Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.
{"ubuntucve": [{"lastseen": "2022-02-17T11:35:28", "description": "mwifiex_cmd_802_11_ad_hoc_start in\ndrivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n5.10.4 might allow remote attackers to execute arbitrary code via a long\nSSID value, aka CID-5c455c5ab332.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 6.7, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-01-05T00:00:00", "type": "ubuntucve", "title": "CVE-2020-36158", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36158"], "modified": "2021-01-05T00:00:00", "id": "UB:CVE-2020-36158", "href": "https://ubuntu.com/security/CVE-2020-36158", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T18:00:39", "description": "mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-05T05:15:00", "type": "cve", "title": "CVE-2020-36158", "cwe": ["CWE-120"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36158"], "modified": "2021-03-09T21:15:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "cpe:/o:linux:linux_kernel:5.10.4"], "id": "CVE-2020-36158", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36158", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:5.10.4:*:*:*:*:*:*:*"]}], "oraclelinux": [{"lastseen": "2021-07-28T14:24:57", "description": "kernel-uek\n[3.8.13-118.54.1]\n- mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349209] {CVE-2020-36158}", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 6.7, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-02-09T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36158"], "modified": "2021-02-09T00:00:00", "id": "ELSA-2021-9041", "href": "http://linux.oracle.com/errata/ELSA-2021-9041.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:58", "description": "kernel-uek\n[3.8.13-118.54.1]\n- mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349209] {CVE-2020-36158}", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 6.7, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-02-09T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36158"], "modified": "2021-02-09T00:00:00", "id": "ELSA-2021-9040", "href": "http://linux.oracle.com/errata/ELSA-2021-9040.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:52", "description": "[2.6.39-400.330.1]\n- mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349211] {CVE-2020-36158}\n[2.6.39-400.329.1]\n- Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts (Peilin Ye) [Orabug: 32176268] {CVE-2020-28915}\n- fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (Peilin Ye) [Orabug: 32176268] {CVE-2020-28915}\n- vt: Disable KD_FONT_OP_COPY (Daniel Vetter) [Orabug: 32187752] {CVE-2020-28974}\n- vt: sort out locking for font handling (Alan Cox) [Orabug: 32187752] {CVE-2020-28974}", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 6.7, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-02-09T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28915", "CVE-2020-28974", "CVE-2020-36158"], "modified": "2021-02-09T00:00:00", "id": "ELSA-2021-9043", "href": "http://linux.oracle.com/errata/ELSA-2021-9043.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-30T06:24:43", "description": "[4.14.35-2025.405.3]\n- Revert 'rds: Deregister all FRWR mr with free_mr' (aru kolappan) [Orabug: 32426280]\n[4.14.35-2025.405.2]\n- nfs: Fix security label length not being reset (Jeffrey Mitchell) [Orabug: 32350995]\n[4.14.35-2025.405.1]\n- net/rds: Fix gfp_t parameter (Hans Westgaard Ry) [Orabug: 32372162] \n- uek-rpm: update kABI lists for new symbol (Dan Duval) [Orabug: 32378208] \n- sysctl: handle overflow in proc_get_long (Christian Brauner) [Orabug: 32382641] \n- net/mlx5: Use a single MSIX vector for all control EQs in VFs (Ariel Levkovich) [Orabug: 31785275] \n- net/mlx5: Fix available EQs FW used to reserve (Denis Drozdov) [Orabug: 31785275] \n- net/mlx5: Use max_num_eqs for calculation of required MSIX vectors (Denis Drozdov) [Orabug: 31785275] \n- net/mlx5: Expose DEVX specification (Yishai Hadas) [Orabug: 31785275] \n- x86/process: Mark cpu inactive before offlining (Mridula Shastry) [Orabug: 32245085] \n- target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 32248040] {CVE-2020-28374}\n[4.14.35-2025.405.0]\n- KVM: x86: clflushopt should be treated as a no-op by emulation (David Edmondson) [Orabug: 32251913] \n- tty: Fix ->session locking (Jann Horn) [Orabug: 32266681] {CVE-2020-29660}\n- tty: Fix ->pgrp locking in tiocspgrp() (Jann Horn) [Orabug: 32266681] {CVE-2020-29660}\n- lockd: don't use interval-based rebinding over TCP (Calum Mackay) [Orabug: 32337718] \n- mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349207] {CVE-2020-36158}\n- add license checking to kABI checker (Dan Duval) [Orabug: 32355210]", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2021-02-08T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28374", "CVE-2020-29660", "CVE-2020-36158"], "modified": "2021-02-08T00:00:00", "id": "ELSA-2021-9035", "href": "http://linux.oracle.com/errata/ELSA-2021-9035.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-30T06:24:36", "description": "[4.14.35-2025.405.3.el7]\n- Revert 'rds: Deregister all FRWR mr with free_mr' (aru kolappan) [Orabug:\n 32426280]\n[4.14.35-2025.405.2.el7]\n- nfs: Fix security label length not being reset (Jeffrey Mitchell) [Orabug:\n 32350995]\n[4.14.35-2025.405.1.el7]\n- net/rds: Fix gfp_t parameter (Hans Westgaard Ry) [Orabug: 32372162]\n- uek-rpm: update kABI lists for new symbol (Dan Duval) [Orabug: 32378208]\n- sysctl: handle overflow in proc_get_long (Christian Brauner) [Orabug: 32382641]\n- net/mlx5: Use a single MSIX vector for all control EQs in VFs (Ariel Levkovich) [Orabug: 31785275]\n- net/mlx5: Fix available EQs FW used to reserve (Denis Drozdov) [Orabug: 31785275]\n- net/mlx5: Use max_num_eqs for calculation of required MSIX vectors (Denis Drozdov) [Orabug: 31785275]\n- net/mlx5: Expose DEVX specification (Yishai Hadas) [Orabug: 31785275]\n- x86/process: Mark cpu inactive before offlining (Mridula Shastry) [Orabug: 32245085]\n- target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 32248040] {CVE-2020-28374}\n[4.14.35-2025.405.0.el7]\n- KVM: x86: clflushopt should be treated as a no-op by emulation (David Edmondson) [Orabug: 32251913]\n- tty: Fix ->session locking (Jann Horn) [Orabug: 32266681] {CVE-2020-29660}\n- tty: Fix ->pgrp locking in tiocspgrp() (Jann Horn) [Orabug: 32266681] {CVE-2020-29660}\n- lockd: don't use interval-based rebinding over TCP (Calum Mackay) [Orabug: 32337718]\n- mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349207] {CVE-2020-36158}\n- add license checking to kABI checker (Dan Duval) [Orabug: 32355210]", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2021-02-08T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28374", "CVE-2020-29660", "CVE-2020-36158"], "modified": "2021-02-08T00:00:00", "id": "ELSA-2021-9039", "href": "http://linux.oracle.com/errata/ELSA-2021-9039.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:25:00", "description": "[5.4.17-2036.103.3.el7]\n- Revert 'rds: Deregister all FRWR mr with free_mr' (aru kolappan) [Orabug:\n 32426610]\n[5.4.17-2036.103.2.el7]\n- A/A Bonding: Fix a one-byte-off kmalloc (Hakon Bugge) [Orabug: 32380824]\n- netfilter: add and use nf_hook_slow_list() (Florian Westphal) [Orabug: 32372530] {CVE-2021-20177}\n- net/rds: Fix gfp_t parameter (Hans Westgaard Ry) [Orabug: 32372158]\n- uek-rpm: Report removed symbols also during kabi check (Somasundaram Krishnasamy) [Orabug: 32380061]\n- A/A Bonding: Introduce selective interface name inclusion (Hakon Bugge) [Orabug: 32350974]\n- uek-rpm: add nfs_ssc to nano_modules (Calum Mackay) [Orabug: 32346419]\n- target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 32248035] {CVE-2020-28374}\n[5.4.17-2036.103.1.el7]\n- mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349203] {CVE-2020-36158}\n- x86/process: Mark cpu inactive before offlining (Mridula Shastry) [Orabug: 32234812]\n- add license checking to kABI checker (Dan Duval) [Orabug: 32355206]\n[5.4.17-2036.103.0.el7]\n- lockd: don't use interval-based rebinding over TCP (Calum Mackay) [Orabug: 32337715]\n- tools: update header files in the tools directory (Thomas Tai) [Orabug: 32321484]\n- perf: Fix a kABI breakage in perf_event.h (Thomas Tai) [Orabug: 32321484]\n- perf/x86: Fix n_metric for cancelled txn (Peter Zijlstra) [Orabug: 32321484]\n- perf/x86: Fix n_pair for cancelled txn (Peter Zijlstra) [Orabug: 32321484]\n- perf/x86/intel: Check perf metrics feature for each CPU (Kan Liang) [Orabug: 32321484]\n- perf/x86/intel: Support per-thread RDPMC TopDown metrics (Kan Liang) [Orabug: 32321484]\n- perf/x86/intel: Support TopDown metrics on Ice Lake (Kan Liang) [Orabug: 32321484]\n- perf/x86: Use event_base_rdpmc for the RDPMC userspace support (Kan Liang) [Orabug: 32321484]\n- perf/x86: Add a macro for RDPMC offset of fixed counters (Kan Liang) [Orabug: 32321484]\n- perf/x86/intel: Generic support for hardware TopDown metrics (Kan Liang) [Orabug: 32321484]\n- perf/core: Add a new PERF_EV_CAP_SIBLING event capability (Kan Liang) [Orabug: 32321484]\n- perf/core: Unify {pinned,flexible}_sched_in() (Peter Zijlstra) [Orabug: 32321484]\n- perf/x86/intel: Use switch in intel_pmu_disable/enable_event (Kan Liang) [Orabug: 32321484]\n- perf/x86: Keep LBR records unchanged in host context for guest usage (Like Xu) [Orabug: 32321484]\n- perf/x86/intel: Fix the name of perf METRICS (Kan Liang) [Orabug: 32321484]\n- perf/x86/intel: Move BTS index to 47 (Kan Liang) [Orabug: 32321484]\n- perf/x86/intel: Introduce the fourth fixed counter (Kan Liang) [Orabug: 32321484]\n- perf/x86/intel: Name the global status bit in NMI handler (Kan Liang) [Orabug: 32321484]\n- perf/x86: Add constraint to create guest LBR event without hw counter (Like Xu) [Orabug: 32321484]\n- perf/x86/lbr: Add interface to get LBR information (Like Xu) [Orabug: 32321484]\n- perf/x86/core: Refactor hw->idx checks and cleanup (Like Xu) [Orabug: 32321484]\n- perf/x86/intel: Avoid unnecessary PEBS_ENABLE MSR access in PMI (Kan Liang) [Orabug: 32321484]\n- perf/x86: Provide stubs of KVM helpers for non-Intel CPUs (Sean Christopherson) [Orabug: 32321484]\n- partitions/efi: Enable no warning option for the GPT warnings related to alternative header (Saeed Mirzamohammadi) [Orabug: 32302136]\n- Revert 'cpu/hotplug: avoid race between cpuset_hotplug_workfn and later hotplug' (Daniel Jordan) [Orabug: 32295229]\n- cpuset: fix race between hotplug work and later CPU offline (Daniel Jordan) [Orabug: 32295229]\n- uek-rpm: aarch64: update PMU configs for Altra (Dave Kleikamp) [Orabug: 32290034]\n- driver/perf: Add PMU driver for the ARM DMC-620 memory controller (Tuan Phan) [Orabug: 32290034]\n- perf: arm-cmn: Fix conversion specifiers for node type (Will Deacon) [Orabug: 32290034]\n- perf: arm-cmn: Fix unsigned comparison to less than zero (Will Deacon) [Orabug: 32290034]\n- perf: Add Arm CMN-600 PMU driver (Robin Murphy) [Orabug: 32290034]\n- perf: Add Arm CMN-600 DT binding (Robin Murphy) [Orabug: 32290034]\n- perf: arm_dsu: Support DSU ACPI devices (Tuan Phan) [Orabug: 32290034]\n- arm64: acpi: Make apei_claim_sea() synchronise with APEI's irq work (James Morse) [Orabug: 32290034]\n- ACPI: APEI: Kick the memory_failure() queue for synchronous errors (James Morse) [Orabug: 32290034]\n- iommu/arm-smmu-v3: Don't reserve implementation defined register space (Jean-Philippe Brucker) [Orabug: 