by\nthe task switching function in the Linux kernel for x86_64 based\nmachines. A local user could exploit this flaw to bypass the Address\nSpace Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the\nLinux kernel's ISO 9660 CDROM file system. A local user could exploit\nthis flaw to cause a denial of service (system crash or hang).\n(CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N.\nAdvanced Meshing Protocol in the Linux kernel. A remote attacker could\nexploit this flaw to cause a denial of service (mesh-node system\ncrash) via fragmented packets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A\nlocal user could cause a denial of service (memory corruption or\npanic) or possibly have unspecified impact via the keyctl commands.\n(CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when\nparsing rock ridge ER records. A local user could exploit this flaw to\nobtain sensitive information from kernel memory via a crafted iso9660\nimage. (CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR)\nof the Virtual Dynamically linked Shared Objects (vDSO) location. This\nflaw makes it easier for a local user to bypass the ASLR protection\nmechanism. (CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted\nfile name decoding. A local unprivileged user could exploit this flaw\nto cause a denial of service (system crash) or potentially gain\nadministrative privileges. (CVE-2014-9683).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-02-27T00:00:00", "title": "Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2515-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9529", "CVE-2014-9420", "CVE-2014-8160", "CVE-2014-8989", "CVE-2014-8559", "CVE-2015-0239", "CVE-2014-9584", "CVE-2014-9683", "CVE-2014-9428", "CVE-2014-8133", "CVE-2014-9419", "CVE-2014-9585"], "modified": "2015-02-27T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2515-1.NASL", "href": "https://www.tenable.com/plugins/nessus/81568", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2515-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81568);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-8133\", \"CVE-2014-8160\", \"CVE-2014-8559\", \"CVE-2014-8989\", \"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9428\", \"CVE-2014-9529\", \"CVE-2014-9584\", \"CVE-2014-9585\", \"CVE-2014-9683\", \"CVE-2015-0239\");\n script_bugtraq_id(70854, 71154, 71684, 71717, 71794, 71847, 71880, 71883, 71990, 72061, 72643, 72842);\n script_xref(name:\"USN\", value:\"2515-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2515-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation\nof the SYSTENTER instruction when the guest OS does not initialize the\nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a\ndenial of service of the guest OS (crash) or potentially gain\nprivileges on the guest OS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's\nThread Local Storage (TLS) implementation allowing users to bypass the\nespfix to obtain information that could be used to bypass the Address\nSpace Layout Randomization (ASLR) protection mechanism. A local user\ncould exploit this flaw to obtain potentially sensitive information\nfrom kernel memory. (CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules\nare specified and the conntrack protocol handler module is not loaded\ninto the Linux kernel. This flaw can cause the firewall rules on the\nsystem to be bypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local\nuser could exploit this flaw to cause a denial of service (deadlock\nand system hang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are\nhandled in certain namespace scenarios. A local user could exploit\nthis flaw to bypass file permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by\nthe task switching function in the Linux kernel for x86_64 based\nmachines. A local user could exploit this flaw to bypass the Address\nSpace Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the\nLinux kernel's ISO 9660 CDROM file system. A local user could exploit\nthis flaw to cause a denial of service (system crash or hang).\n(CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N.\nAdvanced Meshing Protocol in the Linux kernel. A remote attacker could\nexploit this flaw to cause a denial of service (mesh-node system\ncrash) via fragmented packets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A\nlocal user could cause a denial of service (memory corruption or\npanic) or possibly have unspecified impact via the keyctl commands.\n(CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when\nparsing rock ridge ER records. A local user could exploit this flaw to\nobtain sensitive information from kernel memory via a crafted iso9660\nimage. (CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR)\nof the Virtual Dynamically linked Shared Objects (vDSO) location. This\nflaw makes it easier for a local user to bypass the ASLR protection\nmechanism. (CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted\nfile name decoding. A local unprivileged user could exploit this flaw\nto cause a denial of service (system crash) or potentially gain\nadministrative privileges. (CVE-2014-9683).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2515-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-3.13-generic and / or\nlinux-image-3.13-generic-lpae packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2021 Canonical, Inc. / NASL script (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-8133\", \"CVE-2014-8160\", \"CVE-2014-8559\", \"CVE-2014-8989\", \"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9428\", \"CVE-2014-9529\", \"CVE-2014-9584\", \"CVE-2014-9585\", \"CVE-2014-9683\", \"CVE-2015-0239\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2515-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-46-generic\", pkgver:\"3.13.0-46.75~precise1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-46-generic-lpae\", pkgver:\"3.13.0-46.75~precise1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-20T15:28:28", "description": "USN-2515-1 fixed vulnerabilities in the Linux kernel. There was an\nunrelated regression in the use of the virtual counter (CNTVCT) on\narm64 architectures. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nA flaw was discovered in the Kernel Virtual Machine's (KVM) emulation\nof the SYSTENTER instruction when the guest OS does not initialize the\nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a\ndenial of service of the guest OS (crash) or potentially gain\nprivileges on the guest OS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's\nThread Local Storage (TLS) implementation allowing users to bypass the\nespfix to obtain information that could be used to bypass the Address\nSpace Layout Randomization (ASLR) protection mechanism. A local user\ncould exploit this flaw to obtain potentially sensitive information\nfrom kernel memory. (CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules\nare specified and the conntrack protocol handler module is not loaded\ninto the Linux kernel. This flaw can cause the firewall rules on the\nsystem to be bypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local\nuser could exploit this flaw to cause a denial of service (deadlock\nand system hang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are\nhandled in certain namespace scenarios. A local user could exploit\nthis flaw to bypass file permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by\nthe task switching function in the Linux kernel for x86_64 based\nmachines. A local user could exploit this flaw to bypass the Address\nSpace Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the\nLinux kernel's ISO 9660 CDROM file system. A local user could exploit\nthis flaw to cause a denial of service (system crash or hang).\n(CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N.\nAdvanced Meshing Protocol in the Linux kernel. A remote attacker could\nexploit this flaw to cause a denial of service (mesh-node system\ncrash) via fragmented packets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A\nlocal user could cause a denial of service (memory corruption or\npanic) or possibly have unspecified impact via the keyctl commands.\n(CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when\nparsing rock ridge ER records. A local user could exploit this flaw to\nobtain sensitive information from kernel memory via a crafted iso9660\nimage. (CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR)\nof the Virtual Dynamically linked Shared Objects (vDSO) location. This\nflaw makes it easier for a local user to bypass the ASLR protection\nmechanism. (CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted\nfile name decoding. A local unprivileged user could exploit this flaw\nto cause a denial of service (system crash) or potentially gain\nadministrative privileges. (CVE-2014-9683).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-03-05T00:00:00", "title": "Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2515-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9529", "CVE-2014-9420", "CVE-2014-8160", "CVE-2014-8989", "CVE-2014-8559", "CVE-2015-0239", "CVE-2014-9584", "CVE-2014-9683", "CVE-2014-9428", "CVE-2014-8133", "CVE-2014-9419", "CVE-2014-9585"], "modified": "2015-03-05T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2515-2.NASL", "href": "https://www.tenable.com/plugins/nessus/81645", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2515-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81645);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-8133\", \"CVE-2014-8160\", \"CVE-2014-8559\", \"CVE-2014-8989\", \"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9428\", \"CVE-2014-9529\", \"CVE-2014-9584\", \"CVE-2014-9585\", \"CVE-2014-9683\", \"CVE-2015-0239\");\n script_bugtraq_id(70854, 71154, 71684, 71717, 71794, 71847, 71880, 71883, 71990, 72061, 72643, 72842);\n script_xref(name:\"USN\", value:\"2515-2\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2515-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-2515-1 fixed vulnerabilities in the Linux kernel. There was an\nunrelated regression in the use of the virtual counter (CNTVCT) on\narm64 architectures. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nA flaw was discovered in the Kernel Virtual Machine's (KVM) emulation\nof the SYSTENTER instruction when the guest OS does not initialize the\nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a\ndenial of service of the guest OS (crash) or potentially gain\nprivileges on the guest OS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's\nThread Local Storage (TLS) implementation allowing users to bypass the\nespfix to obtain information that could be used to bypass the Address\nSpace Layout Randomization (ASLR) protection mechanism. A local user\ncould exploit this flaw to obtain potentially sensitive information\nfrom kernel memory. (CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules\nare specified and the conntrack protocol handler module is not loaded\ninto the Linux kernel. This flaw can cause the firewall rules on the\nsystem to be bypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local\nuser could exploit this flaw to cause a denial of service (deadlock\nand system hang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are\nhandled in certain namespace scenarios. A local user could exploit\nthis flaw to bypass file permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by\nthe task switching function in the Linux kernel for x86_64 based\nmachines. A local user could exploit this flaw to bypass the Address\nSpace Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the\nLinux kernel's ISO 9660 CDROM file system. A local user could exploit\nthis flaw to cause a denial of service (system crash or hang).\n(CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N.\nAdvanced Meshing Protocol in the Linux kernel. A remote attacker could\nexploit this flaw to cause a denial of service (mesh-node system\ncrash) via fragmented packets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A\nlocal user could cause a denial of service (memory corruption or\npanic) or possibly have unspecified impact via the keyctl commands.\n(CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when\nparsing rock ridge ER records. A local user could exploit this flaw to\nobtain sensitive information from kernel memory via a crafted iso9660\nimage. (CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR)\nof the Virtual Dynamically linked Shared Objects (vDSO) location. This\nflaw makes it easier for a local user to bypass the ASLR protection\nmechanism. (CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted\nfile name decoding. A local unprivileged user could exploit this flaw\nto cause a denial of service (system crash) or potentially gain\nadministrative privileges. (CVE-2014-9683).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2515-2/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-3.13-generic and / or\nlinux-image-3.13-generic-lpae packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2021 Canonical, Inc. / NASL script (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-8133\", \"CVE-2014-8160\", \"CVE-2014-8559\", \"CVE-2014-8989\", \"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9428\", \"CVE-2014-9529\", \"CVE-2014-9584\", \"CVE-2014-9585\", \"CVE-2014-9683\", \"CVE-2015-0239\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2515-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-46-generic\", pkgver:\"3.13.0-46.77~precise1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-46-generic-lpae\", pkgver:\"3.13.0-46.77~precise1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-20T15:28:34", "description": "USN-2516-1 fixed vulnerabilities in the Linux kernel. There was an\nunrelated regression in the use of the virtual counter (CNTVCT) on\narm64 architectures. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nA flaw was discovered in the Kernel Virtual Machine's (KVM) emulation\nof the SYSTENTER instruction when the guest OS does not initialize the\nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a\ndenial of service of the guest OS (crash) or potentially gain\nprivileges on the guest OS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's\nThread Local Storage (TLS) implementation allowing users to bypass the\nespfix to obtain information that could be used to bypass the Address\nSpace Layout Randomization (ASLR) protection mechanism. A local user\ncould exploit this flaw to obtain potentially sensitive information\nfrom kernel memory. (CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules\nare specified and the conntrack protocol handler module is not loaded\ninto the Linux kernel. This flaw can cause the firewall rules on the\nsystem to be bypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local\nuser could exploit this flaw to cause a denial of service (deadlock\nand system hang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are\nhandled in certain namespace scenarios. A local user could exploit\nthis flaw to bypass file permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by\nthe task switching function in the Linux kernel for x86_64 based\nmachines. A local user could exploit this flaw to bypass the Address\nSpace Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the\nLinux kernel's ISO 9660 CDROM file system. A local user could exploit\nthis flaw to cause a denial of service (system crash or hang).\n(CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N.\nAdvanced Meshing Protocol in the Linux kernel. A remote attacker could\nexploit this flaw to cause a denial of service (mesh-node system\ncrash) via fragmented packets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A\nlocal user could cause a denial of service (memory corruption or\npanic) or possibly have unspecified impact via the keyctl commands.\n(CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when\nparsing rock ridge ER records. A local user could exploit this flaw to\nobtain sensitive information from kernel memory via a crafted iso9660\nimage. (CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR)\nof the Virtual Dynamically linked Shared Objects (vDSO) location. This\nflaw makes it easier for a local user to bypass the ASLR protection\nmechanism. (CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted\nfile name decoding. A local unprivileged user could exploit this flaw\nto cause a denial of service (system crash) or potentially gain\nadministrative privileges. (CVE-2014-9683).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-03-02T00:00:00", "title": "Ubuntu 14.04 LTS : linux vulnerability (USN-2516-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9529", "CVE-2014-9420", "CVE-2014-8160", "CVE-2014-8989", "CVE-2014-8559", "CVE-2015-0239", "CVE-2014-9584", "CVE-2014-9683", "CVE-2014-9428", "CVE-2014-8133", "CVE-2014-9419", "CVE-2014-9585"], "modified": "2015-03-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:md-modules-3.13.0-46-generic-di", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:vlan-modules-3.13.0-46-generic-lpae-di", "p-cpe:/a:canonical:ubuntu_linux:ppp-modules-3.13.0-46-generic-di", "p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev", "p-cpe:/a:canonical:ubuntu_linux:irda-modules-3.13.0-46-generic-di", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:usb-modules-3.13.0-46-generic-di", "p-cpe:/a:canonical:ubuntu_linux:plip-modules-3.13.0-46-generic-di", "p-cpe:/a:canonical:ubuntu_linux:linux-udebs-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-source-3.13.0", "p-cpe:/a:canonical:ubuntu_linux:message-modules-3.13.0-46-generic-di", "p-cpe:/a:canonical:ubuntu_linux:md-modules-3.13.0-46-generic-lpae-di", "p-cpe:/a:canonical:ubuntu_linux:linux-doc", "p-cpe:/a:canonical:ubuntu_linux:input-modules-3.13.0-46-generic-di", "p-cpe:/a:canonical:ubuntu_linux:usb-modules-3.13.0-46-generic-lpae-di", "p-cpe:/a:canonical:ubuntu_linux:fb-modules-3.13.0-46-generic-di", "p-cpe:/a:canonical:ubuntu_linux:fs-secondary-modules-3.13.0-46-generic-lpae-di", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-3.13-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:pcmcia-modules-3.13.0-46-generic-di", "p-cpe:/a:canonical:ubuntu_linux:crypto-modules-3.13.0-46-generic-lpae-di", "p-cpe:/a:canonical:ubuntu_linux:sata-modules-3.13.0-46-generic-di", "p-cpe:/a:canonical:ubuntu_linux:nic-usb-modules-3.13.0-46-generic-lpae-di", "p-cpe:/a:canonical:ubuntu_linux:multipath-modules-3.13.0-46-generic-lpae-di", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-3.13-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:fs-secondary-modules-3.13.0-46-generic-di", "p-cpe:/a:canonical:ubuntu_linux:fs-core-modules-3.13.0-46-generic-di", "p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-udebs-generic", "p-cpe:/a:canonical:ubuntu_linux:nic-usb-modules-3.13.0-46-generic-di", "p-cpe:/a:canonical:ubuntu_linux:vlan-modules-3.13.0-46-generic-di", "p-cpe:/a:canonical:ubuntu_linux:storage-core-modules-3.13.0-46-generic-lpae-di", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:speakup-modules-3.13.0-46-generic-di", "p-cpe:/a:canonical:ubuntu_linux:floppy-modules-3.13.0-46-generic-di", "p-cpe:/a:canonical:ubuntu_linux:kernel-image-3.13.0-46-generic-di", "p-cpe:/a:canonical:ubuntu_linux:crypto-modules-3.13.0-46-generic-di", "p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-3.13-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:parport-modules-3.13.0-46-generic-di", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:fat-modules-3.13.0-46-generic-lpae-di", "p-cpe:/a:canonical:ubuntu_linux:ipmi-modules-3.13.0-46-generic-di", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-3.13-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:irda-modules-3.13.0-46-generic-lpae-di", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:scsi-modules-3.13.0-46-generic-di", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-3.13", "p-cpe:/a:canonical:ubuntu_linux:squashfs-modules-3.13.0-46-generic-di", "p-cpe:/a:canonical:ubuntu_linux:nfs-modules-3.13.0-46-generic-lpae-di", "p-cpe:/a:canonical:ubuntu_linux:serial-modules-3.13.0-46-generic-di", "p-cpe:/a:canonical:ubuntu_linux:sata-modules-3.13.0-46-generic-lpae-di", "p-cpe:/a:canonical:ubuntu_linux:firewire-core-modules-3.13.0-46-generic-di", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-common", "p-cpe:/a:canonical:ubuntu_linux:speakup-modules-3.13.0-46-generic-lpae-di", "p-cpe:/a:canonical:ubuntu_linux:nic-modules-3.13.0-46-generic-lpae-di", "p-cpe:/a:canonical:ubuntu_linux:kernel-image-3.13.0-46-generic-lpae-di", "p-cpe:/a:canonical:ubuntu_linux:nic-modules-3.13.0-46-generic-di", "p-cpe:/a:canonical:ubuntu_linux:scsi-modules-3.13.0-46-generic-lpae-di", "p-cpe:/a:canonical:ubuntu_linux:parport-modules-3.13.0-46-generic-lpae-di", "p-cpe:/a:canonical:ubuntu_linux:ipmi-modules-3.13.0-46-generic-lpae-di", "p-cpe:/a:canonical:ubuntu_linux:block-modules-3.13.0-46-generic-lpae-di", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-3.13", "p-cpe:/a:canonical:ubuntu_linux:pata-modules-3.13.0-46-generic-di", "p-cpe:/a:canonical:ubuntu_linux:block-modules-3.13.0-46-generic-di", "p-cpe:/a:canonical:ubuntu_linux:linux-udebs-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:nic-shared-modules-3.13.0-46-generic-di", "p-cpe:/a:canonical:ubuntu_linux:fs-core-modules-3.13.0-46-generic-lpae-di", "p-cpe:/a:canonical:ubuntu_linux:nic-shared-modules-3.13.0-46-generic-lpae-di", "p-cpe:/a:canonical:ubuntu_linux:nic-pcmcia-modules-3.13.0-46-generic-di", "p-cpe:/a:canonical:ubuntu_linux:multipath-modules-3.13.0-46-generic-di", "p-cpe:/a:canonical:ubuntu_linux:ppp-modules-3.13.0-46-generic-lpae-di", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-common", "p-cpe:/a:canonical:ubuntu_linux:nfs-modules-3.13.0-46-generic-di", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-3.13", "p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:squashfs-modules-3.13.0-46-generic-lpae-di", "p-cpe:/a:canonical:ubuntu_linux:input-modules-3.13.0-46-generic-lpae-di", "p-cpe:/a:canonical:ubuntu_linux:mouse-modules-3.13.0-46-generic-lpae-di", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:pcmcia-storage-modules-3.13.0-46-generic-di", "p-cpe:/a:canonical:ubuntu_linux:virtio-modules-3.13.0-46-generic-di", "p-cpe:/a:canonical:ubuntu_linux:fat-modules-3.13.0-46-generic-di", "p-cpe:/a:canonical:ubuntu_linux:plip-modules-3.13.0-46-generic-lpae-di", "cpe:/o:canonical:ubuntu_linux:14.04", "p-cpe:/a:canonical:ubuntu_linux:storage-core-modules-3.13.0-46-generic-di", "p-cpe:/a:canonical:ubuntu_linux:mouse-modules-3.13.0-46-generic-di"], "id": "UBUNTU_USN-2516-2.NASL", "href": "https://www.tenable.com/plugins/nessus/81590", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2516-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81590);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-8133\", \"CVE-2014-8160\", \"CVE-2014-8559\", \"CVE-2014-8989\", \"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9428\", \"CVE-2014-9529\", \"CVE-2014-9584\", \"CVE-2014-9585\", \"CVE-2014-9683\", \"CVE-2015-0239\");\n script_bugtraq_id(70854, 71154, 71684, 71717, 71794, 71847, 71880, 71883, 71990, 72061, 72643, 72842);\n script_xref(name:\"USN\", value:\"2516-2\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux vulnerability (USN-2516-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-2516-1 fixed vulnerabilities in the Linux kernel. There was an\nunrelated regression in the use of the virtual counter (CNTVCT) on\narm64 architectures. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nA flaw was discovered in the Kernel Virtual Machine's (KVM) emulation\nof the SYSTENTER instruction when the guest OS does not initialize the\nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a\ndenial of service of the guest OS (crash) or potentially gain\nprivileges on the guest OS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's\nThread Local Storage (TLS) implementation allowing users to bypass the\nespfix to obtain information that could be used to bypass the Address\nSpace Layout Randomization (ASLR) protection mechanism. A local user\ncould exploit this flaw to obtain potentially sensitive information\nfrom kernel memory. (CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules\nare specified and the conntrack protocol handler module is not loaded\ninto the Linux kernel. This flaw can cause the firewall rules on the\nsystem to be bypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local\nuser could exploit this flaw to cause a denial of service (deadlock\nand system hang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are\nhandled in certain namespace scenarios. A local user could exploit\nthis flaw to bypass file permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by\nthe task switching function in the Linux kernel for x86_64 based\nmachines. A local user could exploit this flaw to bypass the Address\nSpace Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the\nLinux kernel's ISO 9660 CDROM file system. A local user could exploit\nthis flaw to cause a denial of service (system crash or hang).\n(CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N.\nAdvanced Meshing Protocol in the Linux kernel. A remote attacker could\nexploit this flaw to cause a denial of service (mesh-node system\ncrash) via fragmented packets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A\nlocal user could cause a denial of service (memory corruption or\npanic) or possibly have unspecified impact via the keyctl commands.\n(CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when\nparsing rock ridge ER records. A local user could exploit this flaw to\nobtain sensitive information from kernel memory via a crafted iso9660\nimage. (CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR)\nof the Virtual Dynamically linked Shared Objects (vDSO) location. This\nflaw makes it easier for a local user to bypass the ASLR protection\nmechanism. (CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted\nfile name decoding. A local unprivileged user could exploit this flaw\nto cause a denial of service (system crash) or potentially gain\nadministrative privileges. (CVE-2014-9683).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2516-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:block-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:block-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:crypto-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:crypto-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:fat-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:fat-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:fb-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firewire-core-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:floppy-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:fs-core-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:fs-core-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:fs-secondary-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:fs-secondary-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:input-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:input-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ipmi-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ipmi-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:irda-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:irda-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kernel-image-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:kernel-image-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-3.13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-3.13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-3.13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-3.13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-udebs-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-udebs-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-udebs-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:md-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:md-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:message-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mouse-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mouse-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:multipath-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:multipath-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nfs-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nfs-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nic-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nic-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nic-pcmcia-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nic-shared-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nic-shared-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nic-usb-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nic-usb-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:parport-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:parport-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pata-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pcmcia-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pcmcia-storage-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:plip-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:plip-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ppp-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ppp-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:sata-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:sata-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:scsi-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:scsi-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:serial-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:speakup-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:speakup-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:squashfs-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:squashfs-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:storage-core-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:storage-core-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:usb-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:usb-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:virtio-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vlan-modules-3.13.0-46-generic-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:vlan-modules-3.13.0-46-generic-lpae-di\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2021 Canonical, Inc. / NASL script (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-8133\", \"CVE-2014-8160\", \"CVE-2014-8559\", \"CVE-2014-8989\", \"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9428\", \"CVE-2014-9529\", \"CVE-2014-9584\", \"CVE-2014-9585\", \"CVE-2014-9683\", \"CVE-2015-0239\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2516-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"block-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"block-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"crypto-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"crypto-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"fat-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"fat-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"fb-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"firewire-core-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"floppy-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"fs-core-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"fs-core-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"fs-secondary-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"fs-secondary-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"input-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"input-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"ipmi-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"ipmi-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"irda-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"irda-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"kernel-image-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"kernel-image-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-cloud-tools-3.13.0-46\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-cloud-tools-3.13.0-46-generic\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-cloud-tools-3.13.0-46-generic-lpae\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-cloud-tools-3.13.0-46-lowlatency\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-cloud-tools-common\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-doc\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-headers-3.13.0-46\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-headers-3.13.0-46-generic\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-headers-3.13.0-46-generic-lpae\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-headers-3.13.0-46-lowlatency\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-46-generic\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-46-generic-lpae\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-46-lowlatency\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-extra-3.13.0-46-generic\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-extra-3.13.0-46-generic-lpae\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-extra-3.13.0-46-lowlatency\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-libc-dev\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-source-3.13.0\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-tools-3.13.0-46\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-tools-3.13.0-46-generic\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-tools-3.13.0-46-generic-lpae\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-tools-3.13.0-46-lowlatency\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-tools-common\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-udebs-generic\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-udebs-generic-lpae\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-udebs-lowlatency\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"md-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"md-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"message-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"mouse-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"mouse-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"multipath-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"multipath-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"nfs-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"nfs-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"nic-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"nic-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"nic-pcmcia-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"nic-shared-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"nic-shared-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"nic-usb-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"nic-usb-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"parport-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"parport-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"pata-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"pcmcia-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"pcmcia-storage-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"plip-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"plip-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"ppp-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"ppp-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"sata-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"sata-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"scsi-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"scsi-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"serial-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"speakup-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"speakup-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"squashfs-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"squashfs-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"storage-core-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"storage-core-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"usb-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"usb-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"virtio-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"vlan-modules-3.13.0-46-generic-di\", pkgver:\"3.13.0-46.76\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"vlan-modules-3.13.0-46-generic-lpae-di\", pkgver:\"3.13.0-46.76\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"block-modules-3.13.0-46-generic-di / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-20T15:28:34", "description": "USN-2516-1 fixed vulnerabilities in the Linux kernel, and the fix in\nUSN-2516-2 was incomplete. There was an unrelated regression in the\nuse of the virtual counter (CNTVCT) on arm64 architectures.\n\nThis update fixes the problem.\n\nWe apologize for the inconvenience.\n\nA flaw was discovered in the Kernel Virtual Machine's (KVM) emulation\nof the SYSTENTER instruction when the guest OS does not initialize the\nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a\ndenial of service of the guest OS (crash) or potentially gain\nprivileges on the guest OS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's\nThread Local Storage (TLS) implementation allowing users to bypass the\nespfix to obtain information that could be used to bypass the Address\nSpace Layout Randomization (ASLR) protection mechanism. A local user\ncould exploit this flaw to obtain potentially sensitive information\nfrom kernel memory. (CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules\nare specified and the conntrack protocol handler module is not loaded\ninto the Linux kernel. This flaw can cause the firewall rules on the\nsystem to be bypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local\nuser could exploit this flaw to cause a denial of service (deadlock\nand system hang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are\nhandled in certain namespace scenarios. A local user could exploit\nthis flaw to bypass file permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by\nthe task switching function in the Linux kernel for x86_64 based\nmachines. A local user could exploit this flaw to bypass the Address\nSpace Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the\nLinux kernel's ISO 9660 CDROM file system. A local user could exploit\nthis flaw to cause a denial of service (system crash or hang).\n(CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N.\nAdvanced Meshing Protocol in the Linux kernel. A remote attacker could\nexploit this flaw to cause a denial of service (mesh-node system\ncrash) via fragmented packets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A\nlocal user could cause a denial of service (memory corruption or\npanic) or possibly have unspecified impact via the keyctl commands.\n(CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when\nparsing rock ridge ER records. A local user could exploit this flaw to\nobtain sensitive information from kernel memory via a crafted iso9660\nimage. (CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR)\nof the Virtual Dynamically linked Shared Objects (vDSO) location. This\nflaw makes it easier for a local user to bypass the ASLR protection\nmechanism. (CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted\nfile name decoding. A local unprivileged user could exploit this flaw\nto cause a denial of service (system crash) or potentially gain\nadministrative privileges. (CVE-2014-9683).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-03-05T00:00:00", "title": "Ubuntu 14.04 LTS : linux vulnerabilities (USN-2516-3)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9529", "CVE-2014-9420", "CVE-2014-8160", "CVE-2014-8989", "CVE-2014-8559", "CVE-2015-0239", "CVE-2014-9584", "CVE-2014-9683", "CVE-2014-9428", "CVE-2014-8133", "CVE-2014-9419", "CVE-2014-9585"], "modified": "2015-03-05T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2516-3.NASL", "href": "https://www.tenable.com/plugins/nessus/81646", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2516-3. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81646);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-8133\", \"CVE-2014-8160\", \"CVE-2014-8559\", \"CVE-2014-8989\", \"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9428\", \"CVE-2014-9529\", \"CVE-2014-9584\", \"CVE-2014-9585\", \"CVE-2014-9683\", \"CVE-2015-0239\");\n script_bugtraq_id(70854, 71154, 71684, 71717, 71794, 71847, 71880, 71883, 71990, 72061, 72643, 72842);\n script_xref(name:\"USN\", value:\"2516-3\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux vulnerabilities (USN-2516-3)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-2516-1 fixed vulnerabilities in the Linux kernel, and the fix in\nUSN-2516-2 was incomplete. There was an unrelated regression in the\nuse of the virtual counter (CNTVCT) on arm64 architectures.\n\nThis update fixes the problem.\n\nWe apologize for the inconvenience.\n\nA flaw was discovered in the Kernel Virtual Machine's (KVM) emulation\nof the SYSTENTER instruction when the guest OS does not initialize the\nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a\ndenial of service of the guest OS (crash) or potentially gain\nprivileges on the guest OS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's\nThread Local Storage (TLS) implementation allowing users to bypass the\nespfix to obtain information that could be used to bypass the Address\nSpace Layout Randomization (ASLR) protection mechanism. A local user\ncould exploit this flaw to obtain potentially sensitive information\nfrom kernel memory. (CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules\nare specified and the conntrack protocol handler module is not loaded\ninto the Linux kernel. This flaw can cause the firewall rules on the\nsystem to be bypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local\nuser could exploit this flaw to cause a denial of service (deadlock\nand system hang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are\nhandled in certain namespace scenarios. A local user could exploit\nthis flaw to bypass file permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by\nthe task switching function in the Linux kernel for x86_64 based\nmachines. A local user could exploit this flaw to bypass the Address\nSpace Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the\nLinux kernel's ISO 9660 CDROM file system. A local user could exploit\nthis flaw to cause a denial of service (system crash or hang).\n(CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N.\nAdvanced Meshing Protocol in the Linux kernel. A remote attacker could\nexploit this flaw to cause a denial of service (mesh-node system\ncrash) via fragmented packets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A\nlocal user could cause a denial of service (memory corruption or\npanic) or possibly have unspecified impact via the keyctl commands.\n(CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when\nparsing rock ridge ER records. A local user could exploit this flaw to\nobtain sensitive information from kernel memory via a crafted iso9660\nimage. (CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR)\nof the Virtual Dynamically linked Shared Objects (vDSO) location. This\nflaw makes it easier for a local user to bypass the ASLR protection\nmechanism. (CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted\nfile name decoding. A local unprivileged user could exploit this flaw\nto cause a denial of service (system crash) or potentially gain\nadministrative privileges. (CVE-2014-9683).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2516-3/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-3.13-generic,\nlinux-image-3.13-generic-lpae and / or linux-image-3.13-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2021 Canonical, Inc. / NASL script (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-8133\", \"CVE-2014-8160\", \"CVE-2014-8559\", \"CVE-2014-8989\", \"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9428\", \"CVE-2014-9529\", \"CVE-2014-9584\", \"CVE-2014-9585\", \"CVE-2014-9683\", \"CVE-2015-0239\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2516-3\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-46-generic\", pkgver:\"3.13.0-46.77\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-46-generic-lpae\", pkgver:\"3.13.0-46.77\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-46-lowlatency\", pkgver:\"3.13.0-46.77\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-20T15:28:35", "description": "A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation\nof the SYSTENTER instruction when the guest OS does not initialize the\nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a\ndenial of service of the guest OS (crash) or potentially gain\nprivileges on the guest OS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's\nThread Local Storage (TLS) implementation allowing users to bypass the\nespfix to obtain information that could be used to bypass the Address\nSpace Layout Randomization (ASLR) protection mechanism. A local user\ncould exploit this flaw to obtain potentially sensitive information\nfrom kernel memory. (CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules\nare specified and the conntrack protocol handler module is not loaded\ninto the Linux kernel. This flaw can cause the firewall rules on the\nsystem to be bypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local\nuser could exploit this flaw to cause a denial of service (deadlock\nand system hang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are\nhandled in certain namespace scenarios. A local user could exploit\nthis flaw to bypass file permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by\nthe task switching function in the Linux kernel for x86_64 based\nmachines. A local user could exploit this flaw to bypass the Address\nSpace Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the\nLinux kernel's ISO 9660 CDROM file system. A local user could exploit\nthis flaw to cause a denial of service (system crash or hang).\n(CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N.\nAdvanced Meshing Protocol in the Linux kernel. A remote attacker could\nexploit this flaw to cause a denial of service (mesh-node system\ncrash) via fragmented packets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A\nlocal user could cause a denial of service (memory corruption or\npanic) or possibly have unspecified impact via the keyctl commands.\n(CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when\nparsing rock ridge ER records. A local user could exploit this flaw to\nobtain sensitive information from kernel memory via a crafted iso9660\nimage. (CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR)\nof the Virtual Dynamically linked Shared Objects (vDSO) location. This\nflaw makes it easier for a local user to bypass the ASLR protection\nmechanism. (CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted\nfile name decoding. A local unprivileged user could exploit this flaw\nto cause a denial of service (system crash) or potentially gain\nadministrative privileges. (CVE-2014-9683).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-02-27T00:00:00", "title": "Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2517-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9529", "CVE-2014-9420", "CVE-2014-8160", "CVE-2014-8989", "CVE-2014-8559", "CVE-2015-0239", "CVE-2014-9584", "CVE-2014-9683", "CVE-2014-9428", "CVE-2014-8133", "CVE-2014-9419", "CVE-2014-9585"], "modified": "2015-02-27T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2517-1.NASL", "href": "https://www.tenable.com/plugins/nessus/81570", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2517-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81570);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-8133\", \"CVE-2014-8160\", \"CVE-2014-8559\", \"CVE-2014-8989\", \"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9428\", \"CVE-2014-9529\", \"CVE-2014-9584\", \"CVE-2014-9585\", \"CVE-2014-9683\", \"CVE-2015-0239\");\n script_bugtraq_id(70854, 71154, 71684, 71717, 71794, 71847, 71880, 71883, 71990, 72061, 72643, 72842);\n script_xref(name:\"USN\", value:\"2517-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2517-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation\nof the SYSTENTER instruction when the guest OS does not initialize the\nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a\ndenial of service of the guest OS (crash) or potentially gain\nprivileges on the guest OS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's\nThread Local Storage (TLS) implementation allowing users to bypass the\nespfix to obtain information that could be used to bypass the Address\nSpace Layout Randomization (ASLR) protection mechanism. A local user\ncould exploit this flaw to obtain potentially sensitive information\nfrom kernel memory. (CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules\nare specified and the conntrack protocol handler module is not loaded\ninto the Linux kernel. This flaw can cause the firewall rules on the\nsystem to be bypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local\nuser could exploit this flaw to cause a denial of service (deadlock\nand system hang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are\nhandled in certain namespace scenarios. A local user could exploit\nthis flaw to bypass file permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by\nthe task switching function in the Linux kernel for x86_64 based\nmachines. A local user could exploit this flaw to bypass the Address\nSpace Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the\nLinux kernel's ISO 9660 CDROM file system. A local user could exploit\nthis flaw to cause a denial of service (system crash or hang).\n(CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N.\nAdvanced Meshing Protocol in the Linux kernel. A remote attacker could\nexploit this flaw to cause a denial of service (mesh-node system\ncrash) via fragmented packets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A\nlocal user could cause a denial of service (memory corruption or\npanic) or possibly have unspecified impact via the keyctl commands.\n(CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when\nparsing rock ridge ER records. A local user could exploit this flaw to\nobtain sensitive information from kernel memory via a crafted iso9660\nimage. (CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR)\nof the Virtual Dynamically linked Shared Objects (vDSO) location. This\nflaw makes it easier for a local user to bypass the ASLR protection\nmechanism. (CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted\nfile name decoding. A local unprivileged user could exploit this flaw\nto cause a denial of service (system crash) or potentially gain\nadministrative privileges. (CVE-2014-9683).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2517-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-3.16-generic,\nlinux-image-3.16-generic-lpae and / or linux-image-3.16-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2021 Canonical, Inc. / NASL script (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-8133\", \"CVE-2014-8160\", \"CVE-2014-8559\", \"CVE-2014-8989\", \"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9428\", \"CVE-2014-9529\", \"CVE-2014-9584\", \"CVE-2014-9585\", \"CVE-2014-9683\", \"CVE-2015-0239\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2517-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-31-generic\", pkgver:\"3.16.0-31.41~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-31-generic-lpae\", pkgver:\"3.16.0-31.41~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-31-lowlatency\", pkgver:\"3.16.0-31.41~14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.16-generic / linux-image-3.16-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-20T15:28:36", "description": "A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation\nof the SYSTENTER instruction when the guest OS does not initialize the\nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a\ndenial of service of the guest OS (crash) or potentially gain\nprivileges on the guest OS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's\nThread Local Storage (TLS) implementation allowing users to bypass the\nespfix to obtain information that could be used to bypass the Address\nSpace Layout Randomization (ASLR) protection mechanism. A local user\ncould exploit this flaw to obtain potentially sensitive information\nfrom kernel memory. (CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules\nare specified and the conntrack protocol handler module is not loaded\ninto the Linux kernel. This flaw can cause the firewall rules on the\nsystem to be bypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local\nuser could exploit this flaw to cause a denial of service (deadlock\nand system hang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are\nhandled in certain namespace scenarios. A local user could exploit\nthis flaw to bypass file permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by\nthe task switching function in the Linux kernel for x86_64 based\nmachines. A local user could exploit this flaw to bypass the Address\nSpace Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the\nLinux kernel's ISO 9660 CDROM file system. A local user could exploit\nthis flaw to cause a denial of service (system crash or hang).\n(CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N.\nAdvanced Meshing Protocol in the Linux kernel. A remote attacker could\nexploit this flaw to cause a denial of service (mesh-node system\ncrash) via fragmented packets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A\nlocal user could cause a denial of service (memory corruption or\npanic) or possibly have unspecified impact via the keyctl commands.\n(CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when\nparsing rock ridge ER records. A local user could exploit this flaw to\nobtain sensitive information from kernel memory via a crafted iso9660\nimage. (CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR)\nof the Virtual Dynamically linked Shared Objects (vDSO) location. This\nflaw makes it easier for a local user to bypass the ASLR protection\nmechanism. (CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted\nfile name decoding. A local unprivileged user could exploit this flaw\nto cause a denial of service (system crash) or potentially gain\nadministrative privileges. (CVE-2014-9683).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-02-27T00:00:00", "title": "Ubuntu 14.10 : linux vulnerabilities (USN-2518-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9529", "CVE-2014-9420", "CVE-2014-8160", "CVE-2014-8989", "CVE-2014-8559", "CVE-2015-0239", "CVE-2014-9584", "CVE-2014-9683", "CVE-2014-9428", "CVE-2014-8133", "CVE-2014-9419", "CVE-2014-9585"], "modified": "2015-02-27T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.10"], "id": "UBUNTU_USN-2518-1.NASL", "href": "https://www.tenable.com/plugins/nessus/81571", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2518-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81571);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-8133\", \"CVE-2014-8160\", \"CVE-2014-8559\", \"CVE-2014-8989\", \"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9428\", \"CVE-2014-9529\", \"CVE-2014-9584\", \"CVE-2014-9585\", \"CVE-2014-9683\", \"CVE-2015-0239\");\n script_bugtraq_id(70854, 71154, 71684, 71717, 71794, 71847, 71880, 71883, 71990, 72061, 72643);\n script_xref(name:\"USN\", value:\"2518-1\");\n\n script_name(english:\"Ubuntu 14.10 : linux vulnerabilities (USN-2518-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation\nof the SYSTENTER instruction when the guest OS does not initialize the\nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a\ndenial of service of the guest OS (crash) or potentially gain\nprivileges on the guest OS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's\nThread Local Storage (TLS) implementation allowing users to bypass the\nespfix to obtain information that could be used to bypass the Address\nSpace Layout Randomization (ASLR) protection mechanism. A local user\ncould exploit this flaw to obtain potentially sensitive information\nfrom kernel memory. (CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules\nare specified and the conntrack protocol handler module is not loaded\ninto the Linux kernel. This flaw can cause the firewall rules on the\nsystem to be bypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local\nuser could exploit this flaw to cause a denial of service (deadlock\nand system hang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are\nhandled in certain namespace scenarios. A local user could exploit\nthis flaw to bypass file permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by\nthe task switching function in the Linux kernel for x86_64 based\nmachines. A local user could exploit this flaw to bypass the Address\nSpace Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the\nLinux kernel's ISO 9660 CDROM file system. A local user could exploit\nthis flaw to cause a denial of service (system crash or hang).\n(CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N.\nAdvanced Meshing Protocol in the Linux kernel. A remote attacker could\nexploit this flaw to cause a denial of service (mesh-node system\ncrash) via fragmented packets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A\nlocal user could cause a denial of service (memory corruption or\npanic) or possibly have unspecified impact via the keyctl commands.\n(CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when\nparsing rock ridge ER records. A local user could exploit this flaw to\nobtain sensitive information from kernel memory via a crafted iso9660\nimage. (CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR)\nof the Virtual Dynamically linked Shared Objects (vDSO) location. This\nflaw makes it easier for a local user to bypass the ASLR protection\nmechanism. (CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted\nfile name decoding. A local unprivileged user could exploit this flaw\nto cause a denial of service (system crash) or potentially gain\nadministrative privileges. (CVE-2014-9683).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2518-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-3.16-generic,\nlinux-image-3.16-generic-lpae and / or linux-image-3.16-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2021 Canonical, Inc. / NASL script (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-8133\", \"CVE-2014-8160\", \"CVE-2014-8559\", \"CVE-2014-8989\", \"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9428\", \"CVE-2014-9529\", \"CVE-2014-9584\", \"CVE-2014-9585\", \"CVE-2014-9683\", \"CVE-2015-0239\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2518-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.10\", pkgname:\"linux-image-3.16.0-31-generic\", pkgver:\"3.16.0-31.41\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"linux-image-3.16.0-31-generic-lpae\", pkgver:\"3.16.0-31.41\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"linux-image-3.16.0-31-lowlatency\", pkgver:\"3.16.0-31.41\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.16-generic / linux-image-3.16-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-20T15:28:34", "description": "A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation\nof the SYSTENTER instruction when the guest OS does not initialize the\nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a\ndenial of service of the guest OS (crash) or potentially gain\nprivileges on the guest OS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's\nThread Local Storage (TLS) implementation allowing users to bypass the\nespfix to obtain information that could be used to bypass the Address\nSpace Layout Randomization (ASLR) protection mechanism. A local user\ncould exploit this flaw to obtain potentially sensitive information\nfrom kernel memory. (CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules\nare specified and the conntrack protocol handler module is not loaded\ninto the Linux kernel. This flaw can cause the firewall rules on the\nsystem to be bypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local\nuser could exploit this flaw to cause a denial of service (deadlock\nand system hang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are\nhandled in certain namespace scenarios. A local user could exploit\nthis flaw to bypass file permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by\nthe task switching function in the Linux kernel for x86_64 based\nmachines. A local user could exploit this flaw to bypass the Address\nSpace Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the\nLinux kernel's ISO 9660 CDROM file system. A local user could exploit\nthis flaw to cause a denial of service (system crash or hang).\n(CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N.\nAdvanced Meshing Protocol in the Linux kernel. A remote attacker could\nexploit this flaw to cause a denial of service (mesh-node system\ncrash) via fragmented packets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A\nlocal user could cause a denial of service (memory corruption or\npanic) or possibly have unspecified impact via the keyctl commands.\n(CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when\nparsing rock ridge ER records. A local user could exploit this flaw to\nobtain sensitive information from kernel memory via a crafted iso9660\nimage. (CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR)\nof the Virtual Dynamically linked Shared Objects (vDSO) location. This\nflaw makes it easier for a local user to bypass the ASLR protection\nmechanism. (CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted\nfile name decoding. A local unprivileged user could exploit this flaw\nto cause a denial of service (system crash) or potentially gain\nadministrative privileges. (CVE-2014-9683).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2015-02-27T00:00:00", "title": "Ubuntu 14.04 LTS : linux vulnerabilities (USN-2516-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9529", "CVE-2014-9420", "CVE-2014-8160", "CVE-2014-8989", "CVE-2014-8559", "CVE-2015-0239", "CVE-2014-9584", "CVE-2014-9683", "CVE-2014-9428", "CVE-2014-8133", "CVE-2014-9419", "CVE-2014-9585"], "modified": "2015-02-27T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2516-1.NASL", "href": "https://www.tenable.com/plugins/nessus/81569", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2516-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81569);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-8133\", \"CVE-2014-8160\", \"CVE-2014-8559\", \"CVE-2014-8989\", \"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9428\", \"CVE-2014-9529\", \"CVE-2014-9584\", \"CVE-2014-9585\", \"CVE-2014-9683\", \"CVE-2015-0239\");\n script_bugtraq_id(70854, 71154, 71684, 71717, 71794, 71847, 71880, 71883, 71990, 72061, 72643, 72842);\n script_xref(name:\"USN\", value:\"2516-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux vulnerabilities (USN-2516-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation\nof the SYSTENTER instruction when the guest OS does not initialize the\nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a\ndenial of service of the guest OS (crash) or potentially gain\nprivileges on the guest OS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's\nThread Local Storage (TLS) implementation allowing users to bypass the\nespfix to obtain information that could be used to bypass the Address\nSpace Layout Randomization (ASLR) protection mechanism. A local user\ncould exploit this flaw to obtain potentially sensitive information\nfrom kernel memory. (CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules\nare specified and the conntrack protocol handler module is not loaded\ninto the Linux kernel. This flaw can cause the firewall rules on the\nsystem to be bypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local\nuser could exploit this flaw to cause a denial of service (deadlock\nand system hang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are\nhandled in certain namespace scenarios. A local user could exploit\nthis flaw to bypass file permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by\nthe task switching function in the Linux kernel for x86_64 based\nmachines. A local user could exploit this flaw to bypass the Address\nSpace Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the\nLinux kernel's ISO 9660 CDROM file system. A local user could exploit\nthis flaw to cause a denial of service (system crash or hang).\n(CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N.\nAdvanced Meshing Protocol in the Linux kernel. A remote attacker could\nexploit this flaw to cause a denial of service (mesh-node system\ncrash) via fragmented packets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A\nlocal user could cause a denial of service (memory corruption or\npanic) or possibly have unspecified impact via the keyctl commands.\n(CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when\nparsing rock ridge ER records. A local user could exploit this flaw to\nobtain sensitive information from kernel memory via a crafted iso9660\nimage. (CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR)\nof the Virtual Dynamically linked Shared Objects (vDSO) location. This\nflaw makes it easier for a local user to bypass the ASLR protection\nmechanism. (CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted\nfile name decoding. A local unprivileged user could exploit this flaw\nto cause a denial of service (system crash) or potentially gain\nadministrative privileges. (CVE-2014-9683).