32290034]\n- Revert 'BACKPORT: perf: Add Arm CMN-600 DT binding' (Dave Kleikamp) [Orabug: 32290034]\n- Revert 'BACKPORT: WIP: perf: Add Arm CMN-600 PMU driver' (Dave Kleikamp) [Orabug: 32290034]\n- Revert 'BACKPORT: WIP: perf/arm-cmn: Add ACPI support' (Dave Kleikamp) [Orabug: 32290034]\n- Revert 'perf: Add ARM DMC-620 PMU driver.' (Dave Kleikamp) [Orabug: 32290034]\n- Revert 'BACKPORT: ACPI / APEI: Kick the memory_failure() queue for synchronous errors' (Dave Kleikamp) [Orabug: 32290034]\n- Revert 'BACKPORT: arm64: acpi: Make apei_claim_sea() synchronise with APEI's irq work' (Dave Kleikamp) [Orabug: 32290034]\n- Revert 'Perf: arm-cmn: Allow irq to be shared.' (Dave Kleikamp) [Orabug: 32290034]\n- Revert 'perf: arm_cmn: improve and make it work on 2P.' (Dave Kleikamp) [Orabug: 32290034]\n- Revert 'perf: arm_dsu: Allow IRQ to be shared among devices.' (Dave Kleikamp) [Orabug: 32290034]\n- Revert 'perf: arm_dsu: Support ACPI mode.' (Dave Kleikamp) [Orabug: 32290034]\n- Revert 'perf: arm_dmc620: Update ACPI ID.' (Dave Kleikamp) [Orabug: 32290034]\n- Revert 'perf: avoid breaking KABI by reusing enum' (Dave Kleikamp) [Orabug: 32290034]\n- Revert 'perf/smmuv3: Allow sharing MMIO registers with the SMMU driver' (Dave Kleikamp) [Orabug: 32290034]\n- tty: Fix ->session locking (Jann Horn) [Orabug: 32266677] {CVE-2020-29660}\n- tty: Fix ->pgrp locking in tiocspgrp() (Jann Horn) [Orabug: 32266677] {CVE-2020-29660}\n- xen-blkback: set ring->xenblkd to NULL after kthread_stop() (Pawel Wieczorkiewicz) [Orabug: 32260252] {CVE-2020-29569}\n- xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus: Count pending messages for each watch (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus: Allow watches discard events before queueing (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- KVM: x86: clflushopt should be treated as a no-op by emulation (David Edmondson) [Orabug: 32251910]", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-02-08T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28374", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-29660", "CVE-2020-36158", "CVE-2021-20177"], "modified": "2021-02-08T00:00:00", "id": "ELSA-2021-9038", "href": "http://linux.oracle.com/errata/ELSA-2021-9038.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-30T06:24:35", "description": "[4.1.12-124.47.3]\n- sysctl: handle overflow in proc_get_long (Christian Brauner) [Orabug: 31588015]\n[4.1.12-124.47.2]\n- mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() (Qing Xu) [Orabug: 31350932] {CVE-2020-12653}\n- lockd: don't use interval-based rebinding over TCP (Calum Mackay) [Orabug: 31435700] \n- ALSA: rawmidi: Fix racy buffer resize under concurrent accesses (Takashi Iwai) [Orabug: 32240688] {CVE-2020-27786}\n- xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park) [Orabug: 32247942] {CVE-2020-29568}\n- xen/xenbus: Count pending messages for each watch (SeongJae Park) [Orabug: 32247942] {CVE-2020-29568}\n- xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae Park) [Orabug: 32247942] {CVE-2020-29568}\n- xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() (SeongJae Park) [Orabug: 32247942] {CVE-2020-29568}\n- xen/xenbus: Allow watches discard events before queueing (SeongJae Park) [Orabug: 32247942] {CVE-2020-29568}\n- KVM: x86: clflushopt should be treated as a no-op by emulation (David Edmondson) [Orabug: 32251907] \n- tty: Fix ->session locking (Jann Horn) [Orabug: 32266682] {CVE-2020-29660}\n- tty: Fix ->pgrp locking in tiocspgrp() (Jann Horn) [Orabug: 32266682] {CVE-2020-29660}\n- tty: core: Use correct spinlock flavor in tiocspgrp() (Peter Hurley) [Orabug: 32266682] {CVE-2020-29660}\n- mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349208] {CVE-2020-36158}\n[4.1.12-124.47.1]\n- target: fix XCOPY NAA identifier lookup (Mike Christie) [Orabug: 32374139] {CVE-2020-28374}", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2021-02-03T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12653", "CVE-2020-27786", "CVE-2020-28374", "CVE-2020-29568", "CVE-2020-29660", "CVE-2020-36158"], "modified": "2021-02-03T00:00:00", "id": "ELSA-2021-9030", "href": "http://linux.oracle.com/errata/ELSA-2021-9030.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:59", "description": "[5.4.17-2036.103.3]\n- Revert 'rds: Deregister all FRWR mr with free_mr' (aru kolappan) [Orabug: 32426610]\n[5.4.17-2036.103.2]\n- A/A Bonding: Fix a one-byte-off kmalloc (Hakon Bugge) [Orabug: 32380824] \n- netfilter: add and use nf_hook_slow_list() (Florian Westphal) [Orabug: 32372530] {CVE-2021-20177}\n- net/rds: Fix gfp_t parameter (Hans Westgaard Ry) [Orabug: 32372158] \n- uek-rpm: Report removed symbols also during kabi check (Somasundaram Krishnasamy) [Orabug: 32380061] \n- uek-rpm: update kABI lists for new symbol (Dan Duval) [Orabug: 32378206] \n- A/A Bonding: Introduce selective interface name inclusion (Hakon Bugge) [Orabug: 32350974] \n- uek-rpm: add nfs_ssc to nano_modules (Calum Mackay) [Orabug: 32346419] \n- target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 32248035] {CVE-2020-28374}\n[5.4.17-2036.103.1]\n- mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349203] {CVE-2020-36158}\n- x86/process: Mark cpu inactive before offlining (Mridula Shastry) [Orabug: 32234812] \n- add license checking to kABI checker (Dan Duval) [Orabug: 32355206]\n[5.4.17-2036.103.0]\n- lockd: don't use interval-based rebinding over TCP (Calum Mackay) [Orabug: 32337715] \n- tools: update header files in the tools directory (Thomas Tai) [Orabug: 32321484] \n- perf: Fix a kABI breakage in perf_event.h (Thomas Tai) [Orabug: 32321484] \n- perf/x86: Fix n_metric for cancelled txn (Peter Zijlstra) [Orabug: 32321484] \n- perf/x86: Fix n_pair for cancelled txn (Peter Zijlstra) [Orabug: 32321484] \n- perf/x86/intel: Check perf metrics feature for each CPU (Kan Liang) [Orabug: 32321484] \n- perf/x86/intel: Support per-thread RDPMC TopDown metrics (Kan Liang) [Orabug: 32321484] \n- perf/x86/intel: Support TopDown metrics on Ice Lake (Kan Liang) [Orabug: 32321484] \n- perf/x86: Use event_base_rdpmc for the RDPMC userspace support (Kan Liang) [Orabug: 32321484] \n- perf/x86: Add a macro for RDPMC offset of fixed counters (Kan Liang) [Orabug: 32321484] \n- perf/x86/intel: Generic support for hardware TopDown metrics (Kan Liang) [Orabug: 32321484] \n- perf/core: Add a new PERF_EV_CAP_SIBLING event capability (Kan Liang) [Orabug: 32321484] \n- perf/core: Unify {pinned,flexible}_sched_in() (Peter Zijlstra) [Orabug: 32321484] \n- perf/x86/intel: Use switch in intel_pmu_disable/enable_event (Kan Liang) [Orabug: 32321484] \n- perf/x86: Keep LBR records unchanged in host context for guest usage (Like Xu) [Orabug: 32321484] \n- perf/x86/intel: Fix the name of perf METRICS (Kan Liang) [Orabug: 32321484] \n- perf/x86/intel: Move BTS index to 47 (Kan Liang) [Orabug: 32321484] \n- perf/x86/intel: Introduce the fourth fixed counter (Kan Liang) [Orabug: 32321484] \n- perf/x86/intel: Name the global status bit in NMI handler (Kan Liang) [Orabug: 32321484] \n- perf/x86: Add constraint to create guest LBR event without hw counter (Like Xu) [Orabug: 32321484] \n- perf/x86/lbr: Add interface to get LBR information (Like Xu) [Orabug: 32321484] \n- perf/x86/core: Refactor hw->idx checks and cleanup (Like Xu) [Orabug: 32321484] \n- perf/x86/intel: Avoid unnecessary PEBS_ENABLE MSR access in PMI (Kan Liang) [Orabug: 32321484] \n- perf/x86: Provide stubs of KVM helpers for non-Intel CPUs (Sean Christopherson) [Orabug: 32321484] \n- partitions/efi: Enable no warning option for the GPT warnings related to alternative header (Saeed Mirzamohammadi) [Orabug: 32302136] \n- Revert 'cpu/hotplug: avoid race between cpuset_hotplug_workfn and later hotplug' (Daniel Jordan) [Orabug: 32295229] \n- cpuset: fix race between hotplug work and later CPU offline (Daniel Jordan) [Orabug: 32295229] \n- uek-rpm: aarch64: update PMU configs for Altra (Dave Kleikamp) [Orabug: 32290034] \n- driver/perf: Add PMU driver for the ARM DMC-620 memory controller (Tuan Phan) [Orabug: 32290034] \n- perf: arm-cmn: Fix conversion specifiers for node type (Will Deacon) [Orabug: 32290034] \n- perf: arm-cmn: Fix unsigned comparison to less than zero (Will Deacon) [Orabug: 32290034] \n- perf: Add Arm CMN-600 PMU driver (Robin Murphy) [Orabug: 32290034] \n- perf: Add Arm CMN-600 DT binding (Robin Murphy) [Orabug: 32290034] \n- perf: arm_dsu: Support DSU ACPI devices (Tuan Phan) [Orabug: 32290034] \n- arm64: acpi: Make apei_claim_sea() synchronise with APEI's irq work (James Morse) [Orabug: 32290034] \n- ACPI: APEI: Kick the memory_failure() queue for synchronous errors (James Morse) [Orabug: 32290034] \n- iommu/arm-smmu-v3: Don't reserve implementation defined register space (Jean-Philippe Brucker) [Orabug: 32290034] \n- Revert 'BACKPORT: perf: Add Arm CMN-600 DT binding' (Dave Kleikamp) [Orabug: 32290034] \n- Revert 'BACKPORT: WIP: perf: Add Arm CMN-600 PMU driver' (Dave Kleikamp) [Orabug: 32290034] \n- Revert 'BACKPORT: WIP: perf/arm-cmn: Add ACPI support' (Dave Kleikamp) [Orabug: 32290034] \n- Revert 'perf: Add ARM DMC-620 PMU driver.' (Dave Kleikamp) [Orabug: 32290034] \n- Revert 'BACKPORT: ACPI / APEI: Kick the memory_failure() queue for synchronous errors' (Dave Kleikamp) [Orabug: 32290034] \n- Revert 'BACKPORT: arm64: acpi: Make apei_claim_sea() synchronise with APEI's irq work' (Dave Kleikamp) [Orabug: 32290034] \n- Revert 'Perf: arm-cmn: Allow irq to be shared.' (Dave Kleikamp) [Orabug: 32290034] \n- Revert 'perf: arm_cmn: improve and make it work on 2P.' (Dave Kleikamp) [Orabug: 32290034] \n- Revert 'perf: arm_dsu: Allow IRQ to be shared among devices.' (Dave Kleikamp) [Orabug: 32290034] \n- Revert 'perf: arm_dsu: Support ACPI mode.' (Dave Kleikamp) [Orabug: 32290034] \n- Revert 'perf: arm_dmc620: Update ACPI ID.' (Dave Kleikamp) [Orabug: 32290034] \n- Revert 'perf: avoid breaking KABI by reusing enum' (Dave Kleikamp) [Orabug: 32290034] \n- Revert 'perf/smmuv3: Allow sharing MMIO registers with the SMMU driver' (Dave Kleikamp) [Orabug: 32290034] \n- tty: Fix ->session locking (Jann Horn) [Orabug: 32266677] {CVE-2020-29660}\n- tty: Fix ->pgrp locking in tiocspgrp() (Jann Horn) [Orabug: 32266677] {CVE-2020-29660}\n- xen-blkback: set ring->xenblkd to NULL after kthread_stop() (Pawel Wieczorkiewicz) [Orabug: 32260252] {CVE-2020-29569}\n- xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus: Count pending messages for each watch (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus: Allow watches discard events before queueing (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- KVM: x86: clflushopt should be treated as a no-op by emulation (David Edmondson) [Orabug: 32251910]", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-02-08T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28374", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-29660", "CVE-2020-36158", "CVE-2021-20177"], "modified": "2021-02-08T00:00:00", "id": "ELSA-2021-9037", "href": "http://linux.oracle.com/errata/ELSA-2021-9037.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-30T06:24:58", "description": "[4.14.35-2047.500.9.1]\n- xen-blkback: fix error handling in xen_blkbk_map() (Jan Beulich) [Orabug: 32492110] {CVE-2021-26930}\n- xen-scsiback: dont 'handle' error by BUG() (Jan Beulich) [Orabug: 32492102] {CVE-2021-26931}\n- xen-netback: dont 'handle' error by BUG() (Jan Beulich) [Orabug: 32492102] {CVE-2021-26931}\n- xen-blkback: dont 'handle' error by BUG() (Jan Beulich) [Orabug: 32492102] {CVE-2021-26931}\n- Xen/gntdev: correct error checking in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492094] {CVE-2021-26932}\n- Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492094] {CVE-2021-26932}\n- Xen/x86: also check kernel mapping in set_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492094] {CVE-2021-26932}\n- Xen/x86: dont bail early from clear_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492094] {CVE-2021-26932}\n[4.14.35-2047.500.9]\n- Revert 'rds: Deregister all FRWR mr with free_mr' (aru kolappan) [Orabug: 32426612] \n- A/A Bonding: Add synchronized bundle failback (Gerd Rausch) [Orabug: 31175013] \n- net/rds: Incorrect RDS protocol version fall back (Ka-Cheong Poon) [Orabug: 32376163] \n- net/rds: Missing RDS/RDMA private data in response to connection request (Ka-Cheong Poon) [Orabug: 32388407]\n[4.14.35-2047.500.8]\n- uek-rpm: update kABI lists for new symbol (Dan Duval) [Orabug: 32341032] \n- net/rds: Fix gfp_t parameter (Hans Westgaard Ry) [Orabug: 32372161] \n- A/A Bonding: Fix a one-byte-off kmalloc (Hakon Bugge) [Orabug: 32380826] \n- x86/process: Mark cpu inactive before offlining (Mridula Shastry) [Orabug: 32245078] \n- A/A Bonding: Introduce selective interface name inclusion (Hakon Bugge) [Orabug: 32350976] \n- net/mlx5: Use a single MSIX vector for all control EQs in VFs (Ariel Levkovich) [Orabug: 32368440] \n- net/mlx5: Fix available EQs FW used to reserve (Denis Drozdov) [Orabug: 32368440] \n- net/mlx5: Use max_num_eqs for calculation of required MSIX vectors (Denis Drozdov) [Orabug: 32368440] \n- net/mlx5: Expose DEVX specification (Yishai Hadas) [Orabug: 32368440] \n- target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 32248037] {CVE-2020-28374}\n[4.14.35-2047.500.7]\n- partitions/efi: Enable no warning option for the GPT warnings related to alternative header (Saeed Mirzamohammadi) [Orabug: 32047319] \n- xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park) [Orabug: 32253411] {CVE-2020-29568}\n- xen/xenbus: Count pending messages for each watch (SeongJae Park) [Orabug: 32253411] {CVE-2020-29568}\n- xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae Park) [Orabug: 32253411] {CVE-2020-29568}\n- xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() (SeongJae Park) [Orabug: 32253411] {CVE-2020-29568}\n- xen/xenbus: Allow watches discard events before queueing (SeongJae Park) [Orabug: 32253411] {CVE-2020-29568}\n- xen-blkback: set ring->xenblkd to NULL after kthread_stop() (Pawel Wieczorkiewicz) [Orabug: 32260255] {CVE-2020-29569}\n- lockd: dont use interval-based rebinding over TCP (Calum Mackay) [Orabug: 32337717] \n- mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349205] {CVE-2020-36158}\n- add license checking to kABI checker (Dan Duval) [Orabug: 32355208]\n[4.14.35-2047.500.6]\n- net/rds: Only yield with a valid 'i_connecting_ts' timestamp (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Only increment rdma_resolve_route timeout on error (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Dont block workqueues 'cma_wq' and 'cm.wq' (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Dont drop neighbor loopback connection (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Take the GID offset into account for IB devices (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Leave the neighbor cache alone (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Give each connection its own workqueue (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Disassociate ic and cm_id before rdma_destroy_id (Gerd Rausch) [Orabug: 31030774] \n- Revert 'rds: ib: Implement proper cm_id compare' (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Add a rdma_cm watchdog timer (Gerd Rausch) [Orabug: 31030774] \n- Revert 'RDS: IB: fix panic with handlers running post teardown' (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Release all resources allocated by 'rds_ib_setup_qp' (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Change the 'rds_aux_wq' workqueue to loose order (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Dont sleep inside worker threads (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Fix a few race conditions (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Execute 'rdma_destroy_id' in the background (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Delay reconnects from passive side by 3 seconds (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Drop connections when peers perform failover (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Yield to incoming connection requests (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Remove stale comments about random backoff (Gerd Rausch) [Orabug: 31030774]\n[4.14.35-2047.500.5]\n- KVM: x86: clflushopt should be treated as a no-op by emulation (David Edmondson) [Orabug: 32251912] \n- tty: Fix ->session locking (Jann Horn) [Orabug: 32266679] {CVE-2020-29660}\n- tty: Fix ->pgrp locking in tiocspgrp() (Jann Horn) [Orabug: 32266679] {CVE-2020-29660}\n[4.14.35-2047.500.4]\n- bnxt_en: Release PCI regions when DMA mask setup fails during probe. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: fix error return code in bnxt_init_board() (Zhang Changzhong) [Orabug: 32223677] \n- bnxt_en: fix error return code in bnxt_init_one() (Zhang Changzhong) [Orabug: 32223677] \n- bnxt_en: Fix counter overflow logic. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: read EEPROM A2h address using page 0 (Edwin Peer) [Orabug: 32223677] \n- bnxt_en: Re-write PCI BARs after PCI fatal error. (Vasundhara Volam) [Orabug: 32223677] \n- bnxt_en: Set driver default message level. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Enable online self tests for multi-host/NPAR mode. (Vasundhara Volam) [Orabug: 32223677] \n- bnxt_en: Eliminate unnecessary RX resets. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Reduce unnecessary message log during RX errors. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Add a software counter for RX ring reset. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Implement RX ring reset in response to buffer errors. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Refactor bnxt_init_one_rx_ring(). (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Refactor bnxt_free_rx_skbs(). (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Update firmware interface spec to 1.10.1.68. (Vasundhara Volam) [Orabug: 32223677] \n- bnxt_en: Improve preset max value for ethtool -l. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Handle ethernet link being disabled by firmware. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: add basic infrastructure to support PAM4 link speeds (Edwin Peer) [Orabug: 32223677] \n- bnxt_en: refactor bnxt_get_fw_speed() (Edwin Peer) [Orabug: 32223677] \n- bnxt_en: refactor code to limit speed advertising (Edwin Peer) [Orabug: 32223677] \n- bnxt_en: Update firmware interface spec to 1.10.1.65. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Fix wrong flag value passed to HWRM_PORT_QSTATS_EXT fw call. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Fix HWRM_FUNC_QSTATS_EXT firmware call. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Return -EOPNOTSUPP for ETHTOOL_GREGS on VFs. (Vasundhara Volam) [Orabug: 32223677] \n- bnxt_en: return proper error codes in bnxt_show_temp (Edwin Peer) [Orabug: 32223677] \n- bnxt_en: Setup default RSS map in all scenarios. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: init RSS table for Minimal-Static VF reservation (Edwin Peer) [Orabug: 32223677] \n- bnxt_en: fix HWRM error when querying VF temperature (Edwin Peer) [Orabug: 32223677] \n- bnxt_en: Fix ethtool -S statitics with XDP or TCs enabled. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Dont query FW when netif_running() is false. (Pavan Chebbi) [Orabug: 32223677] \n- bnxt_en: Add support for 'ethtool -d' (Vasundhara Volam) [Orabug: 32223677] \n- bnxt_en: Switch over to use the 64-bit software accumulated counters. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Accumulate all counters. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Retrieve hardware masks for port counters. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Retrieve hardware counter masks from firmware if available. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Allocate additional memory for all statistics blocks. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Refactor statistics code and structures. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Use macros to define port statistics size and offset. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Update firmware interface to 1.10.1.54. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Remove PCIe non-counters from ethtool statistics (Vasundhara Volam) [Orabug: 32223677] \n- net: bnxt: don't complain if TC flower can't be supported (Jakub Kicinski) [Orabug: 32223677] \n- bnxt_en: Fix completion ring sizing with TPA enabled. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Init ethtool link settings after reading updated PHY configuration. (Vasundhara Volam) [Orabug: 32223677] \n- perf/core: Fix race in the perf_mmap_close() function (Jiri Olsa) [Orabug: 32233354] {CVE-2020-14351}\n- vhost scsi: fix lun reset completion handling (Mike Christie) [Orabug: 32201608] \n- vhost scsi: Add support for LUN resets. (Mike Christie) [Orabug: 32201608] \n- vhost/scsi: Use copy_to_iter() to send control queue response (Bijan Mottahedeh) [Orabug: 32201608] \n- vhost scsi: add lun parser helper (Mike Christie) [Orabug: 32201608] \n- vhost scsi: fix cmd completion race (Mike Christie) [Orabug: 32201608] \n- vhost scsi: alloc cmds per vq instead of session (Mike Christie) [Orabug: 32201608] \n- vhost: add helper to check if a vq has been setup (Mike Christie) [Orabug: 32201608] \n- scsi: sd: Allow user to configure command retries (Mike Christie) [Orabug: 32201608] \n- scsi: core: Add limitless cmd retry support (Mike Christie) [Orabug: 32201608] \n- dm crypt: Allow unaligned bio buffer lengths for skcipher devices (Sudhakar Panneerselvam) [Orabug: 32210458] \n- intel_idle: Customize IceLake server support (Chen Yu) [Orabug: 32219015] \n- qla2xxx: Add missing module version banner (John Donnelly) [Orabug: 32244934] \n- scsi: mpt3sas: Update driver version to 36.100.00.00 (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Handle trigger page after firmware update (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Add persistent MPI trigger page (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Add persistent SCSI sense trigger page (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Add persistent Event trigger page (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Add persistent Master trigger page (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Add persistent trigger pages support (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Sync time periodically between driver and firmware (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Bump driver version to 35.101.00.00 (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Add module parameter multipath_on_hba (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Handle vSES vphy object during HBA reset (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Add bypass_dirty_port_flag