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2516-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-3.13-generic,\nlinux-image-3.13-generic-lpae and / or linux-image-3.13-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2021 Canonical, Inc. / NASL script (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-8133\", \"CVE-2014-8160\", \"CVE-2014-8559\", \"CVE-2014-8989\", \"CVE-2014-9419\", \"CVE-2014-9420\", \"CVE-2014-9428\", \"CVE-2014-9529\", \"CVE-2014-9584\", \"CVE-2014-9585\", \"CVE-2014-9683\", \"CVE-2015-0239\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2516-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-46-generic\", pkgver:\"3.13.0-46.75\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-46-generic-lpae\", pkgver:\"3.13.0-46.75\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-46-lowlatency\", pkgver:\"3.13.0-46.75\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "cve": [{"lastseen": "2020-12-09T19:58:29", "description": "The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a \"negative groups\" issue, related to kernel/groups.c, kernel/uid16.c, and kernel/user_namespace.c.", "edition": 5, "cvss3": {}, "published": "2014-11-30T01:59:00", "title": "CVE-2014-8989", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8989"], "modified": "2017-01-03T02:59:00", "cpe": ["cpe:/o:linux:linux_kernel:3.0.57", "cpe:/o:linux:linux_kernel:3.12.8", "cpe:/o:linux:linux_kernel:3.0.36", "cpe:/o:linux:linux_kernel:3.11.6", "cpe:/o:linux:linux_kernel:3.1.4", "cpe:/o:linux:linux_kernel:3.1.7", "cpe:/o:linux:linux_kernel:3.0.30", "cpe:/o:linux:linux_kernel:3.0.64", "cpe:/o:linux:linux_kernel:3.14.4", "cpe:/o:linux:linux_kernel:3.10.17", "cpe:/o:linux:linux_kernel:3.10", "cpe:/o:linux:linux_kernel:3.0.27", "cpe:/o:linux:linux_kernel:3.0.61", "cpe:/o:linux:linux_kernel:3.10.18", "cpe:/o:linux:linux_kernel:3.0.33", "cpe:/o:linux:linux_kernel:3.10.21", "cpe:/o:linux:linux_kernel:3.0.47", "cpe:/o:linux:linux_kernel:3.15.8", "cpe:/o:linux:linux_kernel:3.10.4", "cpe:/o:linux:linux_kernel:3.0.9", "cpe:/o:linux:linux_kernel:3.12.3", "cpe:/o:linux:linux_kernel:3.0.6", "cpe:/o:linux:linux_kernel:3.16.0", "cpe:/o:linux:linux_kernel:3.12.14", "cpe:/o:linux:linux_kernel:3.10.7", "cpe:/o:linux:linux_kernel:3.10.9", "cpe:/o:linux:linux_kernel:3.0.17", "cpe:/o:linux:linux_kernel:3.0.10", "cpe:/o:linux:linux_kernel:3.12.10", "cpe:/o:linux:linux_kernel:3.10.14", "cpe:/o:linux:linux_kernel:3.15.5", "cpe:/o:linux:linux_kernel:3.0.40", "cpe:/o:linux:linux_kernel:3.11.3", "cpe:/o:linux:linux_kernel:3.0.67", "cpe:/o:linux:linux_kernel:3.10.10", "cpe:/o:linux:linux_kernel:3.1.3", "cpe:/o:linux:linux_kernel:3.0.45", "cpe:/o:linux:linux_kernel:3.0.7", "cpe:/o:linux:linux_kernel:3.12.15", "cpe:/o:linux:linux_kernel:3.0.20", "cpe:/o:linux:linux_kernel:3.16.1", "cpe:/o:linux:linux_kernel:3.0.31", "cpe:/o:linux:linux_kernel:3.10.3", "cpe:/o:linux:linux_kernel:3.12.17", "cpe:/o:linux:linux_kernel:3.10.12", "cpe:/o:linux:linux_kernel:3.0.49", "cpe:/o:linux:linux_kernel:3.0.12", "cpe:/o:linux:linux_kernel:3.0.41", "cpe:/o:linux:linux_kernel:3.10.6", "cpe:/o:linux:linux_kernel:3.0.59", "cpe:/o:linux:linux_kernel:3.0.15", "cpe:/o:linux:linux_kernel:3.0.50", "cpe:/o:linux:linux_kernel:3.0.23", "cpe:/o:linux:linux_kernel:3.0.44", "cpe:/o:linux:linux_kernel:3.1.10", "cpe:/o:linux:linux_kernel:3.10.19", "cpe:/o:linux:linux_kernel:3.11", "cpe:/o:linux:linux_kernel:3.0.13", "cpe:/o:linux:linux_kernel:3.13.7", "cpe:/o:linux:linux_kernel:3.0.5", "cpe:/o:linux:linux_kernel:3.12.11", "cpe:/o:linux:linux_kernel:3.0.39", "cpe:/o:linux:linux_kernel:3.10.20", "cpe:/o:linux:linux_kernel:3.15.3", "cpe:/o:linux:linux_kernel:3.0.3", "cpe:/o:linux:linux_kernel:3.11.7", "cpe:/o:linux:linux_kernel:3.0.63", "cpe:/o:linux:linux_kernel:3.10.26", "cpe:/o:linux:linux_kernel:3.13.10", "cpe:/o:linux:linux_kernel:3.0.14", "cpe:/o:linux:linux_kernel:3.14", "cpe:/o:linux:linux_kernel:3.0.28", "cpe:/o:linux:linux_kernel:3.10.0", "cpe:/o:linux:linux_kernel:3.0.25", "cpe:/o:linux:linux_kernel:3.15.2", "cpe:/o:linux:linux_kernel:3.13.4", "cpe:/o:linux:linux_kernel:3.0.56", "cpe:/o:linux:linux_kernel:3.0.1", "cpe:/o:linux:linux_kernel:3.12.13", "cpe:/o:linux:linux_kernel:3.10.27", "cpe:/o:linux:linux_kernel:3.0.58", "cpe:/o:linux:linux_kernel:3.0.8", "cpe:/o:linux:linux_kernel:3.10.24", "cpe:/o:linux:linux_kernel:3.0.66", "cpe:/o:linux:linux_kernel:3.0.60", "cpe:/o:linux:linux_kernel:3.14.3", "cpe:/o:linux:linux_kernel:3.12.5", "cpe:/o:linux:linux_kernel:3.0.65", "cpe:/o:linux:linux_kernel:3.12.1", "cpe:/o:linux:linux_kernel:3.13.2", "cpe:/o:linux:linux_kernel:3.11.8", "cpe:/o:linux:linux_kernel:3.0.62", "cpe:/o:linux:linux_kernel:3.10.28", "cpe:/o:linux:linux_kernel:3.0.55", "cpe:/o:linux:linux_kernel:3.1.1", "cpe:/o:linux:linux_kernel:3.0.46", "cpe:/o:linux:linux_kernel:3.11.4", "cpe:/o:linux:linux_kernel:3.13.6", "cpe:/o:linux:linux_kernel:3.11.9", "cpe:/o:linux:linux_kernel:3.10.8", "cpe:/o:linux:linux_kernel:3.11.2", "cpe:/o:linux:linux_kernel:3.0.18", "cpe:/o:linux:linux_kernel:3.0.19", "cpe:/o:linux:linux_kernel:3.1.5", "cpe:/o:linux:linux_kernel:3.0.26", "cpe:/o:linux:linux_kernel:3.10.25", "cpe:/o:linux:linux_kernel:3.13.5", "cpe:/o:linux:linux_kernel:3.10.16", "cpe:/o:linux:linux_kernel:3.0.68", "cpe:/o:linux:linux_kernel:3.15.1", "cpe:/o:linux:linux_kernel:3.0.37", "cpe:/o:linux:linux_kernel:3.0.34", "cpe:/o:linux:linux_kernel:3.10.1", "cpe:/o:linux:linux_kernel:3.0", "cpe:/o:linux:linux_kernel:3.13.9", "cpe:/o:linux:linux_kernel:3.12.2", "cpe:/o:linux:linux_kernel:3.0.32", "cpe:/o:linux:linux_kernel:3.17.3", "cpe:/o:linux:linux_kernel:3.14.2", "cpe:/o:linux:linux_kernel:3.0.16", "cpe:/o:linux:linux_kernel:3.0.38", "cpe:/o:linux:linux_kernel:3.13.3", "cpe:/o:linux:linux_kernel:3.1.9", "cpe:/o:linux:linux_kernel:3.10.5", "cpe:/o:linux:linux_kernel:3.0.2", "cpe:/o:linux:linux_kernel:3.0.53", "cpe:/o:linux:linux_kernel:3.0.4", "cpe:/o:linux:linux_kernel:3.0.42", "cpe:/o:linux:linux_kernel:3.13", "cpe:/o:linux:linux_kernel:3.0.21", "cpe:/o:linux:linux_kernel:3.0.29", "cpe:/o:linux:linux_kernel:3.2", "cpe:/o:linux:linux_kernel:3.13.11", "cpe:/o:linux:linux_kernel:3.17.2", "cpe:/o:linux:linux_kernel:3.14.1", "cpe:/o:linux:linux_kernel:3.0.43", "cpe:/o:linux:linux_kernel:3.0.11", "cpe:/o:linux:linux_kernel:3.10.13", "cpe:/o:linux:linux_kernel:3.12.6", "cpe:/o:linux:linux_kernel:3.12.7", "cpe:/o:linux:linux_kernel:3.0.35", "cpe:/o:linux:linux_kernel:3.0.52", "cpe:/o:linux:linux_kernel:3.12", "cpe:/o:linux:linux_kernel:3.0.51", "cpe:/o:linux:linux_kernel:3.10.23", "cpe:/o:linux:linux_kernel:3.0.48", "cpe:/o:linux:linux_kernel:3.15", "cpe:/o:linux:linux_kernel:3.0.54", "cpe:/o:linux:linux_kernel:3.15.7", "cpe:/o:linux:linux_kernel:3.11.5", "cpe:/o:linux:linux_kernel:3.12.12", "cpe:/o:linux:linux_kernel:3.1", "cpe:/o:linux:linux_kernel:3.13.1", "cpe:/o:linux:linux_kernel:3.10.11", "cpe:/o:linux:linux_kernel:3.1.6", "cpe:/o:linux:linux_kernel:3.15.4", "cpe:/o:linux:linux_kernel:3.0.22", "cpe:/o:linux:linux_kernel:3.0.24", "cpe:/o:linux:linux_kernel:3.10.15", "cpe:/o:linux:linux_kernel:3.10.29", "cpe:/o:linux:linux_kernel:3.1.8", "cpe:/o:linux:linux_kernel:3.12.16", "cpe:/o:linux:linux_kernel:3.1.2", "cpe:/o:linux:linux_kernel:3.12.4", "cpe:/o:linux:linux_kernel:3.17.1", "cpe:/o:linux:linux_kernel:3.14.5", "cpe:/o:linux:linux_kernel:3.10.2", "cpe:/o:linux:linux_kernel:3.13.8", "cpe:/o:linux:linux_kernel:3.11.1", "cpe:/o:linux:linux_kernel:3.10.22", "cpe:/o:linux:linux_kernel:3.17", "cpe:/o:linux:linux_kernel:3.15.6", "cpe:/o:linux:linux_kernel:3.11.10", "cpe:/o:linux:linux_kernel:3.12.9"], "id": "CVE-2014-8989", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8989", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.14:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.0:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.14:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.53:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.68:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.14.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.37:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.47:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.13.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.14.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.15.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.15.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.13.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.39:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.2:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.10.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.15.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.13.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.43:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.14:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.13.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.8:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.0.44:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.59:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.62:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.45:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.15.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.15.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.66:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.16.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.14:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.3:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.10.9:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.0.54:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.5:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.0.49:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.14:-:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.64:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.42:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.13.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.14.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.14.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.51:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.61:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.13.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.32:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.55:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.57:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.31:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.14:rc8:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.36:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.40:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.60:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.13.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.11.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.41:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.56:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.34:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.48:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.35:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.13.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.15.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.13.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.50:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.13.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.17.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.7:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.12.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.17.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.14:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.15.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.6:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.33:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.63:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.16.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.14:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.13.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.14.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.15.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.52:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.1:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.10.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.17.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.4:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.0.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.46:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.65:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.58:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.38:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.14:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.67:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc7:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:03:06", "description": "The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call.", "edition": 5, "cvss3": {}, "published": "2015-08-31T10:59:00", "title": "CVE-2015-5697", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5697"], "modified": "2017-09-21T01:29:00", "cpe": ["cpe:/o:linux:linux_kernel:4.1.5"], "id": "CVE-2015-5697", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5697", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.1.5:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:58:29", "description": "The batadv_frag_merge_packets function in net/batman-adv/fragmentation.c in the B.A.T.M.A.N. implementation in the Linux kernel through 3.18.1 uses an incorrect length field during a calculation of an amount of memory, which allows remote attackers to cause a denial of service (mesh-node system crash) via fragmented packets.", "edition": 5, "cvss3": {}, "published": "2015-01-02T21:59:00", "title": "CVE-2014-9428", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9428"], "modified": "2015-04-18T01:59:00", "cpe": ["cpe:/o:linux:linux_kernel:3.18.1"], "id": "CVE-2014-9428", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9428", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.18.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:58:29", "description": "The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address.", "edition": 5, "cvss3": {}, "published": "2014-12-26T00:59:00", "title": "CVE-2014-9419", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9419"], "modified": "2018-01-05T02:29:00", "cpe": ["cpe:/o:linux:linux_kernel:3.18.1"], "id": "CVE-2014-9419", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9419", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.18.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:58:28", "description": "The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value.", "edition": 8, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 1.4}, "published": "2014-12-12T18:59:00", "title": "CVE-2014-8134", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8134"], "modified": "2020-08-14T18:22:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:opensuse:opensuse:13.1", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:opensuse:evergreen:11.4", "cpe:/o:linux:linux_kernel:3.18", "cpe:/o:suse:suse_linux_enterprise_server:11", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2014-8134", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8134", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.18:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp2:*:*:ltss:*:*:*", "cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*"]}, {"lastseen": "2020-12-09T19:58:28", "description": "The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.", "edition": 5, "cvss3": {}, "published": "2015-03-16T10:59:00", "title": "CVE-2014-8159", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8159"], "modified": "2019-04-22T17:48:00", "cpe": ["cpe:/o:linux:linux_kernel:2.6.32", "cpe:/o:redhat:enterprise_linux:6.0"], "id": "CVE-2014-8159", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8159", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.32:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:58:29", "description": "Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.", "edition": 6, "cvss3": {}, "published": "2015-01-09T21:59:00", "title": "CVE-2014-9529", "type": "cve", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9529"], "modified": "2020-05-21T17:41:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_tus:7.6", "cpe:/o:redhat:enterprise_linux_server_eus:7.4", "cpe:/o:redhat:enterprise_linux_server_aus:7.3", "cpe:/o:linux:linux_kernel:3.18.2", "cpe:/o:opensuse:opensuse:13.1", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:fedoraproject:fedora:21", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:redhat:enterprise_linux_server_eus:7.3", "cpe:/o:redhat:enterprise_linux_server_eus:7.7", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.5", "cpe:/o:redhat:enterprise_linux_server_aus:7.4", "cpe:/o:redhat:enterprise_linux_server_aus:7.6", "cpe:/o:redhat:enterprise_linux_server_tus:7.7", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:fedoraproject:fedora:20", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:canonical:ubuntu_linux:10.04", "cpe:/o:redhat:enterprise_linux_server_eus:6.6", "cpe:/o:redhat:enterprise_linux_server_tus:7.3", "cpe:/o:redhat:enterprise_linux_server_aus:7.7", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.1", "cpe:/o:redhat:enterprise_linux_server_tus:6.6", "cpe:/o:redhat:enterprise_linux_server_aus:6.6", "cpe:/o:redhat:enterprise_linux_server_eus:7.6", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2014-9529", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9529", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.18.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2020-12-09T19:58:29", "description": "The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite.", "edition": 5, "cvss3": {}, "published": "2014-11-30T01:59:00", "title": "CVE-2014-9090", "type": "cve", "cwe": ["CWE-17"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9090"], "modified": "2015-06-04T02:01:00", "cpe": ["cpe:/o:linux:linux_kernel:3.0.57", "cpe:/o:linux:linux_kernel:3.12.8", "cpe:/o:linux:linux_kernel:3.0.36", "cpe:/o:linux:linux_kernel:3.11.6", "cpe:/o:linux:linux_kernel:3.1.4", "cpe:/o:linux:linux_kernel:3.1.7", "cpe:/o:linux:linux_kernel:3.0.30", "cpe:/o:linux:linux_kernel:3.0.64", "cpe:/o:linux:linux_kernel:3.14.4", "cpe:/o:linux:linux_kernel:3.10.17", "cpe:/o:linux:linux_kernel:3.10", "cpe:/o:linux:linux_kernel:3.0.27", "cpe:/o:linux:linux_kernel:3.0.61", "cpe:/o:linux:linux_kernel:3.10.18", "cpe:/o:linux:linux_kernel:3.0.33", "cpe:/o:linux:linux_kernel:3.10.21", "cpe:/o:linux:linux_kernel:3.0.47", "cpe:/o:linux:linux_kernel:3.15.8", "cpe:/o:linux:linux_kernel:3.10.4", "cpe:/o:linux:linux_kernel:3.0.9", "cpe:/o:linux:linux_kernel:3.12.3", "cpe:/o:linux:linux_kernel:3.0.6", "cpe:/o:linux:linux_kernel:3.16.0", "cpe:/o:linux:linux_kernel:3.12.14", "cpe:/o:linux:linux_kernel:3.10.7", "cpe:/o:linux:linux_kernel:3.10.9", "cpe:/o:linux:linux_kernel:3.0.17", "cpe:/o:linux:linux_kernel:3.0.10", "cpe:/o:linux:linux_kernel:3.12.10", "cpe:/o:linux:linux_kernel:3.10.14", "cpe:/o:linux:linux_kernel:3.15.5", "cpe:/o:linux:linux_kernel:3.0.40", "cpe:/o:linux:linux_kernel:3.11.3", "cpe:/o:linux:linux_kernel:3.0.67", "cpe:/o:linux:linux_kernel:3.10.10", "cpe:/o:linux:linux_kernel:3.1.3", "cpe:/o:linux:linux_kernel:3.0.45", "cpe:/o:linux:linux_kernel:3.0.7", "cpe:/o:linux:linux_kernel:3.12.15", "cpe:/o:linux:linux_kernel:3.0.20", "cpe:/o:linux:linux_kernel:3.16.1", "cpe:/o:linux:linux_kernel:3.0.31", "cpe:/o:linux:linux_kernel:3.10.3", "cpe:/o:linux:linux_kernel:3.12.17", "cpe:/o:linux:linux_kernel:3.10.12", "cpe:/o:linux:linux_kernel:3.0.49", "cpe:/o:linux:linux_kernel:3.0.12", "cpe:/o:linux:linux_kernel:3.0.41", "cpe:/o:linux:linux_kernel:3.10.6", "cpe:/o:linux:linux_kernel:3.0.59", "cpe:/o:linux:linux_kernel:3.0.15", "cpe:/o:linux:linux_kernel:3.0.50", "cpe:/o:linux:linux_kernel:3.0.23", "cpe:/o:linux:linux_kernel:3.0.44", "cpe:/o:linux:linux_kernel:3.1.10", "cpe:/o:linux:linux_kernel:3.10.19", "cpe:/o:linux:linux_kernel:3.11", "cpe:/o:linux:linux_kernel:3.0.13", "cpe:/o:linux:linux_kernel:3.13.7", "cpe:/o:linux:linux_kernel:3.0.5", "cpe:/o:linux:linux_kernel:3.12.11", "cpe:/o:linux:linux_kernel:3.0.39", "cpe:/o:linux:linux_kernel:3.10.20", "cpe:/o:linux:linux_kernel:3.15.3", "cpe:/o:linux:linux_kernel:3.0.3", "cpe:/o:linux:linux_kernel:3.11.7", "cpe:/o:linux:linux_kernel:3.0.63", "cpe:/o:linux:linux_kernel:3.10.26", "cpe:/o:linux:linux_kernel:3.13.10", "cpe:/o:linux:linux_kernel:3.0.14", "cpe:/o:linux:linux_kernel:3.14", "cpe:/o:linux:linux_kernel:3.0.28", "cpe:/o:linux:linux_kernel:3.10.0", "cpe:/o:linux:linux_kernel:3.0.25", "cpe:/o:linux:linux_kernel:3.15.2", "cpe:/o:linux:linux_kernel:3.13.4", "cpe:/o:linux:linux_kernel:3.0.56", "cpe:/o:linux:linux_kernel:3.0.1", "cpe:/o:linux:linux_kernel:3.12.13", "cpe:/o:linux:linux_kernel:3.10.27", "cpe:/o:linux:linux_kernel:3.0.58", "cpe:/o:linux:linux_kernel:3.0.8", "cpe:/o:linux:linux_kernel:3.10.24", "cpe:/o:linux:linux_kernel:3.0.66", "cpe:/o:linux:linux_kernel:3.0.60", "cpe:/o:linux:linux_kernel:3.14.3", "cpe:/o:linux:linux_kernel:3.12.5", "cpe:/o:linux:linux_kernel:3.0.65", "cpe:/o:linux:linux_kernel:3.12.1", "cpe:/o:linux:linux_kernel:3.13.2", "cpe:/o:linux:linux_kernel:3.11.8", "cpe:/o:linux:linux_kernel:3.0.62", "cpe:/o:linux:linux_kernel:3.10.28", "cpe:/o:linux:linux_kernel:3.0.55", "cpe:/o:linux:linux_kernel:3.1.1", "cpe:/o:linux:linux_kernel:3.0.46", "cpe:/o:linux:linux_kernel:3.11.4", "cpe:/o:linux:linux_kernel:3.13.6", "cpe:/o:linux:linux_kernel:3.11.9", "cpe:/o:linux:linux_kernel:3.10.8", "cpe:/o:linux:linux_kernel:3.11.2", "cpe:/o:linux:linux_kernel:3.0.18", "cpe:/o:linux:linux_kernel:3.0.19", "cpe:/o:linux:linux_kernel:3.1.5", "cpe:/o:linux:linux_kernel:3.0.26", "cpe:/o:linux:linux_kernel:3.10.25", "cpe:/o:linux:linux_kernel:3.13.5", "cpe:/o:linux:linux_kernel:3.10.16", "cpe:/o:linux:linux_kernel:3.0.68", "cpe:/o:linux:linux_kernel:3.15.1", "cpe:/o:linux:linux_kernel:3.0.37", "cpe:/o:linux:linux_kernel:3.0.34", "cpe:/o:linux:linux_kernel:3.10.1", "cpe:/o:linux:linux_kernel:3.0", "cpe:/o:linux:linux_kernel:3.13.9", "cpe:/o:linux:linux_kernel:3.12.2", "cpe:/o:linux:linux_kernel:3.0.32", "cpe:/o:linux:linux_kernel:3.17.3", "cpe:/o:linux:linux_kernel:3.14.2", "cpe:/o:linux:linux_kernel:3.0.16", "cpe:/o:linux:linux_kernel:3.0.38", "cpe:/o:linux:linux_kernel:3.13.3", "cpe:/o:linux:linux_kernel:3.1.9", "cpe:/o:linux:linux_kernel:3.10.5", "cpe:/o:linux:linux_kernel:3.0.2", "cpe:/o:linux:linux_kernel:3.0.53", "cpe:/o:linux:linux_kernel:3.0.4", "cpe:/o:linux:linux_kernel:3.0.42", "cpe:/o:linux:linux_kernel:3.13", "cpe:/o:linux:linux_kernel:3.0.21", "cpe:/o:linux:linux_kernel:3.0.29", "cpe:/o:linux:linux_kernel:3.2", "cpe:/o:linux:linux_kernel:3.13.11", "cpe:/o:linux:linux_kernel:3.17.2", "cpe:/o:linux:linux_kernel:3.14.1", "cpe:/o:linux:linux_kernel:3.0.43", "cpe:/o:linux:linux_kernel:3.0.11", "cpe:/o:linux:linux_kernel:3.10.13", "cpe:/o:linux:linux_kernel:3.12.6", "cpe:/o:linux:linux_kernel:3.12.7", "cpe:/o:linux:linux_kernel:3.0.35", "cpe:/o:linux:linux_kernel:3.0.52", "cpe:/o:linux:linux_kernel:3.12", "cpe:/o:linux:linux_kernel:3.0.51", "cpe:/o:linux:linux_kernel:3.10.23", "cpe:/o:linux:linux_kernel:3.0.48", "cpe:/o:linux:linux_kernel:3.15", "cpe:/o:linux:linux_kernel:3.0.54", "cpe:/o:linux:linux_kernel:3.15.7", "cpe:/o:linux:linux_kernel:3.11.5", "cpe:/o:linux:linux_kernel:3.12.12", "cpe:/o:linux:linux_kernel:3.1", "cpe:/o:linux:linux_kernel:3.13.1", "cpe:/o:linux:linux_kernel:3.10.11", "cpe:/o:linux:linux_kernel:3.1.6", "cpe:/o:linux:linux_kernel:3.15.4", "cpe:/o:linux:linux_kernel:3.0.22", "cpe:/o:linux:linux_kernel:3.0.24", "cpe:/o:linux:linux_kernel:3.10.15", "cpe:/o:linux:linux_kernel:3.10.29", "cpe:/o:linux:linux_kernel:3.1.8", "cpe:/o:linux:linux_kernel:3.12.16", "cpe:/o:linux:linux_kernel:3.1.2", "cpe:/o:linux:linux_kernel:3.12.4", "cpe:/o:linux:linux_kernel:3.17.1", "cpe:/o:linux:linux_kernel:3.14.5", "cpe:/o:linux:linux_kernel:3.10.2", "cpe:/o:linux:linux_kernel:3.13.8", "cpe:/o:linux:linux_kernel:3.11.1", "cpe:/o:linux:linux_kernel:3.10.22", "cpe:/o:linux:linux_kernel:3.17", "cpe:/o:linux:linux_kernel:3.15.6", "cpe:/o:linux:linux_kernel:3.11.10", "cpe:/o:linux:linux_kernel:3.12.9"], "id": "CVE-2014-9090", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9090", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.14:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.0:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.14:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.53:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.68:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.14.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.37:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.47:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.13.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.14.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.15.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.15.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.13.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.39:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.2:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.10.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.15.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.13.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.43:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.14:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.13.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.8:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.0.44:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.59:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.62:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.45:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.15.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.15.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.66:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.16.