parameter (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Handling HBA vSES device (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Set valid PhysicalPort in SMPPassThrough (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Update hba_port objects after host reset (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Get sas_device objects using devices rphy (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Rename transport_del_phy_from_an_existing_port() (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Get device objects using sas_address & portID (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Update hba_ports sas_address & phy_mask (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Rearrange _scsih_mark_responding_sas_device() (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Allocate memory for hba_port objects (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Define hba_port structure (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Fix ioctl timeout (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: A small correction in _base_process_reply_queue (Tomas Henzl) [Orabug: 32223781] \n- scsi: mpt3sas: Fix sync irqs (Tomas Henzl) [Orabug: 32223781] \n- scsi: mpt3sas: Detect tampered Aero and Sea adapters (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Dont call disable_irq from IRQ poll handler (Tomas Henzl) [Orabug: 32223781] \n- scsi: mpt3sas: Remove pci-dma-compat wrapper API (Suraj Upadhyay) [Orabug: 32223781] \n- scsi: mpt3sas: Remove superfluous memset() (Li Heng) [Orabug: 32223781] \n- scsi: mpt3sas: Update driver version to 35.100.00.00 (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Postprocessing of target and LUN reset (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Add functions to check if any cmd is outstanding on Target and LUN (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Rename and export interrupt mask/unmask functions (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Cancel the running work during host reset (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Dump system registers for debugging (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Memset config_cmds.reply buffer with zeros (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Fix kdoc comments format (Damien Le Moal) [Orabug: 32223781] \n- scsi: mpt3sas: Fix set but unused variable (Damien Le Moal) [Orabug: 32223781] \n- scsi: mpt3sas: Fix error returns in BRM_status_show (Johannes Thumshirn) [Orabug: 32223781] \n- scsi: mpt3sas: Fix unlock imbalance (Damien Le Moal) [Orabug: 32223781] \n- scsi: mpt3sas: Fix spelling mistake (Flavio Suligoi) [Orabug: 32223781]\n[4.14.35-2047.500.3]\n- hv_netvsc: make recording RSS hash depend on feature flag (Stephen Hemminger) [Orabug: 32173883] \n- hv_netvsc: record hardware hash in skb (Stephen Hemminger) [Orabug: 32173883] \n- ocfs2: initialize ip_next_orphan (Wengang Wang) [Orabug: 32177802] \n- scsi: qla2xxx: Update version to 10.02.00.103-k (Nilesh Javali) [Orabug: 32213922] \n- qla2xxx: back port upstream patch (Quinn Tran) [Orabug: 32213922] \n- scsi: scsi_transport_fc: Add FPIN fc event codes (James Smart) [Orabug: 32213922] \n- scsi: scsi_transport_fc: refactor event posting routines (James Smart) [Orabug: 32213922] \n- Revert 'scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe' (Quinn Tran) [Orabug: 32213922] \n- Revert 'scsi: qla2xxx: Fix crash on qla2x00_mailbox_command' (Saurav Kashyap) [Orabug: 32213922] \n- scsi: qla2xxx: Check if FW supports MQ before enabling (Saurav Kashyap) [Orabug: 32213922] \n- scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Reduce noisy debug message (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Reduce duplicate code in reporting speed (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Indicate correct supported speeds for Mezz card (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Flush I/O on zone disable (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Flush all sessions on zone disable (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: remove incorrect sparse #ifdef (Linus Torvalds) [Orabug: 32213922] \n- scsi: qla2xxx: Return EBUSY on fcport deletion (Daniel Wagner) [Orabug: 32213922] \n- scsi: qla2xxx: Fix return of uninitialized value in rval (Colin Ian King) [Orabug: 32213922] \n- scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (Tom Rix) [Orabug: 32213922] \n- scsi: qla2xxx: Do not consume srb greedily (Daniel Wagner) [Orabug: 32213922] \n- scsi: qla2xxx: Use constant when it is known (Pavel Machek (CIP)) [Orabug: 32213922] \n- scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (Ye Bin) [Orabug: 32213922] \n- scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (Ye Bin) [Orabug: 32213922] \n- scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (Ye Bin) [Orabug: 32213922] \n- scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Fix crash on session cleanup with unload (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Fix reset of MPI firmware (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Fix MPI reset needed message (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Fix buffer-buffer credit extraction error (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Correct the check for sscanf() return value (Saurav Kashyap) [Orabug: 32213922] \n- scsi: qla2xxx: Update version to 10.02.00.102-k (Nilesh Javali) [Orabug: 32213922] \n- scsi: qla2xxx: Add SLER and PI control support (Saurav Kashyap) [Orabug: 32213922] \n- scsi: qla2xxx: Add IOCB resource tracking (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Add rport fields in debugfs (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Make tgt_port_database available in initiator mode (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Fix I/O errors during LIP reset tests (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Performance tweak (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Fix memory size truncation (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Setup debugfs entries for remote ports (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Fix I/O failures during remote port toggle testing (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Remove unneeded variable 'rval' (Jason Yan) [Orabug: 32213922] \n- scsi: qla2xxx: Handle incorrect entry_type entries (Daniel Wagner) [Orabug: 32213922] \n- scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (Daniel Wagner) [Orabug: 32213922] \n- scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (Daniel Wagner) [Orabug: 32213922] \n- scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (Daniel Wagner) [Orabug: 32213922] \n- scsi: qla2xxx: Fix the return value (Xianting Tian) [Orabug: 32213922] \n- scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (Tianjia Zhang) [Orabug: 32213922] \n- scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (Tianjia Zhang) [Orabug: 32213922] \n- scsi: qla2xxx: Remove redundant variable initialization (Tianjia Zhang) [Orabug: 32213922] \n- scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (Christophe JAILLET) [Orabug: 32213922] \n- scsi: qla2xxx: Remove pci-dma-compat wrapper API (Suraj Upadhyay) [Orabug: 32213922] \n- scsi: qla2xxx: Remove superfluous memset() (Li Heng) [Orabug: 32213922] \n- scsi: qla2xxx: Fix regression on sparc64 (Rene Rebe) [Orabug: 32213922] \n- scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (Enzo Matsumiya) [Orabug: 32213922] \n- scsi: qla2xxx: Address a set of sparse warnings (Shyam Sundar) [Orabug: 32213922] \n- scsi: qla2xxx: SAN congestion management implementation (Shyam Sundar) [Orabug: 32213922] \n- scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (Shyam Sundar) [Orabug: 32213922] \n- scsi: qla2xxx: Introduce a function for computing the debug message prefix (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Remove a superfluous cast (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Initialize 'n' before using it (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (Bart Van Assche) [Orabug: 32213922] \n- scsi: fc: Update Descriptor definition and add RDF and Link Integrity FPINs (James Smart) [Orabug: 32213922] \n- scsi: fc: add FPIN ELS definition (James Smart) [Orabug: 32213922] \n- staging: rts5208: rename SG_END macro (Arnd Bergmann) [Orabug: 32218536] \n- misc: rtsx: rename SG_END macro (Arnd Bergmann) [Orabug: 32218536] \n- ACPI: NFIT: Add runtime firmware activate support (Dan Williams) [Orabug: 32224144] \n- PM, libnvdimm: Add runtime firmware activation support (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Convert to DEVICE_ATTR_ADMIN_RO() (Dan Williams) [Orabug: 32224144] \n- driver-core: Introduce DEVICE_ATTR_ADMIN_{RO,RW} (Dan Williams) [Orabug: 32224144] \n- tools/testing/nvdimm: Emulate firmware activation commands (Dan Williams) [Orabug: 32224144] \n- tools/testing/nvdimm: Prepare nfit_ctl_test() for ND_CMD_CALL emulation (Dan Williams) [Orabug: 32224144] \n- tools/testing/nvdimm: Add command debug messages (Dan Williams) [Orabug: 32224144] \n- tools/testing/nvdimm: Cleanup dimm index passing (Dan Williams) [Orabug: 32224144] \n- ACPI: NFIT: Define runtime firmware activation commands (Dan Williams) [Orabug: 32224144] \n- ACPI: NFIT: Move bus_dsm_mask out of generic nvdimm_bus_descriptor (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Validate command family indices (Dan Williams) [Orabug: 32224144] \n- PM: hibernate: Incorporate concurrency handling (Domenico Andreoli) [Orabug: 32224144] \n- libnvdimm: Move nvdimm_bus_attribute_group to device_type (Dan Williams) [Orabug: 32224144] \n- libnvdimm/of_pmem: Provide a unique name for bus provider (Aneesh Kumar K.V) [Orabug: 32224144] \n- libnvdimm: Move nvdimm_attribute_group to device_type (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Move nd_mapping_attribute_group to device_type (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Move nd_region_attribute_group to device_type (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Move nd_numa_attribute_group to device_type (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Move nd_device_attribute_group to device_type (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Move region attribute group definition (Dan Williams) [Orabug: 32224144] \n- libnvdimm/region: Rewrite _probe_success() to _advance_seeds() (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Move attribute groups to device type (Dan Williams) [Orabug: 32224144] \n- acpi/nfit: improve bounds checking for 'func' (Dan Carpenter) [Orabug: 32224144] \n- ACPI/nfit: delete the function to_acpi_nfit_desc (Xiaochun Lee) [Orabug: 32224144]\n[4.14.35-2047.500.2]\n- lockdown: make lockdown mode available in securityfs (Alan Maguire) [Orabug: 32176137] \n- uek-rpm: Dont build emb2 kernel for mips (Dave Kleikamp) [Orabug: 32176895] \n- xen/events: block rogue events for some time (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/events: defer eoi in case of excessive number of events (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/events: use a common cpu hotplug hook for event channels (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/events: switch user event channels to lateeoi model (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/pciback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/pvcallsback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/scsiback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/netback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/blkback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/events: add a new 'late EOI' evtchn framework (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/events: fix race in evtchn_fifo_unmask() (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/events: add a proper barrier to 2-level uevent unmasking (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- page_frag: Recover from memory pressure (Dongli Zhang) [Orabug: 32177989] \n- RDMA/umem: Move to allocate SG table from pages (Maor Gottlieb) [Orabug: 32195765] \n- lib/scatterlist: Add support in dynamic allocation of SG table from pages (Maor Gottlieb) [Orabug: 32195765] \n- lib/scatterlist: Add SG_CHAIN and SG_END macros for LSB encodings (Anshuman Khandual) [Orabug: 32195765] \n- lib/scatterlist: Avoid potential scatterlist entry overflow (Tvrtko Ursulin) [Orabug: 32195765] \n- lib/scatterlist: Fix offset type in sg_alloc_table_from_pages (Tvrtko Ursulin) [Orabug: 32195765] \n- rds: fix out-of-tree build broken by tracepoints (Alan Maguire) [Orabug: 32185345] \n- xen/events: avoid removing an event channel while handling it (Juergen Gross) [Orabug: 32177547]\n[4.14.35-2047.500.1]\n- perf/core: Fix a memory leak in perf_event_parse_addr_filter() (kiyin( )) [Orabug: 32131174] {CVE-2020-25704}\n- perf/core: Fix bad use of igrab() (Song Liu) [Orabug: 32131174] {CVE-2020-25704}\n- IB/mlx4: Add support for REJ due to timeout (Hakon Bugge) [Orabug: 32136897] \n- IB/mlx4: Separate tunnel and wire bufs parameters (Hakon Bugge) [Orabug: 32136897] \n- IB/mlx4: Add support for MRA (Hakon Bugge) [Orabug: 32136897] \n- IB/mlx4: Add and improve logging (Hakon Bugge) [Orabug: 32136897] \n- xen/gntdev: fix up blockable calls to mn_invl_range_start (Michal Hocko) [Orabug: 32139243] \n- uek-rpm: Enable Intel Speed Select Technology interface support (Somasundaram Krishnasamy) [Orabug: 32047440] \n- platform/x86: ISST: Add new PCI device ids (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Increase timeout (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Fix wrong unregister type (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Allow additional core-power mailbox commands (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Allow additional TRL MSRs (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Use dev_get_drvdata (Chuhong Yuan) [Orabug: 32047440] \n- platform/x86: ISST: Restore state on resume (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Add Intel Speed Select PUNIT MSR interface (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Add Intel Speed Select mailbox interface via MSRs (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Add Intel Speed Select mailbox interface via PCI (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Add Intel Speed Select mmio interface (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Add IOCTL to Translate Linux logical CPU to PUNIT CPU number (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Store per CPU information (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Add common API to register and handle ioctls (Srinivas Pandruvada) [Orabug: 32047440]\n[4.14.35-2046]\n- lockdown: By default run in integrity mode. (Konrad Rzeszutek Wilk) [Orabug: 32131560] \n- kernel: add panic_on_taint (Rafael Aquini) [Orabug: 32138009] \n- Revert 'pci: hardcode enumeration' (Dave Aldridge) [Orabug: 32152281] \n- hv_utils: drain the timesync packets on onchannelcallback (Vineeth Pillai) [Orabug: 32152143] \n- hv_utils: return error if host timesysnc update is stale (Vineeth Pillai) [Orabug: 32152143] \n- Revert 'iomap: Fix pipe page leakage during splicing' (George Kennedy) [Orabug: 30848187] \n- x86/cpu/intel: enable X86_FEATURE_NT_GOOD on Intel Icelakx (Ankur Arora) [Orabug: 32080078] \n- x86/cpu/amd: enable X86_FEATURE_NT_GOOD on AMD Zen (Ankur Arora) [Orabug: 32080078] \n- x86/cpu/intel: enable X86_FEATURE_NT_GOOD on Intel Broadwellx (Ankur Arora) [Orabug: 32080078] \n- mm, clear_huge_page: use clear_page_uncached() for gigantic pages (Ankur Arora) [Orabug: 32080078] \n- x86/clear_page: add clear_page_uncached() (Ankur Arora) [Orabug: 32080078] \n- x86/asm: add clear_page_nt() (Ankur Arora) [Orabug: 32080078] \n- perf bench: add memset_movnti() (Ankur Arora) [Orabug: 32080078] \n- x86/asm: add memset_movnti() (Ankur Arora) [Orabug: 32080078] \n- x86/cpuid: add X86_FEATURE_NT_GOOD (Ankur Arora) [Orabug: 32080078] \n- Linux 4.14.206 (Greg Kroah-Hartman) \n- powercap: restrict energy meter to root access (Len Brown) \n- Linux 4.14.205 (Greg Kroah-Hartman) [Orabug: 32041544] \n- arm64: dts: marvell: espressobin: add ethernet alias (Tomasz Maciej Nowak) \n- PM: runtime: Resume the device earlier in __device_release_driver() (Rafael J. Wysocki) \n- Revert 'ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE' (Vineet Gupta) \n- ARC: stack unwinding: avoid indefinite looping (Vineet Gupta) \n- usb: mtu3: fix panic in mtu3_gadget_stop() (Macpaul Lin) \n- USB: Add NO_LPM quirk for Kingston flash drive (Alan Stern) \n- USB: serial: option: add Telit FN980 composition 0x1055 (Daniele Palmas) \n- USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 (Daniele Palmas) \n- USB: serial: option: add Quectel EC200T module support (Ziyi Cao) \n- USB: serial: cyberjack: fix write-URB completion race (Johan Hovold) \n- serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (Qinglang Miao) \n- serial: 8250_mtk: Fix uart_get_baud_rate warning (Claire Chang) \n- fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent (Eddy Wu) \n- vt: Disable KD_FONT_OP_COPY (Daniel Vetter) \n- ACPI: NFIT: Fix comparison to '-ENXIO' (Zhang Qilong) \n- drm/vc4: drv: Add error handding for bind (Hoegeun Kwon) \n- vsock: use ns_capable_noaudit() on socket create (Jeff Vander Stoep) \n- scsi: core: Dont start concurrent async scan on same host (Ming Lei) \n- blk-cgroup: Pre-allocate tree node on blkg_conf_prep (Gabriel Krisman Bertazi) \n- blk-cgroup: Fix memleak on error path (Gabriel Krisman Bertazi) \n- of: Fix reserved-memory overlap detection (Vincent Whitchurch) \n- x86/kexec: Use up-to-dated screen_info copy to fill boot params (Kairui Song) \n- ARM: dts: sun4i-a10: fix cpu_alert temperature (Clement Peron) \n- futex: Handle transient 'ownerless' rtmutex state correctly (Mike Galbraith) \n- tracing: Fix out of bounds write in get_trace_buf (Qiujun Huang) \n- ftrace: Handle tracing when switching between context (Steven Rostedt (VMware)) \n- ftrace: Fix recursion check for NMI test (Steven Rostedt (VMware)) \n- gfs2: Wake up when sd_glock_disposal becomes zero (Alexander Aring) \n- mm: always have io_remap_pfn_range() set pgprot_decrypted() (Jason Gunthorpe) \n- kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled (Zqiang) \n- lib/crc32test: remove extra local_irq_disable/enable (Vasily Gorbik) \n- ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (Geoffrey D. Bennett) \n- Fonts: Replace discarded const qualifier (Lee Jones) \n- blktrace: fix debugfs use after free (Luis Chamberlain) {CVE-2019-19770}\n- Blktrace: bail out early if block debugfs is not configured (Liu Bo) \n- sfp: Fix error handing in sfp_probe() (YueHaibing) \n- sctp: Fix COMM_LOST/CANT_STR_ASSOC err reporting on big-endian platforms (Petr Malat) \n- net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (Daniele Palmas) \n- gianfar: Account for Tx PTP timestamp in the skb headroom (Claudiu Manoil) \n- gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP (Claudiu Manoil) \n- tipc: fix use-after-free in tipc_bcast_get_mode (Hoang Huu Le) \n- drm/i915: Break up error capture compression loops with cond_resched() (Chris Wilson) \n- Linux 4.14.204 (Greg Kroah-Hartman) \n- staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice (Ian Abbott) \n- KVM: arm64: Fix AArch32 handling of DBGD{CCINT,SCRext} and DBGVCR (Marc Zyngier) \n- device property: Dont clear secondary pointer for shared primary firmware node (Andy Shevchenko) \n- device property: Keep secondary firmware node secondary by type (Andy Shevchenko) \n- ARM: s3c24xx: fix missing system reset (Krzysztof Kozlowski) \n- ARM: samsung: fix PM debug build with DEBUG_LL but !MMU (Krzysztof Kozlowski) \n- arm: dts: mt7623: add missing pause for switchport (Frank Wunderlich) \n- hil/parisc: Disable HIL driver when it gets stuck (Helge Deller) \n- cachefiles: Handle readpage error correctly (Matthew Wilcox (Oracle)) \n- arm64: berlin: Select DW_APB_TIMER_OF (Jisheng Zhang) \n- tty: make FONTX ioctl use the tty pointer they were actually passed (Linus Torvalds) \n- rtc: rx8010: dont modify the global rtc ops (Bartosz Golaszewski) \n- drm/ttm: fix eviction valuable range check. (Dave Airlie) \n- ext4: fix invalid inode checksum (Luo Meng) \n- ext4: fix error handling code in add_new_gdb (Dinghao Liu) \n- ext4: fix leaking sysfs kobject after failed mount (Eric Biggers) \n- vringh: fix __vringh_iov() when riov and wiov are different (Stefano Garzarella) \n- ring-buffer: Return 0 on success from ring_buffer_resize() (Qiujun Huang) \n- 9P: Cast to loff_t before multiplying (Matthew Wilcox (Oracle)) \n- libceph: clear con->out_msg on Policy::stateful_server faults (Ilya Dryomov) \n- ceph: promote to unsigned long long before shifting (Matthew Wilcox (Oracle)) \n- drm/amdgpu: dont map BO in reserved region (Madhav Chauhan) \n- ia64: fix build error with !COREDUMP (Krzysztof Kozlowski) \n- ubi: check kthread_should_stop() after the setting of task state (Zhihao Cheng) \n- perf python scripting: Fix printable strings in python3 scripts (Jiri Olsa) \n- ubifs: dent: Fix some potential memory leaks while iterating entries (Zhihao Cheng) \n- NFSD: Add missing NFSv2 .pc_func methods (Chuck Lever) \n- NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag (Olga Kornievskaia) \n- powerpc/powernv/elog: Fix race while processing OPAL error log event. (Mahesh Salgaonkar) \n- powerpc: Warn about use of smt_snooze_delay (Joel Stanley) \n- powerpc/rtas: Restrict RTAS requests from userspace (Andrew Donnellan) \n- s390/stp: add locking to sysfs functions (Sven Schnelle) \n- iio:gyro:itg3200: Fix timestamp alignment and prevent data leak. (Jonathan Cameron) \n- iio:adc:ti-adc12138 Fix alignment issue with timestamp (Jonathan Cameron) \n- iio:adc:ti-adc0832 Fix alignment issue with timestamp (Jonathan Cameron) \n- iio:light:si1145: Fix timestamp alignment and prevent data leak. (Jonathan Cameron) \n- dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status (Paul Cercueil) \n- vt: keyboard, extend func_buf_lock to readers (Jiri Slaby) {CVE-2020-25656}\n- vt: keyboard, simplify vt_kdgkbsent (Jiri Slaby) \n- drm/i915: Force VTd workarounds when running as a guest OS (Chris Wilson) \n- usb: host: fsl-mph-dr-of: check return of dma_set_mask() (Ran Wang) \n- usb: cdc-acm: fix cooldown mechanism (Jerome Brunet) \n- usb: dwc3: core: dont trigger runtime pm when remove driver (Li Jun) \n- usb: dwc3: core: add phy cleanup for probe error handling (Li Jun) \n- usb: dwc3: ep0: Fix ZLP for OUT ep0 requests (Thinh Nguyen) \n- btrfs: fix use-after-free on readahead extent after failure to create it (Filipe Manana) \n- btrfs: cleanup cow block on error (Josef Bacik) \n- btrfs: use kvzalloc() to allocate clone_roots in btrfs_ioctl_send() (Denis Efremov) \n- btrfs: send, recompute reference path after