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.14:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.3:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.10.9:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.0.54:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.5:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.0.49:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.14:-:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.64:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.42:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.13.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.14.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.14.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.51:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.61:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.13.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.32:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.55:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.57:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.31:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.14:rc8:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.36:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.40:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.60:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.13.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.11.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.41:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.56:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.34:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.48:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.35:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.13.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.15.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.13.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.50:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.13.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.17.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.7:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.12.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.17.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.14:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.15.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.6:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.33:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.63:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.16.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.14:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.13.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.14.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.15.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.52:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.1:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.10.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.17.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.4:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.0.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.46:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.65:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.58:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.38:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.14:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.67:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc7:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:58:29", "description": "The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.", "edition": 6, "cvss3": {}, "published": "2015-01-09T21:59:00", "title": "CVE-2014-9585", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9585"], "modified": "2020-05-21T20:35:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_tus:7.6", "cpe:/o:redhat:enterprise_linux_server_eus:7.4", "cpe:/o:redhat:enterprise_linux_server_aus:7.3", "cpe:/o:suse:linux_enterprise_desktop:12", "cpe:/o:linux:linux_kernel:3.18.2", "cpe:/o:opensuse:opensuse:13.1", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:fedoraproject:fedora:21", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:redhat:enterprise_linux_aus:6.6", "cpe:/o:redhat:enterprise_linux_server_eus:7.3", "cpe:/o:redhat:enterprise_linux_server_eus:7.7", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_eus:6.6", "cpe:/o:redhat:enterprise_linux_server_eus:7.5", "cpe:/o:suse:linux_enterprise_software_development_kit:12", "cpe:/o:redhat:enterprise_linux_server_aus:7.4", "cpe:/o:suse:linux_enterprise_workstation_extension:12", "cpe:/o:redhat:enterprise_linux_server_aus:7.6", "cpe:/o:redhat:enterprise_linux_server_tus:7.7", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_server_tus:7.3", "cpe:/o:suse:linux_enterprise_server:12", "cpe:/o:redhat:enterprise_linux_server_aus:7.7", "cpe:/o:suse:linux_enterprise_real_time_extension:11", "cpe:/o:opensuse:evergreen:11.4", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:suse:linux_enterprise_server:11", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.1", "cpe:/o:redhat:enterprise_linux_server_tus:6.6", "cpe:/o:redhat:enterprise_linux_server_eus:7.6", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2014-9585", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9585", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_aus:6.6:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.18.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*", "cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:6.6:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*"]}, {"lastseen": "2020-12-09T19:58:28", "description": "arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a set_thread_area system call and later reads a 16-bit value.", "edition": 5, "cvss3": {}, "published": "2014-12-17T11:59:00", "title": "CVE-2014-8133", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8133"], "modified": "2016-12-24T02:59:00", "cpe": ["cpe:/o:linux:linux_kernel:3.0.57", "cpe:/o:linux:linux_kernel:3.7", "cpe:/o:linux:linux_kernel:3.12.8", "cpe:/o:linux:linux_kernel:3.0.36", "cpe:/o:linux:linux_kernel:3.4.4", "cpe:/o:linux:linux_kernel:3.9", "cpe:/o:linux:linux_kernel:3.11.6", "cpe:/o:linux:linux_kernel:3.4.30", "cpe:/o:linux:linux_kernel:3.1.4", "cpe:/o:linux:linux_kernel:3.1.7", "cpe:/o:linux:linux_kernel:3.4.54", "cpe:/o:linux:linux_kernel:3.0.30", "cpe:/o:linux:linux_kernel:3.0.64", "cpe:/o:linux:linux_kernel:3.4.57", "cpe:/o:linux:linux_kernel:3.14.4", "cpe:/o:linux:linux_kernel:3.4.10", "cpe:/o:linux:linux_kernel:3.4.69", "cpe:/o:linux:linux_kernel:3.2.14", "cpe:/o:linux:linux_kernel:3.10.17", "cpe:/o:linux:linux_kernel:3.10", "cpe:/o:linux:linux_kernel:3.4.27", "cpe:/o:linux:linux_kernel:3.0.27", "cpe:/o:linux:linux_kernel:3.4.65", "cpe:/o:linux:linux_kernel:3.2.7", "cpe:/o:linux:linux_kernel:3.8.9", "cpe:/o:linux:linux_kernel:3.8.4", "cpe:/o:linux:linux_kernel:3.0.61", "cpe:/o:linux:linux_kernel:3.4.75", "cpe:/o:linux:linux_kernel:3.10.18", "cpe:/o:linux:linux_kernel:3.4.19", "cpe:/o:linux:linux_kernel:3.4.21", "cpe:/o:linux:linux_kernel:3.2.24", "cpe:/o:linux:linux_kernel:3.2.25", "cpe:/o:linux:linux_kernel:3.4.39", "cpe:/o:linux:linux_kernel:3.5.5", "cpe:/o:linux:linux_kernel:3.4.61", "cpe:/o:linux:linux_kernel:3.0.33", "cpe:/o:linux:linux_kernel:3.10.21", "cpe:/o:linux:linux_kernel:3.3.6", "cpe:/o:linux:linux_kernel:3.2.8", "cpe:/o:linux:linux_kernel:3.0.47", "cpe:/o:linux:linux_kernel:3.15.8", "cpe:/o:linux:linux_kernel:3.10.4", "cpe:/o:linux:linux_kernel:3.0.9", "cpe:/o:linux:linux_kernel:3.12.3", "cpe:/o:linux:linux_kernel:3.4.23", "cpe:/o:linux:linux_kernel:3.4.2", "cpe:/o:linux:linux_kernel:3.4.13", "cpe:/o:linux:linux_kernel:3.2.29", "cpe:/o:linux:linux_kernel:3.2.18", "cpe:/o:linux:linux_kernel:3.0.6", "cpe:/o:linux:linux_kernel:3.16.0", "cpe:/o:linux:linux_kernel:3.12.14", "cpe:/o:linux:linux_kernel:3.10.7", "cpe:/o:linux:linux_kernel:3.4.62", "cpe:/o:linux:linux_kernel:3.6.10", "cpe:/o:linux:linux_kernel:3.6.5", "cpe:/o:linux:linux_kernel:3.10.9", "cpe:/o:linux:linux_kernel:3.0.17", "cpe:/o:linux:linux_kernel:3.6", "cpe:/o:linux:linux_kernel:3.2.23", "cpe:/o:linux:linux_kernel:3.0.10", "cpe:/o:linux:linux_kernel:3.12.10", "cpe:/o:linux:linux_kernel:3.6.3", "cpe:/o:linux:linux_kernel:3.10.14", "cpe:/o:linux:linux_kernel:3.15.5", "cpe:/o:linux:linux_kernel:3.4.42", "cpe:/o:linux:linux_kernel:3.4.66", "cpe:/o:linux:linux_kernel:3.7.3", "cpe:/o:linux:linux_kernel:3.8.10", "cpe:/o:linux:linux_kernel:3.8.12", "cpe:/o:linux:linux_kernel:3.7.8", "cpe:/o:linux:linux_kernel:3.0.40", "cpe:/o:linux:linux_kernel:3.11.3", "cpe:/o:linux:linux_kernel:3.0.67", "cpe:/o:linux:linux_kernel:3.4.50", "cpe:/o:linux:linux_kernel:3.10.10", "cpe:/o:linux:linux_kernel:3.1.3", "cpe:/o:linux:linux_kernel:3.0.45", "cpe:/o:linux:linux_kernel:3.0.7", "cpe:/o:linux:linux_kernel:3.12.15", "cpe:/o:linux:linux_kernel:3.3", "cpe:/o:linux:linux_kernel:3.0.20", "cpe:/o:linux:linux_kernel:3.2.30", "cpe:/o:linux:linux_kernel:3.16.1", "cpe:/o:linux:linux_kernel:3.0.31", "cpe:/o:linux:linux_kernel:3.10.3", "cpe:/o:linux:linux_kernel:3.4.9", "cpe:/o:linux:linux_kernel:3.12.17", "cpe:/o:linux:linux_kernel:3.10.12", "cpe:/o:linux:linux_kernel:3.0.49", "cpe:/o:linux:linux_kernel:3.2.13", "cpe:/o:linux:linux_kernel:3.4.24", "cpe:/o:linux:linux_kernel:3.0.12", "cpe:/o:linux:linux_kernel:3.0.41", "cpe:/o:linux:linux_kernel:3.10.6", "cpe:/o:linux:linux_kernel:3.0.59", "cpe:/o:linux:linux_kernel:3.0.15", "cpe:/o:linux:linux_kernel:3.8.3", "cpe:/o:linux:linux_kernel:3.2.27", "cpe:/o:linux:linux_kernel:3.0.50", "cpe:/o:linux:linux_kernel:3.0.23", "cpe:/o:linux:linux_kernel:3.4.52", "cpe:/o:linux:linux_kernel:3.8.13", "cpe:/o:linux:linux_kernel:3.0.44", "cpe:/o:linux:linux_kernel:3.8.5", "cpe:/o:linux:linux_kernel:3.1.10", "cpe:/o:linux:linux_kernel:3.9.11", "cpe:/o:linux:linux_kernel:3.4.6", "cpe:/o:linux:linux_kernel:3.10.19", "cpe:/o:linux:linux_kernel:3.11", "cpe:/o:linux:linux_kernel:3.0.13", "cpe:/o:linux:linux_kernel:3.9.5", "cpe:/o:linux:linux_kernel:3.13.7", "cpe:/o:linux:linux_kernel:3.6.1", "cpe:/o:linux:linux_kernel:3.4.33", "cpe:/o:linux:linux_kernel:3.0.5", "cpe:/o:linux:linux_kernel:3.12.11", "cpe:/o:linux:linux_kernel:3.0.39", "cpe:/o:linux:linux_kernel:3.5.1", "cpe:/o:linux:linux_kernel:3.4.48", "cpe:/o:linux:linux_kernel:3.10.20", "cpe:/o:linux:linux_kernel:3.15.3", "cpe:/o:linux:linux_kernel:3.4.40", "cpe:/o:linux:linux_kernel:3.0.3", "cpe:/o:linux:linux_kernel:3.4.46", "cpe:/o:linux:linux_kernel:3.11.7", "cpe:/o:linux:linux_kernel:3.0.63", "cpe:/o:linux:linux_kernel:3.10.26", "cpe:/o:linux:linux_kernel:3.2.28", "cpe:/o:linux:linux_kernel:3.13.10", "cpe:/o:linux:linux_kernel:3.3.4", "cpe:/o:linux:linux_kernel:3.3.7", "cpe:/o:linux:linux_kernel:3.0.14", "cpe:/o:linux:linux_kernel:3.14", "cpe:/o:linux:linux_kernel:3.0.28", "cpe:/o:linux:linux_kernel:3.10.0", "cpe:/o:linux:linux_kernel:3.0.25", "cpe:/o:linux:linux_kernel:3.4.47", "cpe:/o:linux:linux_kernel:3.9.1", "cpe:/o:linux:linux_kernel:3.15.2", "cpe:/o:linux:linux_kernel:3.13.4", "cpe:/o:linux:linux_kernel:3.17.4", "cpe:/o:linux:linux_kernel:3.0.56", "cpe:/o:linux:linux_kernel:3.0.1", "cpe:/o:linux:linux_kernel:3.12.13", "cpe:/o:linux:linux_kernel:3.2.3", "cpe:/o:linux:linux_kernel:3.10.27", "cpe:/o:linux:linux_kernel:3.7.2", "cpe:/o:linux:linux_kernel:3.0.58", "cpe:/o:linux:linux_kernel:3.0.8", "cpe:/o:linux:linux_kernel:3.4.78", "cpe:/o:linux:linux_kernel:3.10.24", "cpe:/o:linux:linux_kernel:3.0.66", "cpe:/o:linux:linux_kernel:3.2.17", "cpe:/o:linux:linux_kernel:3.0.60", "cpe:/o:linux:linux_kernel:3.2.6", "cpe:/o:linux:linux_kernel:3.7.5", "cpe:/o:linux:linux_kernel:3.14.3", "cpe:/o:linux:linux_kernel:3.2.1", "cpe:/o:linux:linux_kernel:3.4.3", "cpe:/o:linux:linux_kernel:3.12.5", "cpe:/o:linux:linux_kernel:3.4.32", "cpe:/o:linux:linux_kernel:3.3.2", "cpe:/o:linux:linux_kernel:3.0.65", "cpe:/o:linux:linux_kernel:3.4.41", "cpe:/o:linux:linux_kernel:3.4.20", "cpe:/o:linux:linux_kernel:3.12.1", "cpe:/o:linux:linux_kernel:3.3.3", "cpe:/o:linux:linux_kernel:3.2.19", "cpe:/o:linux:linux_kernel:3.13.2", "cpe:/o:linux:linux_kernel:3.7.7", "cpe:/o:linux:linux_kernel:3.4.37", "cpe:/o:linux:linux_kernel:3.11.8", "cpe:/o:linux:linux_kernel:3.2.16", "cpe:/o:linux:linux_kernel:3.0.62", "cpe:/o:linux:linux_kernel:3.10.28", "cpe:/o:linux:linux_kernel:3.0.55", "cpe:/o:linux:linux_kernel:3.1.1", "cpe:/o:linux:linux_kernel:3.4.74", "cpe:/o:linux:linux_kernel:3.2.5", "cpe:/o:linux:linux_kernel:3.9.3", "cpe:/o:linux:linux_kernel:3.0.46", "cpe:/o:linux:linux_kernel:3.11.4", "cpe:/o:linux:linux_kernel:3.13.6", "cpe:/o:linux:linux_kernel:3.6.6", "cpe:/o:linux:linux_kernel:3.2.2", "cpe:/o:linux:linux_kernel:3.11.9", "cpe:/o:linux:linux_kernel:3.10.8", "cpe:/o:linux:linux_kernel:3.7.6", "cpe:/o:linux:linux_kernel:3.11.2", "cpe:/o:linux:linux_kernel:3.5.6", "cpe:/o:linux:linux_kernel:3.4.22", "cpe:/o:linux:linux_kernel:3.9.9", "cpe:/o:linux:linux_kernel:3.0.18", "cpe:/o:linux:linux_kernel:3.4.53", "cpe:/o:linux:linux_kernel:3.4.26", "cpe:/o:linux:linux_kernel:3.0.19", "cpe:/o:linux:linux_kernel:3.1.5", "cpe:/o:linux:linux_kernel:3.0.26", "cpe:/o:linux:linux_kernel:3.8.1", "cpe:/o:linux:linux_kernel:3.4.72", "cpe:/o:linux:linux_kernel:3.10.25", "cpe:/o:linux:linux_kernel:3.13.5", "cpe:/o:linux:linux_kernel:3.4", "cpe:/o:linux:linux_kernel:3.4.17", "cpe:/o:linux:linux_kernel:3.10.16", "cpe:/o:linux:linux_kernel:3.6.9", "cpe:/o:linux:linux_kernel:3.18.1", "cpe:/o:linux:linux_kernel:3.0.68", "cpe:/o:linux:linux_kernel:3.15.1", "cpe:/o:linux:linux_kernel:3.8.7", "cpe:/o:linux:linux_kernel:3.0.37", "cpe:/o:linux:linux_kernel:3.0.34", "cpe:/o:linux:linux_kernel:3.10.1", "cpe:/o:linux:linux_kernel:3.0", "cpe:/o:linux:linux_kernel:3.13.9", "cpe:/o:linux:linux_kernel:3.12.2", "cpe:/o:linux:linux_kernel:3.0.32", "cpe:/o:linux:linux_kernel:3.17.3", "cpe:/o:linux:linux_kernel:3.7.10", "cpe:/o:linux:linux_kernel:3.14.2", "cpe:/o:linux:linux_kernel:3.4.55", "cpe:/o:linux:linux_kernel:3.3.8", "cpe:/o:linux:linux_kernel:3.0.16", "cpe:/o:linux:linux_kernel:3.4.64", "cpe:/o:linux:linux_kernel:3.0.38", "cpe:/o:linux:linux_kernel:3.13.3", "cpe:/o:linux:linux_kernel:3.2.4", "cpe:/o:linux:linux_kernel:3.4.29", "cpe:/o:linux:linux_kernel:3.4.15", "cpe:/o:linux:linux_kernel:3.2.15", "cpe:/o:linux:linux_kernel:3.1.9", "cpe:/o:linux:linux_kernel:3.4.18", "cpe:/o:linux:linux_kernel:3.2.20", "cpe:/o:linux:linux_kernel:3.8.8", "cpe:/o:linux:linux_kernel:3.4.71", "cpe:/o:linux:linux_kernel:3.2.12", "cpe:/o:linux:linux_kernel:3.2.21", "cpe:/o:linux:linux_kernel:3.10.5", "cpe:/o:linux:linux_kernel:3.0.2", "cpe:/o:linux:linux_kernel:3.4.76", "cpe:/o:linux:linux_kernel:3.4.8", "cpe:/o:linux:linux_kernel:3.2.11", "cpe:/o:linux:linux_kernel:3.4.36", "cpe:/o:linux:linux_kernel:3.5.7", "cpe:/o:linux:linux_kernel:3.2.22", "cpe:/o:linux:linux_kernel:3.0.53", "cpe:/o:linux:linux_kernel:3.0.4", "cpe:/o:linux:linux_kernel:3.0.42", "cpe:/o:linux:linux_kernel:3.13", "cpe:/o:linux:linux_kernel:3.9.6", "cpe:/o:linux:linux_kernel:3.0.21", "cpe:/o:linux:linux_kernel:3.2.9", "cpe:/o:linux:linux_kernel:3.9.2", "cpe:/o:linux:linux_kernel:3.4.68", "cpe:/o:linux:linux_kernel:3.4.38", "cpe:/o:linux:linux_kernel:3.4.60", "cpe:/o:linux:linux_kernel:3.9.0", "cpe:/o:linux:linux_kernel:3.4.45", "cpe:/o:linux:linux_kernel:3.4.70", "cpe:/o:linux:linux_kernel:3.4.34", "cpe:/o:linux:linux_kernel:3.9.8", "cpe:/o:linux:linux_kernel:3.4.28", "cpe:/o:linux:linux_kernel:3.4.79", "cpe:/o:linux:linux_kernel:3.6.7", "cpe:/o:linux:linux_kernel:3.4.44", "cpe:/o:linux:linux_kernel:3.0.29", "cpe:/o:linux:linux_kernel:3.2", "cpe:/o:linux:linux_kernel:3.4.7", "cpe:/o:linux:linux_kernel:3.13.11", "cpe:/o:linux:linux_kernel:3.4.59", "cpe:/o:linux:linux_kernel:3.5.4", "cpe:/o:linux:linux_kernel:3.17.2", "cpe:/o:linux:linux_kernel:3.4.56", "cpe:/o:linux:linux_kernel:3.14.1", "cpe:/o:linux:linux_kernel:3.8.0", "cpe:/o:linux:linux_kernel:3.4.25", "cpe:/o:linux:linux_kernel:3.3.5", "cpe:/o:linux:linux_kernel:3.5.3", "cpe:/o:linux:linux_kernel:3.4.14", "cpe:/o:linux:linux_kernel:3.0.43", "cpe:/o:linux:linux_kernel:3.0.11", "cpe:/o:linux:linux_kernel:3.7.4", "cpe:/o:linux:linux_kernel:3.5.2", "cpe:/o:linux:linux_kernel:3.10.13", "cpe:/o:linux:linux_kernel:3.18", "cpe:/o:linux:linux_kernel:3.12.6", "cpe:/o:linux:linux_kernel:3.12.7", "cpe:/o:linux:linux_kernel:3.4.49", "cpe:/o:linux:linux_kernel:3.0.35", "cpe:/o:linux:linux_kernel:3.4.16", "cpe:/o:linux:linux_kernel:3.0.52", "cpe:/o:linux:linux_kernel:3.12", "cpe:/o:linux:linux_kernel:3.0.51", "cpe:/o:linux:linux_kernel:3.8.6", "cpe:/o:linux:linux_kernel:3.10.23", "cpe:/o:linux:linux_kernel:3.0.48", "cpe:/o:linux:linux_kernel:3.15", "cpe:/o:linux:linux_kernel:3.0.54", "cpe:/o:linux:linux_kernel:3.15.7", "cpe:/o:linux:linux_kernel:3.11.5", "cpe:/o:linux:linux_kernel:3.7.9", "cpe:/o:linux:linux_kernel:3.4.67", "cpe:/o:linux:linux_kernel:3.9.4", "cpe:/o:linux:linux_kernel:3.12.12", "cpe:/o:linux:linux_kernel:3.4.35", "cpe:/o:linux:linux_kernel:3.1", "cpe:/o:linux:linux_kernel:3.6.11", "cpe:/o:linux:linux_kernel:3.4.12", "cpe:/o:linux:linux_kernel:3.9.7", "cpe:/o:linux:linux_kernel:3.13.1", "cpe:/o:linux:linux_kernel:3.10.11", "cpe:/o:linux:linux_kernel:3.4.31", "cpe:/o:linux:linux_kernel:3.1.6", "cpe:/o:linux:linux_kernel:3.15.4", "cpe:/o:linux:linux_kernel:3.0.22", "cpe:/o:linux:linux_kernel:3.0.24", "cpe:/o:linux:linux_kernel:3.10.15", "cpe:/o:linux:linux_kernel:3.7.1", "cpe:/o:linux:linux_kernel:3.6.4", "cpe:/o:linux:linux_kernel:3.10.29", "cpe:/o:linux:linux_kernel:3.1.8", "cpe:/o:linux:linux_kernel:3.12.16", "cpe:/o:linux:linux_kernel:3.9.10", "cpe:/o:linux:linux_kernel:3.1.2", "cpe:/o:linux:linux_kernel:3.4.63", "cpe:/o:linux:linux_kernel:3.3.1", "cpe:/o:linux:linux_kernel:3.6.2", "cpe:/o:linux:linux_kernel:3.12.4", "cpe:/o:linux:linux_kernel:3.2.26", "cpe:/o:linux:linux_kernel:3.4.43", "cpe:/o:linux:linux_kernel:3.6.8", "cpe:/o:linux:linux_kernel:3.8.2", "cpe:/o:linux:linux_kernel:3.4.58", "cpe:/o:linux:linux_kernel:3.17.1", "cpe:/o:linux:linux_kernel:3.4.73", "cpe:/o:linux:linux_kernel:3.4.51", "cpe:/o:linux:linux_kernel:3.14.5", "cpe:/o:linux:linux_kernel:3.4.5", "cpe:/o:linux:linux_kernel:3.10.2", "cpe:/o:linux:linux_kernel:3.4.1", "cpe:/o:linux:linux_kernel:3.13.8", "cpe:/o:linux:linux_kernel:3.2.10", "cpe:/o:linux:linux_kernel:3.4.77", "cpe:/o:linux:linux_kernel:3.11.1", "cpe:/o:linux:linux_kernel:3.8.11", "cpe:/o:linux:linux_kernel:3.10.22", "cpe:/o:linux:linux_kernel:3.4.11", "cpe:/o:linux:linux_kernel:3.17", "cpe:/o:linux:linux_kernel:3.15.6", "cpe:/o:linux:linux_kernel:3.11.10", "cpe:/o:linux:linux_kernel:3.12.9"], "id": "CVE-2014-8133", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8133", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.9:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.14:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.0:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.4.55:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc6:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.14:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.53:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.68:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.59:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc7:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.11.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.73:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.68:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.14.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.64:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.51:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.10:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.37:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.42:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.17.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.38:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.47:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.13.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.65:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc5:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.14.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.15.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.15.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.13.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.39:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.2:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.1:*:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.52:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.31:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.54:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.9:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.11.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.15.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.13.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.43:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.14:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.13.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.8:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.44:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.33:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.18:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.59:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:*:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.62:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.45:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.15.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.15.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.66:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.3:*:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.18.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.16.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.5:*:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.14:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.3:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.10.9:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.0.54:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.3:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.10.5:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.4.71:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.49:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.46:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.14:-:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.62:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.4:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.10.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.60:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.50:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.36:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.64:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.42:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.13.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.2:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.14.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.14.