orphanization of a directory (Filipe Manana) \n- btrfs: reschedule if necessary when logging directory items (Filipe Manana) \n- scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove() (Helge Deller) \n- w1: mxc_w1: Fix timeout resolution problem leading to bus error (Martin Fuzzey) \n- acpi-cpufreq: Honor _PSD table setting on new AMD CPUs (Wei Huang) \n- ACPI: debug: dont allow debugging when ACPI is disabled (Jamie Iles) \n- ACPI: video: use ACPI backlight for HP 635 Notebook (Alex Hung) \n- ACPI / extlog: Check for RDMSR failure (Ben Hutchings) \n- NFS: fix nfs_path in case of a rename retry (Ashish Sangwan) \n- fs: Dont invalidate page buffers in block_write_full_page() (Jan Kara) \n- leds: bcm6328, bcm6358: use devres LED registering function (Marek Behun) \n- perf/x86/amd/ibs: Fix raw sample data accumulation (Kim Phillips) \n- perf/x86/amd/ibs: Dont include randomized bits in get_ibs_op_count() (Kim Phillips) \n- md/raid5: fix oops during stripe resizing (Song Liu) \n- nvme-rdma: fix crash when connect rejected (Chao Leng) \n- sgl_alloc_order: fix memory leak (Douglas Gilbert) \n- nbd: make the config put is called before the notifying the waiter (Xiubo Li) \n- ARM: dts: s5pv210: remove dedicated 'audio-subsystem' node (Krzysztof Kozlowski) \n- ARM: dts: s5pv210: move PMU node out of clock controller (Krzysztof Kozlowski) \n- ARM: dts: s5pv210: remove DMA controller bus node name to fix dtschema warnings (Krzysztof Kozlowski) \n- memory: emif: Remove bogus debugfs error handling (Dan Carpenter) \n- arm64: dts: renesas: ulcb: add full-pwr-cycle-in-suspend into eMMC nodes (Yoshihiro Shimoda) \n- gfs2: add validation checks for size of superblock (Anant Thazhemadam) \n- ext4: Detect already used quota file early (Jan Kara) \n- drivers: watchdog: rdc321x_wdt: Fix race condition bugs (Madhuparna Bhowmik) \n- net: 9p: initialize sun_server.sun_path to have addrs value only when addr is valid (Anant Thazhemadam) \n- clk: ti: clockdomain: fix static checker warning (Tero Kristo) \n- bnxt_en: Log unknown link speed appropriately. (Michael Chan) \n- md/bitmap: md_bitmap_get_counter returns wrong blocks (Zhao Heming) \n- power: supply: test_power: add missing newlines when printing parameters by sysfs (Xiongfeng Wang) \n- bus/fsl_mc: Do not rely on caller to provide non NULL mc_io (Diana Craciun) \n- drivers/net/wan/hdlc_fr: Correctly handle special skb->protocol values (Xie He) \n- ACPI: Add out of bounds and numa_off protections to pxm_to_node() (Jonathan Cameron) \n- arm64/mm: return cpu_all_mask when node is NUMA_NO_NODE (Zhengyuan Liu) \n- uio: free uio id after uio file node is freed (Lang Dai) \n- USB: adutux: fix debugging (Oliver Neukum) \n- cpufreq: sti-cpufreq: add stih418 support (Alain Volmat) \n- kgdb: Make 'kgdbcon' work properly with 'kgdb_earlycon' (Douglas Anderson) \n- printk: reduce LOG_BUF_SHIFT range for H8300 (John Ogness) \n- drm/bridge/synopsys: dsi: add support for non-continuous HS clock (Antonio Borneo) \n- mmc: via-sdmmc: Fix data race bug (Madhuparna Bhowmik) \n- media: tw5864: check status of tw5864_frameinterval_get (Tom Rix) \n- usb: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart (Badhri Jagan Sridharan) \n- media: platform: Improve queue set up flow for bug fixing (Xia Jiang) \n- media: videodev2.h: RGB BT2020 and HSV are always full range (Hans Verkuil) \n- drm/brige/megachips: Add checking if ge_b850v3_lvds_init() is working correctly (Nadezda Lutovinova) \n- ath10k: fix VHT NSS calculation when STBC is enabled (Sathishkumar Muruganandam) \n- ath10k: start recovery process when payload length exceeds max htc length for sdio (Wen Gong) \n- video: fbdev: pvr2fb: initialize variables (Tom Rix) \n- xfs: fix realtime bitmap/summary file truncation when growing rt volume (Darrick J. Wong) \n- ARM: 8997/2: hw_breakpoint: Handle inexact watchpoint addresses (Douglas Anderson) \n- um: change sigio_spinlock to a mutex (Johannes Berg) \n- f2fs: fix to check segment boundary during SIT page readahead (Chao Yu) \n- f2fs: add trace exit in exception path (Zhang Qilong) \n- sparc64: remove mm_cpumask clearing to fix kthread_use_mm race (Nicholas Piggin) \n- powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM (Nicholas Piggin) \n- powerpc/powernv/smp: Fix spurious DBG() warning (Oliver O Halloran) \n- futex: Fix incorrect should_fail_futex() handling (Mateusz Nosek) \n- mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish() (Amit Cohen) \n- x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels (Jiri Slaby) \n- fscrypt: return -EXDEV for incompatible rename or link into encrypted dir (Eric Biggers) \n- ata: sata_rcar: Fix DMA boundary mask (Geert Uytterhoeven) \n- mtd: lpddr: Fix bad logic in print_drs_error (Gustavo A. R. Silva) \n- p54: avoid accessing the data mapped to streaming DMA (Jia-Ju Bai) \n- fuse: fix page dereference after free (Miklos Szeredi) \n- x86/xen: disable Firmware First mode for correctable memory errors (Juergen Gross) \n- arch/x86/amd/ibs: Fix re-arming IBS Fetch (Kim Phillips) \n- tipc: fix memory leak caused by tipc_buf_append() (Tung Nguyen) \n- ravb: Fix bit fields checking in ravb_hwtstamp_get() (Andrew Gabbasov) \n- gtp: fix an use-before-init in gtp_newlink() (Masahiro Fujiwara) \n- efivarfs: Replace invalid slashes with exclamation marks in dentries. (Michael Schaller) \n- arm64: link with -z norelro regardless of CONFIG_RELOCATABLE (Nick Desaulniers) \n- scripts/setlocalversion: make git describe output more reliable (Rasmus Villemoes) \n- Btrfs: fix selftests failure due to uninitialized i_mode in test inodes (Filipe Manana) [Orabug: 31864725] {CVE-2019-19816}\n- btrfs: fix return value mixup in btrfs_get_extent (Pavel Machek) [Orabug: 31864725] {CVE-2019-19816}\n- btrfs: inode: Verify inode mode to avoid NULL pointer dereference (Qu Wenruo) [Orabug: 31864725] {CVE-2019-19816}\n- hv_netvsc: Set probe mode to sync (Haiyang Zhang) [Orabug: 32120118]", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-02-16T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19770", "CVE-2019-19816", "CVE-2020-14351", "CVE-2020-25656", "CVE-2020-25704", "CVE-2020-27673", "CVE-2020-28374", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-29660", "CVE-2020-36158", "CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932"], "modified": "2021-02-16T00:00:00", "id": "ELSA-2021-9052", "href": "http://linux.oracle.com/errata/ELSA-2021-9052.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:36", "description": "[5.4.17-2102.200.13]\n- bpf, selftests: Fix up some test_verifier cases for unprivileged (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}\n- bpf: Add sanity check for upper ptr_limit (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}\n- bpf: Simplify alu_limit masking for pointer arithmetic (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}\n- bpf: Fix off-by-one for area size in creating mask to left (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}\n- bpf: Prohibit alu ops for pointer types not defining ptr_limit (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}\n- selftests/bpf: Test access to bpf map pointer (Andrey Ignatov) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}\n- bpf: Fix truncation handling for mod32 dst reg wrt zero (Daniel Borkmann) [Orabug: 32673813] {CVE-2021-3444}\n- bpf: Fix 32 bit src register truncation on div/mod (Daniel Borkmann) [Orabug: 32673813] {CVE-2021-3444}\n[5.4.17-2102.200.12]\n- Revert x86/platform/uv: Update UV MMRs for UV5 (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Add UV5 direct references (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Add and decode Arch Type in UVsystab (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Update MMIOH references based on new UV5 MMRs (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Adjust GAM MMR references affected by UV5 updates (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Update UV5 MMR references in UV GRU (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Update node present counting (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Update UV5 TSC checking (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Update for UV5 NMI MMR changes (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Update Copyrights to conform to HPE standards (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Fix missing OEM_TABLE_ID (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Remove spaces from OEM IDs (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Recognize UV5 hubless system identifier (Jack Vogel) [Orabug: 32651197] \n- Revert x86/tlb/uv: Add a forward declaration for struct flush_tlb_info (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Drop last traces of uv_flush_tlb_others (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Fix copied UV5 output archtype (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Fix UV4 hub revision adjustment (Jack Vogel) [Orabug: 32651197]\n[5.4.17-2102.200.11]\n- mm/vmscan: fix infinite loop in drop_slab_node (Chunxin Zang) [Orabug: 32620155] \n- scsi: iscsi: Verify lengths on passthrough PDUs (Chris Leech) [Orabug: 32603378] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE (Chris Leech) [Orabug: 32603378] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- scsi: iscsi: Report connection state in sysfs (Gabriel Krisman Bertazi) [Orabug: 32603378] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output (Joe Perches) [Orabug: 32603378] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- scsi: iscsi: Restrict sessions and handles to admin capabilities (Lee Duncan) [Orabug: 32603378] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- drm/nouveau: bail out of nouveau_channel_new if channel init fails (Frantisek Hrbata) [Orabug: 32591559] {CVE-2020-25639}\n- mm: support memblock alloc on the exact node for sparse_buffer_init() (Yunfeng Ye) [Orabug: 32613823] \n- mm/sparse.c: do not waste pre allocated memmap space (Michal Hocko) [Orabug: 32613823] \n- mm/sparse: consistently do not zero memmap (Vincent Whitchurch) [Orabug: 32613823]\n[5.4.17-2102.200.10]\n- scsi: target: core: Make completion affinity configurable (Mike Christie) [Orabug: 32403502] \n- target: flush submission work during TMR processing (Mike Christie) [Orabug: 32403502] \n- target iblock: add backend plug/unplug callouts (Mike Christie) [Orabug: 32403502] \n- target: fix backend plugging (Mike Christie) [Orabug: 32403502] \n- target: cleanup cmd flag bits (Mike Christie) [Orabug: 32403502] \n- tcm loop: use lio wq cmd submission helper (Mike Christie) [Orabug: 32403502] \n- tcm loop: use blk cmd allocator for se_cmds (Mike Christie) [Orabug: 32403502] \n- vhost scsi: use lio wq cmd submission helper (Mike Christie) [Orabug: 32403502] \n- target: add workqueue based cmd submission (Mike Christie) [Orabug: 32403502] \n- target: add gfp_t arg to target_cmd_init_cdb (Mike Christie) [Orabug: 32403502] \n- target: remove target_submit_cmd_map_sgls (Mike Christie) [Orabug: 32403502] \n- tcm_fc: Convert to new submission API (Mike Christie) [Orabug: 32403502] \n- xen-scsiback: Convert to new submission API (Mike Christie) [Orabug: 32403502] \n- vhost-scsi: Convert to new submission API (Mike Christie) [Orabug: 32403502] \n- usb gadget: Convert to new submission API (Mike Christie) [Orabug: 32403502] \n- sbp_target: Convert to new submission API (Mike Christie) [Orabug: 