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.34:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.67:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.51:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.79:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.61:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.47:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc4:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.9.11:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.2:*:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.13.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.48:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.32:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.55:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.45:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.57:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.31:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.76:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.14:rc8:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.36:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.40:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.60:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.37:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.13.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.57:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.11.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.4:*:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.0.41:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.56:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.39:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.34:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.48:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.70:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.35:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.13.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.53:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.17.3:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.15.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.13.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.66:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.41:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.69:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.50:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.6:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.13.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.74:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.17.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.7:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.2.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.5:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.17.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.72:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.77:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.14:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.32:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.15.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.0:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.9.7:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.10.6:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.40:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.33:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.63:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.11.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.16.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.49:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.14:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.13.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.14.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.15.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.52:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.1:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.9.8:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.63:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.61:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.17.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.75:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.4:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.0.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.58:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.46:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.56:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.43:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.65:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc2:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.11.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.58:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc1:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.44:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.38:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.10.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.8.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.35:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc3:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.14:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.78:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.67:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9.1:*:*:*:*:*:arm64:*", "cpe:2.3:o:linux:linux_kernel:3.10.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.12.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.9:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc7:*:*:*:*:*:*"]}], "suse": [{"lastseen": "2016-09-04T12:23:18", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9529", "CVE-2014-8134", "CVE-2014-9420", "CVE-2015-1593", "CVE-2014-8160", "CVE-2015-1421", "CVE-2014-8559", "CVE-2015-0777", "CVE-2014-9584", "CVE-2015-2150", "CVE-2014-9428", "CVE-2014-9419", "CVE-2014-9585"], "description": "The Linux kernel was updated to fix bugs and security issues:\n\n Following security issues were fixed:\n - CVE-2015-1421: Use-after-free vulnerability in the sctp_assoc_update\n function in net/sctp/associola.c in the Linux kernel allowed remote\n attackers to cause a denial of service (slab corruption and panic) or\n possibly have unspecified other impact by triggering an INIT collision\n that leads to improper handling of shared-key data.\n\n - CVE-2015-2150: XSA-120: Guests were permitted to modify all bits of the\n PCI command register of passed through cards, which could lead to Host\n system crashes.\n\n - CVE-2015-0777: The XEN usb backend could leak information to the guest\n system due to copying uninitialized memory.\n\n - CVE-2015-1593: A integer overflow reduced the effectiveness of the stack\n randomization on 64-bit systems.\n\n - CVE-2014-9419: The __switch_to function in arch/x86/kernel/process_64.c\n in the Linux kernel did not ensure that Thread Local Storage (TLS)\n descriptors are loaded before proceeding with other steps, which made it\n easier for local users to bypass the ASLR protection mechanism via a\n crafted application that reads a TLS base address.\n\n - CVE-2014-9428: The batadv_frag_merge_packets function in\n net/batman-adv/fragmentation.c in the B.A.T.M.A.N. implementation in the\n Linux kernel used an incorrect length field during a calculation of an\n amount of memory, which allowed remote attackers to cause a denial of\n service (mesh-node system crash) via fragmented packets.\n\n - CVE-2014-8160: net/netfilter/nf_conntrack_proto_generic.c in the Linux\n kernel generated incorrect conntrack entries during handling of certain\n iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols,\n which allowed remote attackers to bypass intended access restrictions\n via packets with disallowed port numbers.\n\n - CVE-2014-9529: Race condition in the key_gc_unused_keys function in\n security/keys/gc.c in the Linux kernel allowed local users to cause a\n denial of service (memory corruption or panic) or possibly have\n unspecified other impact via keyctl commands that trigger access to a\n key structure member during garbage collection of a key.\n\n - CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the\n Linux kernel did not restrict the number of Rock Ridge continuation\n entries, which allowed local users to cause a denial of service\n (infinite loop, and system crash or hang) via a crafted iso9660 image.\n\n - CVE-2014-9584: The parse_rock_ridge_inode_internal function in\n fs/isofs/rock.c in the Linux kernel did not validate a length value in\n the Extensions Reference (ER) System Use Field, which allowed local\n users to obtain sensitive information from kernel memory via a crafted\n iso9660 image.\n\n - CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the\n Linux kernel did not properly choose memory locations for the vDSO area,\n which made it easier for local users to bypass the ASLR protection\n mechanism by guessing a location at the end of a PMD.\n\n - CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux kernel\n through did not properly maintain the semantics of rename_lock, which\n allowed local users to cause a denial of service (deadlock and system\n hang) via a crafted application.\n\n - CVE-2014-8134: The paravirt_ops_setup function in arch/x86/kernel/kvm.c\n in the Linux kernel used an improper paravirt_enabled setting for KVM\n guest kernels, which made it easier for guest OS users to bypass the\n ASLR protection mechanism via a crafted application that reads a 16-bit\n value.\n\n Following bugs were fixed:\n - powerpc/pci: Fix IO space breakage after of_pci_range_to_resource()\n change (bnc#922542).\n\n - cifs: fix use-after-free bug in find_writable_file (bnc#909477).\n\n - usb: Do not allow usb_alloc_streams on unconfigured devices (bsc#920581).\n\n - fuse: honour max_read and max_write in direct_io mode (bnc#918954).\n\n - switch iov_iter_get_pages() to passing maximal number of pages\n (bnc#918954).\n\n - bcache: fix a livelock in btree lock v2 (bnc#910440) (bnc#910440).\n Updated because another version went upstream\n\n - drm/i915: Initialise userptr mmu_notifier serial to 1 (bnc#918970).\n\n - NFS: Don't try to reclaim delegation open state if recovery failed\n (boo#909634).\n - NFSv4: Ensure that we call FREE_STATEID when NFSv4.x stateids are\n revoked (boo#909634).\n - NFSv4: Fix races between nfs_remove_bad_delegation() and delegation\n return (boo#909634).\n - NFSv4: Ensure that we remove NFSv4.0 delegations when state has expired\n (boo#909634).\n - Fixing lease renewal (boo#909634).\n\n - bcache: Fix a bug when detaching (bsc#908582).\n\n - fix a leak in bch_cached_dev_run() (bnc#910440).\n - bcache: unregister reboot notifier when bcache fails to register a block\n device (bnc#910440).\n - bcache: fix a livelock in btree lock (bnc#910440).\n - bcache: [BUG] clear BCACHE_DEV_UNLINK_DONE flag when attaching a backing\n device (bnc#910440).\n - bcache: Add a cond_resched() call to gc (bnc#910440).\n\n - storvsc: ring buffer failures may result in I/O freeze (bnc#914175).\n\n - ALSA: seq-dummy: remove deadlock-causing events on close (boo#916608).\n - ALSA: pcm: Zero-clear reserved fields of PCM status ioctl in compat mode\n (boo#916608).\n - ALSA: bebob: Uninitialized id returned by saffirepro_both_clk_src_get\n (boo#916608).\n - ALSA: hda - Fix built-in mic on Compaq Presario CQ60 (bnc#920604).\n - ALSA: hda - Fix regression of HD-audio controller fallback modes\n (bsc#921313).\n\n - [media] sound: Update au0828 quirks table (boo#916608).\n - [media] sound: simplify au0828 quirk table (boo#916608).\n\n - ALSA: usb-audio: Add mic volume fix quirk for Logitech Webcam C210\n (boo#916608).\n - ALSA: usb-audio: extend KEF X300A FU 10 tweak to Arcam rPAC (boo#916608).\n - ALSA: usb-audio: Add ctrl message delay quirk for Marantz/Denon devices\n (boo#916608).\n - ALSA: usb-audio: Fix memory leak in FTU quirk (boo#916608).\n - ALSA: usb-audio: Fix device_del() sysfs warnings at disconnect\n (boo#916608).\n\n - ALSA: hda - Add new GPU codec ID 0x10de0072 to snd-hda (boo#916608).\n - ALSA: hda - Fix wrong gpio_dir & gpio_mask hint setups for IDT/STAC\n codecs (boo#916608).\n - ALSA: hda/realtek - New codec support for ALC298 (boo#916608).\n - ALSA: hda/realtek - New codec support for ALC256 (boo#916608).\n - ALSA: hda/realtek - Add new Dell desktop for ALC3234 headset mode\n (boo#916608).\n - ALSA: hda - Add EAPD fixup for ASUS Z99He laptop (boo#916608).\n - ALSA: hda - Fix built-in mic at resume on Lenovo Ideapad S210\n (boo#916608).\n - ALSA: hda/realtek - Add headset Mic support for new Dell machine\n (boo#916608).\n - ALSA: hda_intel: Add DeviceIDs for Sunrise Point-LP (boo#916608).\n - ALSA: hda_intel: Add Device IDs for Intel Sunrise Point PCH (boo#916608).\n - ALSA: hda - add codec ID for Braswell display audio codec (boo#916608).\n - ALSA: hda - add PCI IDs for Intel Braswell (boo#916608).\n - ALSA: hda - Add dock support for Thinkpad T440 (17aa:2212) (boo#916608).\n\n - ALSA: hda - Set up GPIO for Toshiba Satellite S50D (bnc#915858).\n\n - rpm/kernel-binary.spec.in: Fix build if there is no *.crt file\n\n - mm, vmscan: prevent kswapd livelock due to pfmemalloc-throttled process\n being killed (VM Functionality bnc#910150).\n\n - Input: evdev - fix EVIOCG{type} ioctl (bnc#904899).\n\n - mnt: Implicitly add MNT_NODEV on remount when it was implicitly added by\n mount (bsc#907988).\n\n - Btrfs: fix scrub race leading to use-after-free (bnc#915456).\n - Btrfs: fix setup_leaf_for_split() to avoid leaf corruption (bnc#915454).\n - Btrfs: fix fsync log replay for inodes with a mix of regular refs and\n extrefs (bnc#915425).\n - Btrfs: fix fsync when extend references are added to an inode\n (bnc#915425).\n - Btrfs: fix directory inconsistency after fsync log replay (bnc#915425).\n - Btrfs: make xattr replace operations atomic (bnc#913466).\n - Btrfs: fix directory recovery from fsync log (bnc#895797).\n\n - bcache: add mutex lock for bch_is_open (bnc#908612).\n - bcache: Correct printing of btree_gc_max_duration_ms (bnc#908610).\n - bcache: fix crash with incomplete cache set (bnc#908608).\n - bcache: fix memory corruption in init error path (bnc#908606).\n - bcache: Fix more early shutdown bugs (bnc#908605).\n - bcache: fix use-after-free in btree_gc_coalesce() (bnc#908604).\n - bcache: Fix an infinite loop in journal replay (bnc#908603).\n - bcache: fix typo in bch_bkey_equal_header (bnc#908598).\n - bcache: Make sure to pass GFP_WAIT to mempool_alloc() (bnc#908596).\n - bcache: fix crash on shutdown in passthrough mode (bnc#908594).\n - bcache: fix lockdep warnings on shutdown (bnc#908593).\n - bcache allocator: send discards with correct size (bnc#908592).\n - bcache: Fix to remove the rcu_sched stalls (bnc#908589).\n - bcache: Fix a journal replay bug (bnc#908588).\n\n - Update x86_64 config files: CONFIG_SENSORS_NCT6683=m The nct6683 driver\n is already enabled on i386 and history suggests that it not being\n enabled on x86_64 is by mistake.\n\n - rpm/kernel-binary.spec.in: Own the modules directory in the devel\n package (bnc#910322)\n\n - Revert "iwlwifi: mvm: treat EAPOLs like mgmt frames wrt rate"\n (bnc#900811).\n\n - mm: free compound page with correct order (bnc#913695).\n\n - drm/i915: More cautious with pch fifo underruns (boo#907039).\n\n - Refresh patches.arch/arm64-0039-generic-pci.patch (fix PCI bridge\n support)\n\n - x86/microcode/intel: Fish out the stashed microcode for the BSP\n (bsc#903589).\n - x86, microcode: Reload microcode on resume (bsc#903589).\n - x86, microcode: Don't initialize microcode code on paravirt (bsc#903589).\n - x86, microcode, intel: Drop unused parameter (bsc#903589).\n - x86, microcode, AMD: Do not use smp_processor_id() in preemtible context\n (bsc#903589).\n - x86, microcode: Update BSPs microcode on resume (bsc#903589).\n - x86, microcode, AMD: Fix ucode patch stashing on 32-bit (bsc#903589).\n - x86, microcode: Fix accessing dis_ucode_ldr on 32-bit (bsc#903589).\n - x86, microcode, AMD: Fix early ucode loading on 32-bit (bsc#903589).\n\n - Bluetooth: Add support for Broadcom BCM20702A0 variants firmware\n download (bnc#911311).\n\n - drm/radeon: fix sad_count check for dce3 (bnc#911356).\n\n - drm/i915: Don't call intel_prepare_page_flip() multiple times\n on gen2-4 (bnc#911835).\n\n - udf: Check component length before reading it.\n - udf: Check path length when reading symlink.\n - udf: Verify symlink size before loading it.\n - udf: Verify i_size when loading inode.\n\n - arm64: Enable DRM\n\n - arm64: Enable generic PHB driver (bnc#912061).\n\n - ACPI / video: Add some Samsung models to disable_native_backlight list\n (boo#905681).\n\n - asus-nb-wmi: Add another wapf=4 quirk (boo#911438).\n - asus-nb-wmi: Add wapf4 quirk for the X550VB (boo#911438).\n - asus-nb-wmi: Add wapf4 quirk for the U32U (boo#911438).\n - asus-nb-wmi: Add wapf4 quirk for the X550CC (boo#911438).\n - asus-nb-wmi: Constify asus_quirks DMI table (boo#911438).\n - asus-nb-wmi: Add wapf4 quirk for the X550CL (boo#911438).\n - asus-nb-wmi.c: Rename x401u quirk to wapf4 (boo#911438).\n - asus-nb-wmi: Add ASUSTeK COMPUTER INC. X200CA (boo#911438).\n - WAPF 4 for ASUSTeK COMPUTER INC. X75VBP WLAN ON (boo#911438).\n\n - Input: synaptics - gate forcepad support by DMI check (bnc#911578).\n\n - ext4: introduce aging to extent status tree (bnc#893428).\n - ext4: cleanup flag definitions for extent status tree (bnc#893428).\n - ext4: limit number of scanned extents in status tree shrinker\n (bnc#893428).\n - ext4: move handling of list of shrinkable inodes into extent status code\n (bnc#893428).\n - ext4: change LRU to round-robin in extent status tree shrinker\n (bnc#893428).\n - ext4: cache extent hole in extent status tree for ext4_da_map_blocks()\n (bnc#893428).\n - ext4: fix block reservation for bigalloc filesystems (bnc#893428).\n - ext4: track extent status tree shrinker delay statictics (bnc#893428).\n - ext4: improve extents status tree trace point (bnc#893428).\n\n - rpm/kernel-binary.spec.in: Provide name-version-release for kgraft\n packages (bnc#901925)\n\n - rpm/kernel-binary.spec.in: Fix including the secure boot cert in\n /etc/uefi/certs\n\n - doc/README.SUSE: update Solid Driver team contacts\n\n - rpm/kernel-binary.spec.in: Do not sign firmware files (bnc#867199)\n\n - Port module signing changes from SLE11-SP3 (fate#314508)\n\n - doc/README.PATCH-POLICY.SUSE: add patch policy / best practices document\n after installation.\n\n", "edition": 1, "modified": "2015-04-13T14:04:48", "published": "2015-04-13T14:04:48", "id": "OPENSUSE-SU-2015:0713-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00008.html", "title": "Security update for Linux Kernel (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "android": [{"lastseen": "2020-06-22T14:42:12", "bulletinFamily": "software", "cvelist": ["CVE-2014-9529"], "description": "Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.", "edition": 1, "modified": "2019-07-29T00:00:00", "published": "2016-09-01T00:00:00", "id": "ANDROID:CVE-2014-9529", "href": "http://www.androidvulnerabilities.org/vulnerabilities/CVE-2014-9529.html", "title": "CVE-2014-9529", "type": "android", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T13:21:09", "bulletinFamily": "software", "cvelist": ["CVE-2015-3636"], "description": "The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.", "edition": 2, "modified": "2019-07-29T00:00:00", "published": "2015-09-01T00:00:00", "id": "ANDROID:CVE-2015-3636", "href": "http://www.androidvulnerabilities.org/vulnerabilities/CVE-2015-3636.html", "title": "CVE-2015-3636", "type": "android", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:39:34", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9529", "CVE-2014-9420", "CVE-2014-8160", "CVE-2014-8989", "CVE-2014-8559", "CVE-2015-0239", "CVE-2014-9584", "CVE-2014-9683", "CVE-2014-9428", "CVE-2014-8133", "CVE-2014-9419", "CVE-2014-9585"], "description": "A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of \nthe SYSTENTER instruction when the guest OS does not initialize the \nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of \nservice of the guest OS (crash) or potentially gain privileges on the guest \nOS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's Thread \nLocal Storage (TLS) implementation allowing users to bypass the espfix to \nobtain information that could be used to bypass the Address Space Layout \nRandomization (ASLR) protection mechanism. A local user could exploit this \nflaw to obtain potentially sensitive information from kernel memory. \n(CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules are \nspecified and the conntrack protocol handler module is not loaded into the \nLinux kernel. This flaw can cause the firewall rules on the system to be \nbypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local user \ncould exploit this flaw to cause a denial of service (deadlock and system \nhang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are handled in \ncertain namespace scenarios. A local user could exploit this flaw to bypass \nfile permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by the \ntask switching function in the Linux kernel for x86_64 based machines. A \nlocal user could exploit this flaw to bypass the Address Space Layout \nRadomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the Linux \nkernel's ISO 9660 CDROM file system. A local user could exploit this flaw \nto cause a denial of service (system crash or hang). (CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced \nMeshing Protocol in the Linux kernel. A remote attacker could exploit this \nflaw to cause a denial of service (mesh-node system crash) via fragmented \npackets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A local \nuser could cause a denial of service (memory corruption or panic) or \npossibly have unspecified impact via the keyctl commands. (CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing \nrock ridge ER records. A local user could exploit this flaw to obtain \nsensitive information from kernel memory via a crafted iso9660 image. \n(CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR) of \nthe Virtual Dynamically linked Shared Objects (vDSO) location. This flaw \nmakes it easier for a local user to bypass the ASLR protection mechanism. \n(CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file \nname decoding. A local unprivileged user could exploit this flaw to cause a \ndenial of service (system crash) or potentially gain administrative \nprivileges. (CVE-2014-9683)", "edition": 5, "modified": "2015-02-26T00:00:00", "published": "2015-02-26T00:00:00", "id": "USN-2516-1", "href": "https://ubuntu.com/security/notices/USN-2516-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-02T11:44:25", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9529", "CVE-2014-9420", "CVE-2014-8160", "CVE-2014-8989", "CVE-2014-8559", "CVE-2015-0239", "CVE-2014-9584", "CVE-2014-9683", "CVE-2014-9428", "CVE-2014-8133", "CVE-2014-9419", "CVE-2014-9585"], "description": "USN-2516-1 fixed vulnerabilities in the Linux kernel. There was an unrelated \nregression in the use of the virtual counter (CNTVCT) on arm64 architectures. \nThis update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nA flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of \nthe SYSTENTER instruction when the guest OS does not initialize the \nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of \nservice of the guest OS (crash) or potentially gain privileges on the guest \nOS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's Thread \nLocal Storage (TLS) implementation allowing users to bypass the espfix to \nobtain information that could be used to bypass the Address Space Layout \nRandomization (ASLR) protection mechanism. A local user could exploit this \nflaw to obtain potentially sensitive information from kernel memory. \n(CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules are \nspecified and the conntrack protocol handler module is not loaded into the \nLinux kernel. This flaw can cause the firewall rules on the system to be \nbypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local user \ncould exploit this flaw to cause a denial of service (deadlock and system \nhang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are handled in \ncertain namespace scenarios. A local user could exploit this flaw to bypass \nfile permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by the \ntask switching function in the Linux kernel for x86_64 based machines. A \nlocal user could exploit this flaw to bypass the Address Space Layout \nRadomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the Linux \nkernel's ISO 9660 CDROM file system. A local user could exploit this flaw \nto cause a denial of service (system crash or hang). (CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced \nMeshing Protocol in the Linux kernel. A remote attacker could exploit this \nflaw to cause a denial of service (mesh-node system crash) via fragmented \npackets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A local \nuser could cause a denial of service (memory corruption or panic) or \npossibly have unspecified impact via the keyctl commands. (CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing \nrock ridge ER records. A local user could exploit this flaw to obtain \nsensitive information from kernel memory via a crafted iso9660 image. \n(CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR) of \nthe Virtual Dynamically linked Shared Objects (vDSO) location. This flaw \nmakes it easier for a local user to bypass the ASLR protection mechanism. \n(CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file \nname decoding. A local unprivileged user could exploit this flaw to cause a \ndenial of service (system crash) or potentially gain administrative \nprivileges. (CVE-2014-9683)", "edition": 5, "modified": "2015-02-28T00:00:00", "published": "2015-02-28T00:00:00", "id": "USN-2516-2", "href": "https://ubuntu.com/security/notices/USN-2516-2", "title": "Linux kernel vulnerability regression", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-02T11:33:35", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9529", "CVE-2014-9420", "CVE-2014-8160", "CVE-2014-8989", "CVE-2014-8559", "CVE-2015-0239", "CVE-2014-9584", "CVE-2014-9683", "CVE-2014-9428", "CVE-2014-8133", "CVE-2014-9419", "CVE-2014-9585"], "description": "USN-2515-1 fixed vulnerabilities in the Linux kernel. There was an unrelated \nregression in the use of the virtual counter (CNTVCT) on arm64 architectures. \nThis update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nA flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of \nthe SYSTENTER instruction when the guest OS does not initialize the \nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of \nservice of the guest OS (crash) or potentially gain privileges on the guest \nOS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's Thread \nLocal Storage (TLS) implementation allowing users to bypass the espfix to \nobtain information that could be used to bypass the Address Space Layout \nRandomization (ASLR) protection mechanism. A local user could exploit this \nflaw to obtain potentially sensitive information from kernel memory. \n(CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules are \nspecified and the conntrack protocol handler module is not loaded into the \nLinux kernel. This flaw can cause the firewall rules on the system to be \nbypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local user \ncould exploit this flaw to cause a denial of service (deadlock and system \nhang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are handled in \ncertain namespace scenarios. A local user could exploit this flaw to bypass \nfile permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by the \ntask switching function in the Linux kernel for x86_64 based machines. A \nlocal user could exploit this flaw to bypass the Address Space Layout \nRadomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the Linux \nkernel's ISO 9660 CDROM file system. A local user could exploit this flaw \nto cause a denial of service (system crash or hang). (CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced \nMeshing Protocol in the Linux kernel. A remote attacker could exploit this \nflaw to cause a denial of service (mesh-node system crash) via fragmented \npackets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A local \nuser could cause a denial of service (memory corruption or panic) or \npossibly have unspecified impact via the keyctl commands. (CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing \nrock ridge ER records. A local user could exploit this flaw to obtain \nsensitive information from kernel memory via a crafted iso9660 image. \n(CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR) of \nthe Virtual Dynamically linked Shared Objects (vDSO) location. This flaw \nmakes it easier for a local user to bypass the ASLR protection mechanism. \n(CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file \nname decoding. A local unprivileged user could exploit this flaw to cause a \ndenial of service (system crash) or potentially gain administrative \nprivileges. (CVE-2014-9683)", "edition": 5, "modified": "2015-03-04T00:00:00", "published": "2015-03-04T00:00:00", "id": "USN-2515-2", "href": "https://ubuntu.com/security/notices/USN-2515-2", "title": "Linux kernel (Trusty HWE) vulnerabilities regression", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-02T11:37:32", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9529", "CVE-2014-9420", "CVE-2014-8160", "CVE-2014-8989", "CVE-2014-8559", "CVE-2015-0239", "CVE-2014-9584", "CVE-2014-9683", "CVE-2014-9428", "CVE-2014-8133", "CVE-2014-9419", "CVE-2014-9585"], "description": "USN-2516-1 fixed vulnerabilities in the Linux kernel, and the fix in \nUSN-2516-2 was incomplete. There was an unrelated regression in the use of \nthe virtual counter (CNTVCT) on arm64 architectures.\n\nThis update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nA flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of \nthe SYSTENTER instruction when the guest OS does not initialize the \nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of \nservice of the guest OS (crash) or potentially gain privileges on the guest \nOS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's Thread \nLocal Storage (TLS) implementation allowing users to bypass the espfix to \nobtain information that could be used to bypass the Address Space Layout \nRandomization (ASLR) protection mechanism. A local user could exploit this \nflaw to obtain potentially sensitive information from kernel memory. \n(CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules are \nspecified and the conntrack protocol handler module is not loaded into the \nLinux kernel. This flaw can cause the firewall rules on the system to be \nbypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local user \ncould exploit this flaw to cause a denial of service (deadlock and system \nhang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are handled in \ncertain namespace scenarios. A local user could exploit this flaw to bypass \nfile permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by the \ntask switching function in the Linux kernel for x86_64 based machines. A \nlocal user could exploit this flaw to bypass the Address Space Layout \nRadomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the Linux \nkernel's ISO 9660 CDROM file system. A local user could exploit this flaw \nto cause a denial of service (system crash or hang). (CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced \nMeshing Protocol in the Linux kernel. A remote attacker could exploit this \nflaw to cause a denial of service (mesh-node system crash) via fragmented \npackets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A local \nuser could cause a denial of service (memory corruption or panic) or \npossibly have unspecified impact via the keyctl commands. (CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing \nrock ridge ER records. A local user could exploit this flaw to obtain \nsensitive information from kernel memory via a crafted iso9660 image. \n(CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR) of \nthe Virtual Dynamically linked Shared Objects (vDSO) location. This flaw \nmakes it easier for a local user to bypass the ASLR protection mechanism. \n(CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file \nname decoding. A local unprivileged user could exploit this flaw to cause a \ndenial of service (system crash) or potentially gain administrative \nprivileges. (CVE-2014-9683)", "edition": 5, "modified": "2015-03-04T00:00:00", "published": "2015-03-04T00:00:00", "id": "USN-2516-3", "href": "https://ubuntu.com/security/notices/USN-2516-3", "title": "Linux kernel vulnerabilities regression", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-02T11:43:32", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9529", "CVE-2014-9420", "CVE-2014-8160", "CVE-2014-8989", "CVE-2014-8559", "CVE-2015-0239", "CVE-2014-9584", "CVE-2014-9683", "CVE-2014-9428", "CVE-2014-8133", "CVE-2014-9419", "CVE-2014-9585"], "description": "A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of \nthe SYSTENTER instruction when the guest OS does not initialize the \nSYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of \nservice of the guest OS (crash) or potentially gain privileges on the guest \nOS. (CVE-2015-0239)\n\nAndy Lutomirski discovered an information leak in the Linux kernel's Thread \nLocal Storage (TLS) implementation allowing users to bypass the espfix to \nobtain information that could be used to bypass the Address Space Layout \nRandomization (ASLR) protection mechanism. A local user could exploit this \nflaw to obtain potentially sensitive information from kernel memory. \n(CVE-2014-8133)\n\nA restriction bypass was discovered in iptables when conntrack rules are \nspecified and the conntrack protocol handler module is not loaded into the \nLinux kernel. This flaw can cause the firewall rules on the system to be \nbypassed when conntrack rules are used. (CVE-2014-8160)\n\nA flaw was discovered with file renaming in the linux kernel. A local user \ncould exploit this flaw to cause a denial of service (deadlock and system \nhang). (CVE-2014-8559)\n\nA flaw was discovered in how supplemental group memberships are handled in \ncertain namespace scenarios. A local user could exploit this flaw to bypass \nfile permission restrictions. (CVE-2014-8989)\n\nA flaw was discovered in how Thread Local Storage (TLS) is handled by the \ntask switching function in the Linux kernel for x86_64 based machines. A \nlocal user could exploit this flaw to bypass the Address Space Layout \nRadomization (ASLR) protection mechanism. (CVE-2014-9419)\n\nPrasad J Pandit reported a flaw in the rock_continue function of the Linux \nkernel's ISO 9660 CDROM file system. A local user could exploit this flaw \nto cause a denial of service (system crash or hang). (CVE-2014-9420)\n\nA flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced \nMeshing Protocol in the Linux kernel. A remote attacker could exploit this \nflaw to cause a denial of service (mesh-node system crash) via fragmented \npackets. (CVE-2014-9428)\n\nA race condition was discovered in the Linux kernel's key ring. A local \nuser could cause a denial of service (memory corruption or panic) or \npossibly have unspecified impact via the keyctl commands. (CVE-2014-9529)\n\nA memory leak was discovered in the ISO 9660 CDROM file system when parsing \nrock ridge ER records. A local user could exploit this flaw to obtain \nsensitive information from kernel memory via a crafted iso9660 image. \n(CVE-2014-9584)\n\nA flaw was discovered in the Address Space Layout Randomization (ASLR) of \nthe Virtual Dynamically linked Shared Objects (vDSO) location. This flaw \nmakes it easier for a local user to bypass the ASLR protection mechanism. \n(CVE-2014-9585)\n\nDmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file \nname decoding. A local unprivileged user could exploit this flaw to cause a \ndenial of service (system crash) or potentially gain administrative \nprivileges. (CVE-2014-9683)", "edition": 5, "modified": "2015-02-26T00:00:00", "published": "2015-02-26T00:00:00", "id": "USN-2515-1", "href": "https://ubuntu.com/security/notices/USN-2515-1", "title": "Linux kernel (Trusty HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:37", "bulletinFamily": "unix", "cvelist": ["CVE-2015-2830", "CVE-2015-2922", "CVE-2015-3339", "CVE-2014-8989", "CVE-2015-0239", "CVE-2015-3636", "CVE-2014-9585"], "description": "kernel-uek\r\n[3.8.13-98]\r\n- KVM: x86: SYSENTER emulation is broken (Nadav Amit) [Orabug: 21502729] {CVE-2015-0239} {CVE-2015-0239}\r\n- fs: take i_mutex during prepare_binprm for set[ug]id executables (Jann Horn) [Orabug: 21502159] {CVE-2015-3339}\r\n \n[3.8.13-97]\r\n- add ql2400, ql2500 firmware versions to prerequisites (Dan Duval) [Orabug: 21474929] \r\n- correct QLogic firmware dependencies in the spec file (Dan Duval) [Orabug: 21474929]\r\n \n[3.8.13-96]\r\n- xen-blkfront: don't add indirect page to list when !feature_persistent (Bob Liu) [Orabug: 21459266]\r\n \n[3.8.13-95]\r\n- add firmware dependencies to spec files (Dan Duval) [Orabug: 21417522]\r\n \n[3.8.13-94]\r\n- ipv6: Don't reduce hop limit for an interface (D.S. Ljungmark) [Orabug: 21444784] {CVE-2015-2922}\r\n- ipv4: Missing sk_nulls_node_init() in ping_unhash(). (David S. Miller) [Orabug: 21444685] {CVE-2015-3636}\r\n \n[3.8.13-93]\r\n- config: sync up config files to make build clean (Guangyu Sun) [Orabug: 21425838] \r\n- acpi: fix typo in drivers/acpi/osl.c (Guangyu Sun) [Orabug: 21418329]\r\n \n[3.8.13-92]\r\n- Revert 'i40e: Add support for getlink, setlink ndo ops' (Brian Maly) [Orabug: 21314906] \r\n- x86: Do not try to sync identity map for non-mapped pages (Dave Hansen) [Orabug: 21326516]\r\n \n[3.8.13-91]\r\n- rds: re-entry of rds_ib_xmit/rds_iw_xmit (Wengang Wang) [Orabug: 21324074] \r\n- drm/mgag200: Reject non-character-cell-aligned mode widths (Adam Jackson) [Orabug: 20868823] \r\n- drm/mgag200: fix typo causing bw limits to be ignored on some chips (Dave Airlie) [Orabug: 20868823] \r\n- drm/mgag200: remove unused driver_private access (David Herrmann) [Orabug: 20868823] \r\n- drm/mgag200: Invalidate page tables when pinning a BO (Egbert Eich) [Orabug: 20868823] \r\n- drm/mgag200: Fix LUT programming for 16bpp (Egbert Eich) [Orabug: 20868823] \r\n- drm/mgag200: Fix framebuffer pitch calculation (Takashi Iwai) [Orabug: 20868823] \r\n- drm/mgag200: Add sysfs support for connectors (Egbert Eich) [Orabug: 20868823] \r\n- drm/mgag200: Add an crtc_disable callback to the crtc helper funcs (Egbert Eich) [Orabug: 20868823] \r\n- drm/mgag200: Fix logic in mgag200_bo_pin() (v2) (Egbert Eich) [Orabug: 20868823] \r\n- drm/mgag200: inline reservations (Maarten Lankhorst) [Orabug: 20868823] \r\n- drm/mgag200: do not attempt to acquire a reservation while in an interrupt handler (Maarten Lankhorst) [Orabug: 20868823] \r\n- drm/mgag200: Added resolution and bandwidth limits for various G200e products. (Julia Lemire) [Orabug: 20868823] \r\n- drm/mgag200: Reject modes that are too big for VRAM (Christopher Harvey) [Orabug: 20868823] \r\n- drm/mgag200: Don't do full cleanup if mgag200_device_init fails (Christopher Harvey) [Orabug: 20868823] \r\n- drm/mgag200: Hardware cursor support (Christopher Harvey) [Orabug: 20868823] \r\n- drm/mgag200: Add missing write to index before accessing data register (Christopher Harvey) [Orabug: 20868823] \r\n- drm/mgag200: Fix framebuffer base address programming (Christopher Harvey) [Orabug: 20868823] \r\n- drm/mgag200: Convert counter delays to jiffies (Christopher Harvey) [Orabug: 20868823] \r\n- drm/mgag200: Fix writes into MGA1064_PIX_CLK_CTL register (Christopher Harvey) [Orabug: 20868823] \r\n- drm/mgag200: Don't change unrelated registers during modeset (Christopher Harvey) [Orabug: 20868823] \r\n- Revert 'lpfc: Fix for lun discovery issue with 8Gig adapter.' (Guru Anbalagane) [Orabug: 21304962]\r\n \n[3.8.13-90]\r\n- x86/asm/entry/64: Remove a bogus 'ret_from_fork' optimization (Andy Lutomirski) [Orabug: 21308309] {CVE-2015-2830}\r\n- Update patched for lpfc from 10.6.61.0 to 10.6.61.1 for UEK R3 U6 release. (Dick Kennedy) \r\n- lpfc: Change buffer pool empty message to miscellaneous category (Dick Kennedy) \r\n- lpfc: Fix incorrect log message reported for empty FCF record. (Dick Kennedy) \r\n- lpfc: Fix rport leak. (Dick Kennedy) \r\n- lpfc: Correct loss of RSCNs during array takeaway/giveback testing. (Dick Kennedy) \r\n- lpfc: Fix crash in vport_delete. (Dick Kennedy) \r\n- lpfc: Fix to remove IRQF_SHARED flag for MSI/MSI-X vectors. (Dick Kennedy) \r\n- lpfc: Fix discovery issue when changing from Pt2Pt to Fabric. (Dick Kennedy) \r\n- lpfc: Correct reporting of vport state on fdisc command failure. (Dick Kennedy) \r\n- lpfc: Add support for RDP ELS command. (Dick Kennedy) \r\n- lpfc: Fix ABORTs WQ selection in terminate_rport_io (Dick Kennedy) \r\n- lpfc: Correct reference counting of rport (Dick Kennedy) \r\n- lpfc: Add support for ELS LCB. (Dick Kennedy) \r\n- lpfc: Correct loss of target discovery after cable swap. (Dick Kennedy) \r\n- dtrace: sigaltstack is no longer a stub syscall (Kris Van Hees) [Orabug: 21304183] \r\n- hpsa: add in new offline mode (Don Brace) [Orabug: 21289871] \r\n- hpsa: add in new controllers (Don Brace) [Orabug: 21289871] \r\n- hpsa: hpsa decode sense data for io and tmf (Don Brace) [Orabug: 21289871] \r\n- hpsa: enable bus mastering during init (Don Brace) [Orabug: 21289871] \r\n- hpsa: enhance kdump (Don Brace) [Orabug: 21289871] \r\n- hpsa: enhance error checking. (Don Brace) [Orabug: 21289871] \r\n- hpsa: enhance driver output (Don Brace) [Orabug: 21289871] \r\n- hpsa: update pci device table (Don Brace) [Orabug: 21289871] \r\n- vmw_pvscsi: Fix pvscsi_abort() function. (Arvind Kumar) [Orabug: 21266080] \r\n- qla2xxx: Update driver version to 8.07.00.18.39.0-k. (Sawan Chandak) [Orabug: 21241070] \r\n- qla2xxx: Restore physical port WWPN only, when port down detected for FA-WWPN port. (Sawan Chandak) [Orabug: 21241070] \r\n- qla2xxx: Fix virtual port configuration, when switch port is disabled/enabled. (Sawan Chandak) [Orabug: 21241070] \r\n- qla2xxx: Prevent multiple firmware dump collection for ISP27XX. (Himanshu Madhani) [Orabug: 21241070] \r\n- qla2xxx: Disable Interrupt handshake for ISP27XX. (Himanshu Madhani) [Orabug: 21241070] \r\n- qla2xxx: Add debugging info for MBX timeout. (Himanshu Madhani) [Orabug: 21241070] \r\n- qla2xxx: Add serdes read/write support for ISP27XX (Andrew Vasquez) [Orabug: 21241070] \r\n- qla2xxx: Add udev notification to save fw dump for ISP27XX (Himanshu Madhani) [Orabug: 21241070] \r\n- qla2xxx: Add message for sucessful FW dump collected for ISP27XX. (Himanshu Madhani) [Orabug: 21241070] \r\n- qla2xxx: Add support to load firmware from file for ISP 26XX/27XX. (Sawan Chandak) [Orabug: 21241070] \r\n- qla2xxx: Fix beacon blink for ISP27XX. (Nigel Kirkland) [Orabug: 21241070] \r\n- qla2xxx: Increase the wait time for firmware to be ready for P3P. (Chad Dupuis) [Orabug: 21241070] \r\n- qla2xxx: Fix printks in ql_log message (Yannick Guerrini) [Orabug: 21241070] \r\n- qla2xxx: Fix printk in qla25xx_setup_mode (Yannick Guerrini) [Orabug: 21241070] \r\n- bnx2i: update to 2.11.2.0 (Vaughan Cao) [Orabug: 21241055] \r\n- bnx2fc: update to 2.9.3 (Vaughan Cao) [Orabug: 21241055] \r\n- bnx2x: update to 1.712.33 (Vaughan Cao) [Orabug: 21241055] \r\n- cnic: update to 2.5.20h (Vaughan Cao) [Orabug: 21241055] \r\n- bnx2: update to 2.2.5o (Vaughan Cao) [Orabug: 21241055] \r\n- md: use SRCU to improve performance (Mikulas Patocka) [Orabug: 18231164] \r\n- kvm: raise KVM_SOFT_MAX_VCPUS to support more vcpus (Dan Duval) [Orabug: 21144488] \r\n- vsock: Make transport the proto owner (Andy King) [Orabug: 21266075] \r\n- VSOCK: Move af_vsock.h and vsock_addr.h to include/net (Asias He) [Orabug: 21266075]\r\n \n[3.8.13-89]\r\n- drivers: xen-blkfront: only talk_to_blkback() when in XenbusStateInitialising (Bob Liu) \r\n- xen/block: add multi-page ring support (Bob Liu) \r\n- driver: xen-blkfront: move talk_to_blkback to a more suitable place (Bob Liu) \r\n- drivers: xen-blkback: delay pending_req allocation to connect_ring (Bob Liu) \r\n- xen/grant: introduce func gnttab_unmap_refs_sync() (Bob Liu) \r\n- xen/blkback: safely unmap purge persistent grants (Bob Liu) \r\n- xenbus_client: Extend interface to support multi-page ring (Wei Liu) \r\n- be2net: update the driver version to 10.6.0.2 (Sathya Perla) [Orabug: 21275400] \r\n- be2net: update copyright year to 2015 (Vasundhara Volam) [Orabug: 21275400] \r\n- be2net: use be_virtfn() instead of !be_physfn() (Kalesh AP) [Orabug: 21275400] \r\n- be2net: simplify UFI compatibility checking (Vasundhara Volam) [Orabug: 21275400] \r\n- be2net: post full RXQ on interface enable (Suresh Reddy) [Orabug: 21275400] \r\n- be2net: check for INSUFFICIENT_VLANS error (Kalesh AP) [Orabug: 21275400] \r\n- be2net: receive pkts with L3, L4 errors on VFs (Somnath Kotur) [Orabug: 21275400] \r\n- be2net: log link status (Ivan Vecera) [Orabug: 21275400] \r\n- be2net: Fix a bug in Rx buffer posting (Ajit Khaparde) [Orabug: 21275400] \r\n- be2net: bump up the driver version to 10.6.0.1 (Sathya Perla) [Orabug: 21275400] \r\n- be2net: use PCI MMIO read instead of config read for errors (Suresh Reddy) [Orabug: 21275400] \r\n- be2net: restrict MODIFY_EQ_DELAY cmd to a max of 8 EQs (Suresh Reddy) [Orabug: 21275400] \r\n- be2net: Prevent VFs from enabling VLAN promiscuous mode (Vasundhara Volam) [Orabug: 21275400] \r\n- ethernet: codespell comment spelling fixes (Joe Perches) [Orabug: 21275400] \r\n- be2net: avoid creating the non-RSS default RXQ if FW allows to (Vasundhara Volam) [Orabug: 21275400] \r\n- be2net: use a wrapper to schedule and cancel error detection task (Sathya Perla) [Orabug: 21275400] \r\n- be2net: shorten AMAP_GET/SET_BITS() macro calls (Sathya Perla) [Orabug: 21275400] \r\n- be2net: MODULE_DEVICE_TABLE: fix some callsites (Andrew Morton) [Orabug: 21275400] \r\n- be2net: avoid unncessary swapping of fields in eth_tx_wrb (Sathya