32403502] \n- tcm_loop: Convert to new submission API (Mike Christie) [Orabug: 32403502] \n- qla2xxx: Convert to new submission API (Mike Christie) [Orabug: 32403502] \n- ibmvscsi_tgt: Convert to new submission API (Mike Christie) [Orabug: 32403502] \n- srpt: Convert to new submission API (Mike Christie) [Orabug: 32403502] \n- target: break up target_submit_cmd_map_sgls (Mike Christie) [Orabug: 32403502] \n- target: rename transport_init_se_cmd (Mike Christie) [Orabug: 32403502] \n- target: drop kref_get_unless_zero in target_get_sess_cmd (Mike Christie) [Orabug: 32403502] \n- target: move t_task_cdb initialization (Mike Christie) [Orabug: 32403502] \n- scsi: tcm_loop: Allow queues, can_queue and cmd_per_lun to be settable (Mike Christie) [Orabug: 32403502] \n- scsi: target: Make state_list per CPU (Mike Christie) [Orabug: 32403502] \n- scsi: target: Drop sess_cmd_lock from I/O path (Mike Christie) [Orabug: 32403502] \n- scsi: qla2xxx: Move sess cmd list/lock to driver (Mike Christie) [Orabug: 32403502] \n- scsi: target: Remove TARGET_SCF_LOOKUP_LUN_FROM_TAG (Mike Christie) [Orabug: 32403502] \n- scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (Mike Christie) [Orabug: 32403502] \n- scsi: target: Fix cmd_count ref leak (Mike Christie) [Orabug: 32403502] \n- scsi: target: Fix LUN ref count handling (Mike Christie) [Orabug: 32403502] \n- scsi: target: Fix lun lookup for TARGET_SCF_LOOKUP_LUN_FROM_TAG case (Sudhakar Panneerselvam) [Orabug: 32403502] \n- scsi: target: Rename target_setup_cmd_from_cdb() to target_cmd_parse_cdb() (Sudhakar Panneerselvam) [Orabug: 32403502] \n- scsi: target: Fix NULL pointer dereference (Sudhakar Panneerselvam) [Orabug: 32403502] \n- scsi: target: Initialize LUN in transport_init_se_cmd() (Sudhakar Panneerselvam) [Orabug: 32403502] \n- scsi: target: Factor out a new helper, target_cmd_init_cdb() (Sudhakar Panneerselvam) [Orabug: 32403502] \n- mm: memcontrol: decouple reference counting from page accounting (Johannes Weiner) \n- uek-rpm: add opbmc to nano-kernel (Eric Snowberg) [Orabug: 32555675] \n- rds: rds_drop_egress events should be enabled as part of RDS_RTD_SND (Alan Maguire) [Orabug: 32587016] \n- rds: use dedicated rds_send_lock_contention tracepoint instead of drop (Alan Maguire) [Orabug: 32587016] \n- rds: ensure saddr/daddr for tracepoints is not NULL (Alan Maguire) [Orabug: 32580940] \n- hsr: use netdev_err() instead of WARN_ONCE() (Taehee Yoo) [Orabug: 32576070] \n- PCI: hotplug: Add module parameter to allow user control of LEDs (Thomas Tai) [Orabug: 32556980] \n- net/rds: increase 1MB MR pool size for RDS (Manjunath Patil) \n- block/diskstats: accumulate all per-cpu counters in one pass (Konstantin Khlebnikov) [Orabug: 32531556] \n- arm64/crash_core: fix TCR_EL1.T1SZ in vmcoreinfo (John Donnelly) [Orabug: 32559514] \n- x86/platform/uv: Fix UV4 hub revision adjustment (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Fix copied UV5 output archtype (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Drop last traces of uv_flush_tlb_others (Jiri Slaby) [Orabug: 32527680] \n- x86/tlb/uv: Add a forward declaration for struct flush_tlb_info (Borislav Petkov) [Orabug: 32527680] \n- x86/platform/uv: Recognize UV5 hubless system identifier (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Remove spaces from OEM IDs (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Fix missing OEM_TABLE_ID (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Update Copyrights to conform to HPE standards (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Update for UV5 NMI MMR changes (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Update UV5 TSC checking (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Update node present counting (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Update UV5 MMR references in UV GRU (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Adjust GAM MMR references affected by UV5 updates (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Update MMIOH references based on new UV5 MMRs (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Add and decode Arch Type in UVsystab (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Add UV5 direct references (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Update UV MMRs for UV5 (Mike Travis) [Orabug: 32527680] \n- drivers/misc/sgi-xp: Adjust references in UV kernel modules (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Remove SCIR MMR references for UV systems (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Remove UV BAU TLB Shootdown Handler (Mike Travis) [Orabug: 32527680] \n- x86/apic/uv: Avoid unused variable warning (Arnd Bergmann) [Orabug: 32527680] \n- x86/platform/uv: Remove vestigial mention of UV1 platform from bios header (steve.wahl@hpe.com) [Orabug: 32527680] \n- x86/platform/uv: Remove support for UV1 platform from uv (steve.wahl@hpe.com) [Orabug: 32527680] \n- x86/platform/uv: Remove support for uv1 platform from uv_hub (steve.wahl@hpe.com) [Orabug: 32527680] \n- x86/platform/uv: Remove support for UV1 platform from uv_bau (steve.wahl@hpe.com) [Orabug: 32527680] \n- x86/platform/uv: Remove support for UV1 platform from uv_mmrs (steve.wahl@hpe.com) [Orabug: 32527680] \n- x86/platform/uv: Remove support for UV1 platform from x2apic_uv_x (steve.wahl@hpe.com) [Orabug: 32527680] \n- x86/platform/uv: Remove support for UV1 platform from uv_tlb (steve.wahl@hpe.com) [Orabug: 32527680] \n- x86/platform/uv: Remove support for UV1 platform from uv_time (steve.wahl@hpe.com) [Orabug: 32527680] \n- x86/platform/uv: Remove the unused _uv_cpu_blade_processor_id() macro (Christoph Hellwig) [Orabug: 32527680] \n- x86/platform/uv: Unexport uv_apicid_hibits (Christoph Hellwig) [Orabug: 32527680] \n- x86/platform/uv: Remove _uv_hub_info_check() (Christoph Hellwig) [Orabug: 32527680] \n- x86/platform/uv: Simplify uv_send_IPI_one() (Christoph Hellwig) [Orabug: 32527680] \n- x86/platform/uv: Remove the UV*_HUB_IS_SUPPORTED macros (Christoph Hellwig) [Orabug: 32527680] \n- x86/platform/uv: Remove the uv_partition_coherence_id() macro (Christoph Hellwig) [Orabug: 32527680] \n- x86/apic/uv: Remove code for unused distributed GRU mode (Steve Wahl) [Orabug: 32527680] \n- cper,edac,efi: Memory Error Record: bank group/address and chip id (Alex Kluver) [Orabug: 32526741] \n- edac,ghes,cper: Add Row Extension to Memory Error Record (Alex Kluver) [Orabug: 32526741] \n- perf/x86/intel/uncore: With > 8 nodes, get pci bus die id from NUMA info (Steve Wahl) [Orabug: 32526200] \n- perf/x86/intel/uncore: Store the logical die id instead of the physical die id. (Steve Wahl) [Orabug: 32526200] \n- perf/x86/intel/uncore: Generic support for the PCI sub driver (Kan Liang) [Orabug: 32526200] \n- perf/x86/intel/uncore: Factor out uncore_pci_pmu_unregister() (Kan Liang) [Orabug: 32526200] \n- perf/x86/intel/uncore: Factor out uncore_pci_pmu_register() (Kan Liang) [Orabug: 32526200] \n- perf/x86/intel/uncore: Factor out uncore_pci_find_dev_pmu() (Kan Liang) [Orabug: 32526200] \n- perf/x86/intel/uncore: Factor out uncore_pci_get_dev_die_info() (Kan Liang) [Orabug: 32526200]\n[5.4.17-2102.200.9]\n- KVM: arm64: guest context in x18 instead of x29 (Mihai Carabas) [Orabug: 32563746]\n[5.4.17-2102.200.8]\n- config: enable CONFIG_MLX5_MPFS (Brian Maly) [Orabug: 32522477] \n- random: wire /dev/random with a DRBG instance (Saeed Mirzamohammadi) [Orabug: 32522086] \n- crypto: drbg - always try to free Jitter RNG instance (Stephan Muller) [Orabug: 32522086] \n- crypto: drbg - always seeded with SP800-90B compliant noise source (Stephan Muller) [Orabug: 32522086] \n- crypto: jitter - SP800-90B compliance (Stephan Muller) [Orabug: 32522086] \n- crypto: jitter - add header to fix buildwarnings (Ben Dooks) [Orabug: 32522086] \n- crypto: jitter - fix comments (Alexander E. Patrakov) [Orabug: 32522086] \n- Revert RDMA/umem: Move to allocate SG table from pages (John Donnelly) [Orabug: 32481224] \n- Revert lib/scatterlist: Add support in dynamic allocation of SG table from pages (John Donnelly) [Orabug: 32481224] \n- Revert Maintainer: Fix build warning introduced in commit 99b99d76e6732 (John Donnelly) [Orabug: 32481224]\n[5.4.17-2102.200.7]\n- KVM: arm64: pmu: Dont mark a counter as chained if the odd one is disabled (Eric Auger) [Orabug: 32504832] \n- xen-blkback: fix error handling in xen_blkbk_map() (Jan Beulich) [Orabug: 32492108] {CVE-2021-26930}\n- xen-scsiback: dont handle error by BUG() (Jan Beulich) [Orabug: 32492100] {CVE-2021-26931}\n- xen-netback: dont handle error by BUG() (Jan Beulich) [Orabug: 32492100] {CVE-2021-26931}\n- xen-blkback: dont handle error by BUG() (Jan Beulich) [Orabug: 32492100] {CVE-2021-26931}\n- Xen/gntdev: correct error checking in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492092] {CVE-2021-26932}\n- Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492092] {CVE-2021-26932}\n- Xen/x86: also check kernel mapping in set_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492092] {CVE-2021-26932}\n- Xen/x86: dont bail early from clear_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492092] {CVE-2021-26932}\n[5.4.17-2102.200.6]\n- selinux: allow reading labels before policy is loaded (Jonathan Lebon) [Orabug: 32492276] \n- rds: tracepoints incorrectly reporting valid rds ping as drop (Alan Maguire) [Orabug: 32490004] \n- KVM: arm64: Save/restore sp_el0 as part of __guest_enter (Marc Zyngier) [Orabug: 32488537] \n- uek-rpm: config-aarch64: enable MEMORY HOTREMOVE (Mihai Carabas) [Orabug: 32353873] \n- arm64/mm/hotplug: Ensure early memory sections are all online (Anshuman Khandual) [Orabug: 32353873] \n- arm64/mm/hotplug: Enable MEM_OFFLINE event handling (Anshuman Khandual) [Orabug: 32353873] \n- arm64/mm/hotplug: Register boot memory hot remove notifier earlier (Anshuman Khandual) [Orabug: 32353873] \n- arm64/mm: Enable memory hot remove (Anshuman Khandual) [Orabug: 32353873] \n- arm64/mm: Hold memory hotplug lock while walking for kernel page table dump (Anshuman Khandual) [Orabug: 32353873] \n- rds: tracepoint-related KASAN: use-after-free Read in rds_send_xmit (Alan Maguire) [Orabug: 32490030] \n- inet: do not call sublist_rcv on empty list (Florian Westphal) [Orabug: 32422895] \n- net/mlx4_en: Handle TX error CQE (Moshe Shemesh) [Orabug: 32485133] \n- net/mlx4_en: Avoid scheduling restart task if it is already running (Moshe Shemesh) [Orabug: 32485133] \n- vdpa/mlx5: allow Jumbo MTU config other than standard sized MTU (Si-Wei Liu) [Orabug: 32480078] \n- vdpa/mlx5: should exclude header length and fcs from mtu (Si-Wei Liu) [Orabug: 32480078] \n- vdpa/mlx5: Fix memory key MTT population (Eli Cohen) [Orabug: 32480078] \n- vdpa: Use simpler version of ida allocation (Parav Pandit) [Orabug: 32480078] \n- vdpa: Add missing comment for virtqueue count (Parav Pandit) [Orabug: 32480078] \n- vdpa/mlx5: Use write memory barrier after updating CQ index (Eli Cohen) [Orabug: 32480078] \n- vdpa: remove unnecessary default n in Kconfig entries (Stefano Garzarella) [Orabug: 32480078] \n- vhost_vdpa: switch to vmemdup_user() (Tian Tao) [Orabug: 32480078] \n- vhost_vdpa: return -EFAULT if copy_to_user() fails (Dan Carpenter) [Orabug: 32480078] \n- vdpa: mlx5: fix vdpa/vhost dependencies (Randy Dunlap) [Orabug: 32480078] \n- vdpa/mlx5: Setup driver only if VIRTIO_CONFIG_S_DRIVER_OK (Eli Cohen) [Orabug: 32480078] \n- vdpa/mlx5: Fix failure to bring link up (Eli Cohen) [Orabug: 