Perla) [Orabug: 21275400] \r\n- be2net: process port misconfig async event (Vasundhara Volam) [Orabug: 21275400] \r\n- be2net: refactor be_set_rx_mode() and be_vid_config() for readability (Sathya Perla) [Orabug: 21275400] \r\n- be2net: remove duplicate code in be_cmd_rx_filter() (Sathya Perla) [Orabug: 21275400] \r\n- be2net: use offset based FW flashing for Skyhawk chip (Vasundhara Volam) [Orabug: 21275400] \r\n- be2net: avoid flashing SH-B0 UFI image on SH-P2 chip (Vasundhara Volam) [Orabug: 21275400] \r\n- be2net: refactor code that checks flash file compatibility (Vasundhara Volam) [Orabug: 21275400] \r\n- be2net: replace (1 << x) with BIT(x) (Vasundhara Volam) [Orabug: 21275400] \r\n- be2net: move un-exported routines from be.h to respective src files (Sathya Perla) [Orabug: 21275400] \r\n- bridge: add flags argument to ndo_bridge_setlink and ndo_bridge_dellink (Roopa Prabhu) [Orabug: 21275400] \r\n- be2net: move definitions related to FW cmdsfrom be_hw.h to be_cmds.h (Vasundhara Volam) [Orabug: 21275400] \r\n- be2net: issue function reset cmd in resume path (Kalesh AP) [Orabug: 21275400] \r\n- be2net: add a log message for POST timeout in Lancer (Kalesh AP) [Orabug: 21275400] \r\n- be2net: fix failure case in setting flow control (Kalesh AP) [Orabug: 21275400] \r\n- be2net: move interface create code to a separate routine (Kalesh AP) [Orabug: 21275400] \r\n- VMCI: Guard against overflow in queue pair allocation (Jorgen Hansen) [Orabug: 21266077] \r\n- VMCI: Check userland-provided datagram size (Andy King) [Orabug: 21266077] \r\n- VMCI: Fix two UVA mapping bugs (Jorgen Hansen) [Orabug: 21266077] \r\n- VMCI: integer overflow in vmci_datagram_dispatch() (Dan Carpenter) [Orabug: 21266077] \r\n- VMCI: fix error handling path when registering guest driver (Dmitry Torokhov) [Orabug: 21266077] \r\n- VMCI: Add support for virtual IOMMU (Andy King) [Orabug: 21266077] \r\n- VMCI: Remove non-blocking/pinned queuepair support (Andy King) [Orabug: 21266077]\r\n \n[3.8.13-88]\r\n- Oracle Linux Kernel Module Signing Key (Alexey Petrenko) [Orabug: 21249387] \r\n- extrakeys.pub is not needed for the build (Alexey Petrenko) [Orabug: 21249387] \r\n- Fix kabi break due to find_special_page was introduced (Bob Liu) [Orabug: 21250018] \r\n- xen/gntdev: provide find_special_page VMA operation (David Vrabel) [Orabug: 21250018] \r\n- xen/gntdev: mark userspace PTEs as special on x86 PV guests (David Vrabel) [Orabug: 21250018] \r\n- xen-blkback: safely unmap grants in case they are still in use (Jennifer Herbert) [Orabug: 21250018] \r\n- xen/gntdev: safely unmap grants in case they are still in use (Jennifer Herbert) [Orabug: 21250018] \r\n- xen/gntdev: convert priv->lock to a mutex (David Vrabel) [Orabug: 21250018] \r\n- xen/grant-table: add a mechanism to safely unmap pages that are in use (Jennifer Herbert) [Orabug: 21250018] \r\n- xen-netback: use foreign page information from the pages themselves (Jennifer Herbert) [Orabug: 21250018] \r\n- xen: mark grant mapped pages as foreign (Jennifer Herbert) [Orabug: 21250018] \r\n- xen/grant-table: add helpers for allocating pages (David Vrabel) [Orabug: 21250018] \r\n- x86/xen: require ballooned pages for grant maps (Jennifer Herbert) [Orabug: 21250018] \r\n- xen: remove scratch frames for ballooned pages and m2p override (David Vrabel) [Orabug: 21250018] \r\n- xen/grant-table: pre-populate kernel unmap ops for xen_gnttab_unmap_refs() (David Vrabel) [Orabug: 21250018] \r\n- mm: add 'foreign' alias for the 'pinned' page flag (Jennifer Herbert) [Orabug: 21250018] \r\n- mm: provide a find_special_page vma operation (David Vrabel) [Orabug: 21250018] \r\n- NFS hangs in __ocfs2_cluster_lock due to race with ocfs2_unblock_lock (Tariq Saeed) [Orabug: 20933419] \r\n- swiotlb: don't assume PA 0 is invalid (Jan Beulich) [Orabug: 21249144]\r\n \n[3.8.13-87]\r\n- qla4xxx: Update driver version to v5.04.00.07.06.02-uek3 (Nilesh Javali) [Orabug: 21241091] \r\n- qla4xxx: check the return value of dma_alloc_coherent() (Maurizio Lombardi) [Orabug: 21241091] \r\n- scsi: qla4xxx: ql4_mbx.c: Cleaning up missing null-terminate in conjunction with strncpy (Rickard Strandqvist) [Orabug: 21241091] \r\n- scsi: qla4xxx: ql4_os.c: Cleaning up missing null-terminate in conjunction with strncpy (Rickard Strandqvist) [Orabug: 21241091] \r\n- qla4xxx: fix get_host_stats error propagation (Mike Christie) [Orabug: 21241091] \r\n- scsi_ibft: Fix finding Broadcom specific ibft sign (Vikas Chaudhary) [Orabug: 21241091] \r\n- dtrace: convert from sdt_instr_t to asm_instr_t (Kris Van Hees) [Orabug: 21267945] \r\n- dtrace: percpu: move from __get_cpu_var() to this_cpu_ptr() (Kris Van Hees) [Orabug: 21265599] \r\n- dtrace: do not vmalloc/vfree from probe context (Kris Van Hees) [Orabug: 21267934] \r\n- dtrace: restructuring for multi-arch support (Kris Van Hees) [Orabug: 21267922] \r\n- kallsyms: fix /proc/kallmodsyms to not be misled by const variables (Nick Alcock) [Orabug: 21257170] \r\n- storvsc: force discovery of LUNs that may have been removed. (K. Y. Srinivasan) [Orabug: 20768211] \r\n- storvsc: in responce to a scan event, scan the host (K. Y. Srinivasan) [Orabug: 20768211] \r\n- builds: configs: Enable mgs driver for OL7 (Santosh Shilimkar) [Orabug: 20505584] \r\n- aacraid: driver version change (Mahesh Rajashekhara) [Orabug: 21208741] \r\n- aacraid: AIF raw device remove support (Mahesh Rajashekhara) [Orabug: 21208741] \r\n- aacraid: performance improvement changes (Mahesh Rajashekhara) [Orabug: 21208741] \r\n- aacraid: IOCTL fix (Mahesh Rajashekhara) [Orabug: 21208741] \r\n- aacraid: IOP RESET command handling changes (Mahesh Rajashekhara) [Orabug: 21208741] \r\n- aacraid: 240 simple volume support (Mahesh Rajashekhara) [Orabug: 21208741] \r\n- aacraid: vpd page code 0x83 support (Mahesh Rajashekhara) [Orabug: 21208741] \r\n- aacraid: MSI-x support (Mahesh Rajashekhara) [Orabug: 21208741] \r\n- aacraid: 4KB sector support (Mahesh Rajashekhara) [Orabug: 21208741] \r\n- aacraid: IOCTL pass-through command fix (Mahesh Rajashekhara) [Orabug: 21208741] \r\n- aacraid: AIF support for SES device add/remove (Mahesh Rajashekhara) [Orabug: 21208741] \r\n- scsi: use 64-bit LUNs (Hannes Reinecke) [Orabug: 21208741] \r\n- remove deprecated IRQF_DISABLED from SCSI (Michael Opdenacker) [Orabug: 21208741] \r\n- aacraid: kdump fix (Mahesh Rajashekhara) [Orabug: 21208741] \r\n- drivers: avoid parsing names as kthread_run() format strings (Kees Cook) [Orabug: 21208741] \r\n- aacraid: Fix for arrays are going offline in the system. System hangs (Mahesh Rajashekhara) [Orabug: 21208741] \r\n- aacraid: Dual firmware image support (Mahesh Rajashekhara) [Orabug: 21208741] \r\n- aacraid: suppress two GCC warnings (Paul Bolle) [Orabug: 21208741] \r\n- aacraid: 1024 max outstanding command support for Series 7 and above (Mahesh Rajashekhara) [Orabug: 21208741]\r\n \n[3.8.13-86]\r\n- kallsyms: fix /proc/kallmodsyms to not be misled by external symbols (Nick Alcock) [Orabug: 21245508] \r\n- wait: change waitfd() to use wait4(), not waitid(); reduce invasiveness (Nick Alcock) [Orabug: 21245391] \r\n- ixgbevf: upgrade to version 2.16.1 (Brian Maly) [Orabug: 21104474] \r\n- ipv6: don't call addrconf_dst_alloc again when enable lo (Gao feng) [Orabug: 21088702] \r\n- efi/xen: Pass missing argument to EFI runtime Xen hypercall (Daniel Kiper) [Orabug: 21247143]\r\n \n[3.8.13-85]\r\n- fanotify: fix notification of groups with inode & mount marks (Jan Kara) [Orabug: 21168905] \r\n- NVMe: Fix VPD B0 max sectors translation (Keith Busch) [Orabug: 21117187] \r\n- NVMe: Add translation for block limits (Keith Busch) [Orabug: 21117187] \r\n- nvme: Fix PRP list calculation for non-4k system page size (Murali Iyer) [Orabug: 21117187] \r\n- NVMe: Fix potential corruption on sync commands (Keith Busch) [Orabug: 21117187] \r\n- NVMe: Fix potential corruption during shutdown (Keith Busch) [Orabug: 21117187] \r\n- NVMe: Initialize device list head before starting (Keith Busch) [Orabug: 21117187] \r\n- NVMe: Asynchronous controller probe (Keith Busch) [Orabug: 21117187] \r\n- NVMe: Register management handle under nvme class (Keith Busch) [Orabug: 21117187] \r\n- NVMe: Update SCSI Inquiry VPD 83h translation (Keith Busch) [Orabug: 21117187] \r\n- NVMe: Update data structures for NVMe 1.2 (Matthew Wilcox) [Orabug: 21117187] \r\n- NVMe: Update namespace and controller identify structures to the 1.1a spec (Dimitri John Ledkov) [Orabug: 21117187] \r\n- NVMe: Update module version (Keith Busch) [Orabug: 21117187] \r\n- fnic: Override the limitation on number of scsi timeouts (Narsimhulu Musini) [Orabug: 21084835] \r\n- fnic: IOMMU Fault occurs when IO and abort IO is out of order (Anil Chintalapati (achintal)) [Orabug: 21084835] \r\n- Fnic: Fnic Driver crashed with NULL pointer reference (Hiral Shah) [Orabug: 21084835] \r\n- Fnic: For Standalone C series, 'sending VLAN request' message seen even if the link is down (Hiral Shah) [Orabug: 21084835] \r\n- Fnic: Improper resue of exchange Ids (Hiral Shah) [Orabug: 21084835] \r\n- Fnic: Memcopy only mimumum of data or trace buffer (Hiral Shah) [Orabug: 21084835] \r\n- Fnic: Not probing all the vNICS via fnic_probe on boot (Hiral Shah) [Orabug: 21084835] \r\n- fnic: assign FIP_ALL_FCF_MACS to fcoe_all_fcfs (Hiral Shah) [Orabug: 21084835] \r\n- uek-rpm: ol6: update build environment to 6.6 (Guangyu Sun)\r\n \n[3.8.13-84]\r\n- x86_64, vdso: Fix the vdso address randomization algorithm (Andy Lutomirski) [Orabug: 21226722] {CVE-2014-9585}\r\n \n[3.8.13-83]\r\n- snic: fix format string overflow (Brian Maly) [Orabug: 21091759] \r\n- scsi: add snic driver to makefile (Brian Maly) [Orabug: 21091759] \r\n- snic: enable snic in kernel configs (Brian Maly) [Orabug: 21091759] \r\n- snic: minor checkpatch fixes (Narsimhulu Musini) [Orabug: 21091759] \r\n- snic: Add Makefile, patch Kconfig, MAINTAINERS (Narsimhulu Musini) [Orabug: 21091759] \r\n- snic: Add event tracing to capture IO events. (Narsimhulu Musini) [Orabug: 21091759] \r\n- snic: Add sysfs entries to list stats and trace data (Narsimhulu Musini) [Orabug: 21091759] \r\n- snic: Add low level queuing interfaces (Narsimhulu Musini) [Orabug: 21091759] \r\n- snic: add SCSI handling, AEN, and fwreset handling (Narsimhulu Musini) [Orabug: 21091759] \r\n- snic: Add snic target discovery (Narsimhulu Musini) [Orabug: 21091759] \r\n- snic: Add meta request, handling of meta requests. (Narsimhulu Musini) [Orabug: 21091759] \r\n- snic: Add interrupt, resource firmware interfaces (Narsimhulu Musini) [Orabug: 21091759] \r\n- snic: snic module infrastructure (Narsimhulu Musini) [Orabug: 21091759] \r\n- xen/mmu: Move the setting of pvops.write_cr3 to later phase in bootup. (Konrad Rzeszutek Wilk) [Orabug: 21197204] \r\n- x86-64, xen, mmu: Provide an early version of write_cr3. (Konrad Rzeszutek Wilk) [Orabug: 21197204] \r\n- uek-rpm: build: Use SHA512 instead of SHA256 for module signing (Natalya Naumova) [Orabug: 20687425] \r\n- config: ol6: make CONFIG_SERIAL_8250_NR_UARTS 64 (Guangyu Sun) [Orabug: 21141039] \r\n- config: enable CONFIG_INTEL_TXT (Guangyu Sun) [Orabug: 21176777] \r\n- export host-only net/core and net/ipv4 parameters to a container as read-only (Thomas Tanaka) [Orabug: 21151210] \r\n- Revert 'i40e: Add FW check to disable DCB and wrap autoneg workaround with FW check' (Brian Maly) [Orabug: 21103806] \r\n- xen-netfront: print correct number of queues (David Vrabel) [Orabug: 21150627] \r\n- xen-netfront: release per-queue Tx and Rx resource when disconnecting (David Vrabel) [Orabug: 21150627] \r\n- xen-netfront: fix locking in connect error path (David Vrabel) [Orabug: 21150627] \r\n- xen-netfront: call netif_carrier_off() only once when disconnecting (David Vrabel) [Orabug: 21150627] \r\n- xen-netfront: don't nest queue locks in xennet_connect() (David Vrabel) [Orabug: 21150627] \r\n- xen-net{back, front}: Document multi-queue feature in netif.h (Andrew J. Bennieston) [Orabug: 21150627] \r\n- xen-netfront: recreate queues correctly when reconnecting (David Vrabel) [Orabug: 21150627] \r\n- xen-netfront: fix oops when disconnected from backend (David Vrabel) [Orabug: 21150627] \r\n- xen-netfront: initialise queue name in xennet_init_queue (Wei Liu) [Orabug: 21150627] \r\n- xen-netfront: Add support for multiple queues (Andrew J. Bennieston) [Orabug: 21150627] \r\n- xen-netfront: Factor queue-specific data into queue struct. (Andrew J. Bennieston) [Orabug: 21150627] \r\n- xen-netback: bookkeep number of active queues in our own module (Wei Liu) [Orabug: 21150627] \r\n- net: xen-netback: include linux/vmalloc.h again (Arnd Bergmann) [Orabug: 21150627] \r\n- xen-netback: Add support for multiple queues (Andrew J. Bennieston) [Orabug: 21150627] \r\n- xen-netback: Factor queue-specific data into queue struct (Wei Liu) [Orabug: 21150627] \r\n- xen-netback: Move grant_copy_op array back into struct xenvif. (Andrew J. Bennieston) [Orabug: 21150627] \r\n- ixgbe: Look up MAC address in Open Firmware or IDPROM (Martin K Petersen) [Orabug: 20983421] \r\n- ixgbe: update to ver 4.0.3 (Ethan Zhao) [Orabug: 20983421]\r\n \n[3.8.13-82]\r\n- config: enable some secure boot features for ol7 (Guangyu Sun) [Orabug: 18961720] \r\n- efi: Disable secure boot if shim is in insecure mode (Josh Boyer) [Orabug: 18961720] \r\n- hibernate: Disable in a signed modules environment (Josh Boyer) [Orabug: 18961720] \r\n- efi: Add EFI_SECURE_BOOT bit (Josh Boyer) [Orabug: 18961720] \r\n- Add option to automatically set securelevel when in Secure Boot mode (Matthew Garrett) [Orabug: 18961720] \r\n- asus-wmi: Restrict debugfs interface when securelevel is set (Matthew Garrett) [Orabug: 18961720] \r\n- x86: Restrict MSR access when securelevel is set (Matthew Garrett) [Orabug: 18961720] \r\n- uswsusp: Disable when securelevel is set (Matthew Garrett) [Orabug: 18961720] \r\n- kexec: Disable at runtime if securelevel has been set. (Matthew Garrett) [Orabug: 18961720] \r\n- acpi: Ignore acpi_rsdp kernel parameter when securelevel is set (Matthew Garrett) [Orabug: 18961720] \r\n- acpi: Limit access to custom_method if securelevel is set (Matthew Garrett) [Orabug: 18961720] \r\n- Restrict /dev/mem and /dev/kmem when securelevel is set. (Matthew Garrett) [Orabug: 18961720] \r\n- x86: Lock down IO port access when securelevel is enabled (Matthew Garrett) [Orabug: 18961720] \r\n- PCI: Lock down BAR access when securelevel is enabled (Matthew Garrett) [Orabug: 18961720] \r\n- Enforce module signatures when securelevel is greater than 0 (Matthew Garrett) [Orabug: 18961720] \r\n- Add BSD-style securelevel support (Matthew Garrett) [Orabug: 18961720] \r\n- MODSIGN: Support not importing certs from db (Josh Boyer) [Orabug: 18961720] \r\n- MODSIGN: Import certificates from UEFI Secure Boot (Josh Boyer) [Orabug: 18961720] \r\n- MODSIGN: Add module certificate blacklist keyring (Josh Boyer) [Orabug: 18961720] \r\n- Add an EFI signature blob parser and key loader. (Dave Howells) [Orabug: 18961720] \r\n- Add EFI signature data types (Dave Howells) [Orabug: 18961720] \r\n- efi: fix error handling in add_sysfs_runtime_map_entry() (Dan Carpenter) [Orabug: 18961720] \r\n- PEFILE: Relax the check on the length of the PKCS#7 cert (David Howells) [Orabug: 18961720] \r\n- kexec: purgatory: add clean-up for purgatory directory (Michael Welling) [Orabug: 18961720] \r\n- x86/purgatory: use approprate -m64/-32 build flag for arch/x86/purgatory (Vivek Goyal) [Orabug: 18961720] \r\n- kexec: remove CONFIG_KEXEC dependency on crypto (Vivek Goyal) [Orabug: 18961720] \r\n- kexec: create a new config option CONFIG_KEXEC_FILE for new syscall (Vivek Goyal) [Orabug: 18961720] \r\n- resource: fix the case of null pointer access (Vivek Goyal) [Orabug: 18961720] \r\n- kexec: verify the signature of signed PE bzImage (Vivek Goyal) [Orabug: 18961720] \r\n- kexec: support kexec/kdump on EFI systems (Vivek Goyal) [Orabug: 18961720] \r\n- kexec: support for kexec on panic using new system call (Vivek Goyal) [Orabug: 18961720] \r\n- kexec-bzImage64: support for loading bzImage using 64bit entry (Vivek Goyal) [Orabug: 18961720] \r\n- kexec: load and relocate purgatory at kernel load time (Vivek Goyal) [Orabug: 18961720] \r\n- purgatory: core purgatory functionality (Vivek Goyal) [Orabug: 18961720] \r\n- purgatory/sha256: provide implementation of sha256 in purgaotory context (Vivek Goyal) [Orabug: 18961720] \r\n- kexec: implementation of new syscall kexec_file_load (Vivek Goyal) [Orabug: 18961720] \r\n- kexec: new syscall kexec_file_load() declaration (Vivek Goyal) [Orabug: 18961720] \r\n- kexec: make kexec_segment user buffer pointer a union (Vivek Goyal) [Orabug: 18961720] \r\n- resource: provide new functions to walk through resources (Vivek Goyal) [Orabug: 18961720] \r\n- kexec: use common function for kimage_normal_alloc() and kimage_crash_alloc() (Vivek Goyal) [Orabug: 18961720] \r\n- kexec: move segment verification code in a separate function (Vivek Goyal) [Orabug: 18961720] \r\n- kexec: rename unusebale_pages to unusable_pages (Vivek Goyal) [Orabug: 18961720] \r\n- kernel: build bin2c based on config option CONFIG_BUILD_BIN2C (Vivek Goyal) [Orabug: 18961720] \r\n- bin2c: move bin2c in scripts/basic (Vivek Goyal) [Orabug: 18961720] \r\n- kexec: remove unnecessary return (Xishi Qiu) [Orabug: 18961720] \r\n- keys: remove duplicated loads of ksplice certificate (Guangyu Sun) [Orabug: 21034277] \r\n- X.509: Support parse long form of length octets in Authority Key Identifier (Chun-Yi Lee) [Orabug: 18961720] \r\n- KEYS: Pre-clear struct key on allocation (David Howells) [Orabug: 18961720] \r\n- KEYS: Fix searching of nested keyrings (David Howells) [Orabug: 18961720] \r\n- KEYS: Fix multiple key add into associative array (David Howells) [Orabug: 18961720] \r\n- KEYS: Fix the keyring hash function (David Howells) [Orabug: 18961720] \r\n- PKCS#7: Fix the parser cleanup to drain parsed out X.509 certs (David Howells) [Orabug: 18961720] \r\n- PKCS#7: Provide a single place to do signed info block freeing (David Howells) [Orabug: 18961720] \r\n- PKCS#7: Add a missing static (David Howells) [Orabug: 18961720] \r\n- X.509: Need to export x509_request_asymmetric_key() (David Howells) [Orabug: 18961720] \r\n- PKCS#7: X.509 certificate issuer and subject are mandatory fields in the ASN.1 (David Howells) [Orabug: 18961720] \r\n- PKCS#7: Use x509_request_asymmetric_key() (David Howells) [Orabug: 18961720] \r\n- X.509: x509_request_asymmetric_keys() doesn't need string length arguments (David Howells) [Orabug: 18961720] \r\n- PKCS#7: fix sparse non static symbol warning (Wei Yongjun) [Orabug: 18961720] \r\n- PKCS#7: Missing inclusion of linux/err.h (David Howells) [Orabug: 18961720] \r\n- ima: define '.ima' as a builtin 'trusted' keyring (Mimi Zohar) [Orabug: 18961720] \r\n- KEYS: validate certificate trust only with builtin keys (Dmitry Kasatkin) [Orabug: 18961720] \r\n- KEYS: validate certificate trust only with selected key (Dmitry Kasatkin) [Orabug: 18961720] \r\n- KEYS: verify a certificate is signed by a 'trusted' key (Mimi Zohar) [Orabug: 18961720] \r\n- KEYS: make partial key id matching as a dedicated function (Dmitry Kasatkin) [Orabug: 18961720] \r\n- KEYS: Reinstate EPERM for a key type name beginning with a '.' (David Howells) [Orabug: 18961720] \r\n- KEYS: special dot prefixed keyring name bug fix (Mimi Zohar) [Orabug: 18961720] \r\n- pefile: Validate PKCS#7 trust chain (David Howells) [Orabug: 18961720] \r\n- pefile: Digest the PE binary and compare to the PKCS#7 data (David Howells) [Orabug: 18961720] \r\n- pefile: Handle pesign using the wrong OID (Vivek Goyal) [Orabug: 18961720] \r\n- pefile: Parse the 'Microsoft individual code signing' data blob (David Howells) [Orabug: 18961720] \r\n- pefile: Parse the presumed PKCS#7 content of the certificate blob (David Howells) [Orabug: 18961720] \r\n- pefile: Strip the wrapper off of the cert data block (David Howells) [Orabug: 18961720] \r\n- pefile: Parse a PE binary to find a key and a signature contained therein (David Howells) [Orabug: 18961720] \r\n- Provide PE binary definitions (David Howells) [Orabug: 18961720] \r\n- KEYS: X.509: Fix a spelling mistake (David Howells) [Orabug: 18961720] \r\n- PKCS#7: Provide a key type for testing PKCS#7 (David Howells) [Orabug: 18961720] \r\n- PKCS#7: Find intersection between PKCS#7 message and known, trusted keys (David Howells) [Orabug: 18961720] \r\n- PKCS#7: Verify internal certificate chain (David Howells) [Orabug: 18961720] \r\n- PKCS#7: Find the right key in the PKCS#7 key list and verify the signature (David Howells) [Orabug: 18961720] \r\n- PKCS#7: Digest the data in a signed-data message (David Howells) [Orabug: 18961720] \r\n- PKCS#7: Implement a parser [RFC 2315] (David Howells) [Orabug: 18961720] \r\n- X.509: Export certificate parse and free functions (David Howells) [Orabug: 18961720] \r\n- X.509: Add bits needed for PKCS#7 (David Howells) [Orabug: 18961720] \r\n- x86/efi: Support initrd loaded above 4G (Yinghai Lu) [Orabug: 18961720] \r\n- x86, boot: Do not include boot.h in string.c (Vivek Goyal) [Orabug: 18961720] \r\n- x86, boot: Move memcmp() into string.h and string.c (Vivek Goyal) [Orabug: 18961720] \r\n- x86, boot: Create a separate string.h file to provide standard string functions (Vivek Goyal) [Orabug: 18961720] \r\n- kexec: add sysctl to disable kexec_load (Kees Cook) [Orabug: 18961720] \r\n- x86: Add xloadflags bit for EFI runtime support on kexec (Dave Young) [Orabug: 18961720] \r\n- x86/efi: Pass necessary EFI data for kexec via setup_data (Dave Young) [Orabug: 18961720] \r\n- efi: Export EFI runtime memory mapping to sysfs (Dave Young) [Orabug: 18961720] \r\n- efi: Export more EFI table variables to sysfs (Dave Young) [Orabug: 18961720] \r\n- x86/efi: Cleanup efi_enter_virtual_mode() function (Dave Young) [Orabug: 18961720] \r\n- x86/efi: Fix off-by-one bug in EFI Boot Services reservation (Dave Young) [Orabug: 18961720] \r\n- x86/efi: Add a wrapper function efi_map_region_fixed() (Dave Young) [Orabug: 18961720] \r\n- keys: change asymmetric keys to use common hash definitions (Dmitry Kasatkin) [Orabug: 18961720] \r\n- crypto: provide single place for hash algo information (Dmitry Kasatkin) [Orabug: 18961720] \r\n- KEYS: fix error return code in big_key_instantiate() (Wei Yongjun) [Orabug: 18961720] \r\n- KEYS: Fix keyring quota misaccounting on key replacement and unlink (David Howells) [Orabug: 18961720] \r\n- KEYS: Fix a race between negating a key and reading the error set (David Howells) [Orabug: 18961720] \r\n- KEYS: Make BIG_KEYS boolean (Josh Boyer) [Orabug: 18961720] \r\n- X.509: remove possible code fragility: enumeration values not handled (Antonio Alecrim Jr) [Orabug: 18961720] \r\n- X.509: add module description and license (Konstantin Khlebnikov) [Orabug: 18961720] \r\n- MPILIB: add module description and license (Konstantin Khlebnikov) [Orabug: 18961720] \r", "edition": 72, "modified": "2015-07-30T00:00:00", "published": "2015-07-30T00:00:00", "id": "ELSA-2015-3064", "href": "http://linux.oracle.com/errata/ELSA-2015-3064.html", "title": "Unbreakable Enterprise kernel security , bug fix and enhancement update", "type": "oraclelinux", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}]}