32480078] \n- vdpa/mlx5: Make use of a specific 16 bit endianness API (Eli Cohen) [Orabug: 32480078] \n- vdpasim: fix mac_pton undefined error (Laurent Vivier) [Orabug: 32480078] \n- vdpasim: allow to assign a MAC address (Laurent Vivier) [Orabug: 32480078] \n- vdpasim: fix MAC address configuration (Laurent Vivier) [Orabug: 32480078] \n- vdpa: handle irq bypass register failure case (Zhu Lingshan) [Orabug: 32480078] \n- vdpa_sim: Fix DMA mask (Laurent Vivier) [Orabug: 32480078] \n- vdpa/mlx5: Fix error return in map_direct_mr() (Jing Xiangfeng) [Orabug: 32480078] \n- vhost_vdpa: Return -EFAULT if copy_from_user() fails (Dan Carpenter) [Orabug: 32480078] \n- vdpa_sim: implement get_iova_range() (Jason Wang) [Orabug: 32480078] \n- vhost: vdpa: report iova range (Jason Wang) [Orabug: 32480078] \n- vdpa: introduce config op to get valid iova range (Jason Wang) [Orabug: 32480078] \n- vhost_vdpa: remove unnecessary spin_lock in vhost_vring_call (Zhu Lingshan) [Orabug: 32480078] \n- vhost_vdpa: Fix duplicate included kernel.h (Tian Tao) [Orabug: 32480078] \n- rds: CONFIG_RDS_DEBUG + tracepoints breaks rds build (Alan Maguire) [Orabug: 32442487] \n- tools/power turbostat: Support additional CPU model numbers (Len Brown) [Orabug: 32422450] \n- tools/power turbostat: Support Tiger Lake (Chen Yu) [Orabug: 32422450]\n[5.4.17-2102.200.5]\n- vhost scsi: alloc vhost_scsi with kvzalloc() to avoid delay (Dongli Zhang) [Orabug: 32471659] \n- arm64: Reserve only 256M on RPi for crashkernel=auto (Vijay Kumar) [Orabug: 32454711] \n- nbd: freeze the queue while were adding connections (Josef Bacik) [Orabug: 32447284] {CVE-2021-3348}\n- futex: Handle faults correctly for PI futexes (Thomas Gleixner) [Orabug: 32447185] {CVE-2021-3347}\n- futex: Simplify fixup_pi_state_owner() (Thomas Gleixner) [Orabug: 32447185] {CVE-2021-3347}\n- futex: Use pi_state_update_owner() in put_pi_state() (Thomas Gleixner) [Orabug: 32447185] {CVE-2021-3347}\n- rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (Thomas Gleixner) [Orabug: 32447185] {CVE-2021-3347}\n- futex: Provide and use pi_state_update_owner() (Thomas Gleixner) [Orabug: 32447185] {CVE-2021-3347}\n- futex: Replace pointless printk in fixup_owner() (Thomas Gleixner) [Orabug: 32447185] {CVE-2021-3347}\n- futex: Ensure the correct return value from futex_lock_pi() (Thomas Gleixner) [Orabug: 32447185] {CVE-2021-3347}\n- uek-rpm: Enable Oracle Pilot BMC module (Eric Snowberg) [Orabug: 32422661] \n- hwmon: Add a new Oracle Pilot BMC driver (Eric Snowberg) [Orabug: 32422661] \n- rds: avoid crash on IB conn path shutdown prepare (Alan Maguire) [Orabug: 32466763] \n- mm/memcontrol: Increase threshold for draining per-cpu stocked bytes (Imran Khan) [Orabug: 32314559]\n[5.4.17-2102.200.4]\n- Revert rds: Deregister all FRWR mr with free_mr (aru kolappan) [Orabug: 32426609] \n- thermal: intel_pch_thermal: Add PCI ids for Lewisburg PCH. (Andres Freund) [Orabug: 32424704] \n- thermal: intel: intel_pch_thermal: Add Cannon Lake Low Power PCH support (Sumeet Pawnikar) [Orabug: 32424704] \n- thermal: intel: intel_pch_thermal: Add Comet Lake (CML) platform support (Gayatri Kammela) [Orabug: 32424704] \n- KVM: x86: Expose AVX512_FP16 for supported CPUID (Cathy Zhang) [Orabug: 32424461] \n- x86/kvm: Expose TSX Suspend Load Tracking feature (Cathy Zhang) [Orabug: 32424461] \n- x86: Expose SERIALIZE for supported cpuid (Paolo Bonzini) [Orabug: 32424461] \n- KVM: x86: Expose fast short REP MOV for supported cpuid (Zhenyu Wang) [Orabug: 32424461] \n- KVM: x86: Expose AVX512 VP2INTERSECT in cpuid for TGL (Zhenyu Wang) [Orabug: 32424461] \n- tools: update header files in the tools directory (Thomas Tai) [Orabug: 32424461] \n- x86: Enumerate AVX512 FP16 CPUID feature flag (Kyung Min Park) [Orabug: 32424461] \n- EDAC/i10nm: Add Intel Sapphire Rapids server support (Qiuxu Zhuo) [Orabug: 32424461] \n- EDAC/i10nm: Use readl() to access MMIO registers (Qiuxu Zhuo) [Orabug: 32424461] \n- EDAC: Add DDR5 new memory type (Qiuxu Zhuo) [Orabug: 32424461] \n- EDAC: Add three new memory types (Qiuxu Zhuo) [Orabug: 32424461] \n- x86/cpufeatures: Enumerate ENQCMD and ENQCMDS instructions (Fenghua Yu) [Orabug: 32424461] \n- x86/cpufeatures: Enumerate TSX suspend load address tracking instructions (Kyung Min Park) [Orabug: 32424461] \n- x86/cpufeatures: Add enumeration for SERIALIZE instruction (Ricardo Neri) [Orabug: 32424461] \n- x86/split_lock: Enable the split lock feature on Sapphire Rapids and Alder Lake CPUs (Fenghua Yu) [Orabug: 32424461] \n- x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family (Tony Luck) [Orabug: 32424461] \n- x86/cpufeatures: Add Architectural LBRs feature bit (Kan Liang) [Orabug: 32424461] \n- powercap: intel_rapl: add support for Sapphire Rapids (Zhang Rui) [Orabug: 32424461] \n- x86/cpu: Add Sapphire Rapids CPU model number (Tony Luck) [Orabug: 32424461] \n- EDAC, {skx,i10nm}: Use CPU stepping macro to pass configurations (Qiuxu Zhuo) [Orabug: 32424461] \n- x86/cpu: Add a X86_MATCH_INTEL_FAM6_MODEL_STEPPINGS() macro (Borislav Petkov) [Orabug: 32424461] \n- powercap/intel_rapl: Convert to new X86 CPU match macros (Thomas Gleixner) [Orabug: 32424461] \n- powercap/intel_rapl: add support for TigerLake Mobile (Zhang Rui) [Orabug: 32424461] \n- powercap/intel_rapl: add support for JasperLake (Zhang Rui) [Orabug: 32424461] \n- x86/cpufeatures: Add support for fast short REP; MOVSB (Tony Luck) [Orabug: 32424461] \n- powercap/intel_rapl: add support for Cometlake desktop (Zhang Rui) [Orabug: 32424461] \n- powercap/intel_rapl: add support for CometLake Mobile (Zhang Rui) [Orabug: 32424461] \n- crypto: lib/chacha20poly1305 - define empty module exit function (Jason A. Donenfeld) [Orabug: 32417868] \n- A/A Bonding: Add synchronized bundle failback (Gerd Rausch) [Orabug: 32381881]\n[5.4.17-2102.200.3]\n- x86/msr: Add a pointer to an URL which contains further details (Borislav Petkov) [Orabug: 32402424] \n- x86/msr: Downgrade unrecognized MSR message (Borislav Petkov) [Orabug: 32402424] \n- x86/msr: Do not allow writes to MSR_IA32_ENERGY_PERF_BIAS (Borislav Petkov) [Orabug: 32402424] \n- x86/msr: Filter MSR writes (Borislav Petkov) [Orabug: 32402424] \n- tools/power/x86_energy_perf_policy: Read energy_perf_bias from sysfs (Borislav Petkov) [Orabug: 32402424] \n- tools/power/turbostat: Read energy_perf_bias from sysfs (Borislav Petkov) [Orabug: 32402424] \n- tools/power/cpupower: Read energy_perf_bias from sysfs (Borislav Petkov) [Orabug: 32402424] \n- scsi: qla2xxx: Fix return of uninitialized value in rval (Colin Ian King) [Orabug: 32401797]\n[5.4.17-2102.200.2]\n- A/A Bonding: Fix a one-byte-off kmalloc (Hakon Bugge) [Orabug: 32380823] \n- uek-rpm: Report removed symbols also during kabi check (Somasundaram Krishnasamy) [Orabug: 32380065] \n- netfilter: add and use nf_hook_slow_list() (Florian Westphal) [Orabug: 32372529] {CVE-2021-20177}\n- net/rds: Fix gfp_t parameter (Hans Westgaard Ry) [Orabug: 32372157] \n- uek-rpm: update kABI lists for new symbol (Dan Duval) [Orabug: 32341061] \n- scsi: qla2xxx: Do not consume srb greedily (Daniel Wagner) [Orabug: 32346794] \n- scsi: qla2xxx: Use constant when it is known (Pavel Machek (CIP)) [Orabug: 32346794] \n- scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (Ye Bin) [Orabug: 32346794] \n- scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (Ye Bin) [Orabug: 32346794] \n- scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (Ye Bin) [Orabug: 32346794] \n- scsi: qla2xxx: Update version to 10.02.00.103-k (Nilesh Javali) [Orabug: 32346794] \n- scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Fix reset of MPI firmware (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Fix MPI reset needed message (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Fix buffer-buffer credit extraction error (Quinn Tran) [Orabug: 32346794] \n- scsi: qla2xxx: Correct the check for sscanf() return value (Saurav Kashyap) [Orabug: 32346794] \n- scsi: qla2xxx: Update version to 10.02.00.102-k (Nilesh Javali) [Orabug: 32346794] \n- scsi: qla2xxx: Add SLER and PI control support (Saurav Kashyap) [Orabug: 32346794] \n- scsi: qla2xxx: Add IOCB resource tracking (Quinn Tran) [Orabug: 32346794] \n- scsi: qla2xxx: Add rport fields in debugfs (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Make tgt_port_database available in initiator mode (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Fix I/O errors during LIP reset tests (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Performance tweak (Quinn Tran) [Orabug: 32346794] \n- scsi: qla2xxx: Fix memory size truncation (Quinn Tran) [Orabug: 32346794] \n- scsi: qla2xxx: Reduce duplicate code in reporting speed (Quinn Tran) [Orabug: 32346794] \n- scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Setup debugfs entries for remote ports (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Fix I/O failures during remote port toggle testing (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Remove unneeded variable rval (Jason Yan) [Orabug: 32346794] \n- scsi: qla2xxx: Handle incorrect entry_type entries (Daniel Wagner) [Orabug: 32346794] \n- scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (Daniel Wagner) [Orabug: 32346794] \n- scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (Daniel Wagner) [Orabug: 32346794] \n- scsi: qla2xxx: Fix the return value (Xianting Tian) [Orabug: 32346794] \n- scsi: qla2xxx: Fix the size used in a dma_free_coherent() call (Christophe JAILLET) [Orabug: 32346794] \n- scsi: qla2xxx: Remove pci-dma-compat wrapper API (Suraj Upadhyay) [Orabug: 32346794] \n- scsi: qla2xxx: Remove superfluous memset() (Li Heng) [Orabug: 32346794] \n- scsi: qla2xxx: Fix regression on sparc64 (Rene Rebe) [Orabug: 32346794] \n- scsi: qla2xxx: Address a set of sparse warnings (Shyam Sundar) [Orabug: 32346794] \n- scsi: qla2xxx: SAN congestion management implementation (Shyam Sundar) [Orabug: 32346794] \n- scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (Shyam Sundar) [Orabug: 32346794] \n- scsi: qla2xxx: Introduce a function for computing the debug message prefix (Bart Van Assche) [Orabug: 32346794] \n- scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (Bart Van Assche) [Orabug: 32346794] \n- scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (Bart Van Assche) [Orabug: 32346794] \n- scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (Bart Van Assche) [Orabug: 32346794] \n- scsi: qla2xxx: Remove a superfluous cast (Bart Van Assche) [Orabug: 32346794] \n- scsi: qla2xxx: Initialize n before using it (Bart Van Assche) [Orabug: 32346794] \n- scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (Bart Van Assche) [Orabug: 32346794] \n- scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (Bart Van Assche) [Orabug: 32346794] \n- scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (Bart Van Assche) [Orabug: 32346794] \n- target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 32374281] {CVE-2020-28374}\n- A/A Bonding: Introduce selective interface name inclusion (Hakon Bugge) [Orabug: 32350973] \n- uek-rpm: add nfs_ssc to nano_modules (Calum Mackay) [Orabug: 32351789]\n[5.4.17-2102.200.1]\n- x86/process: Mark cpu inactive before offlining (Mridula Shastry) [Orabug: 32361529] \n- selftests/net: remove rds.h from rds_echo.c (John Donnelly) [Orabug: 32351408] \n- mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349202] {CVE-2020-36158}\n- add license checking to kABI checker (Dan Duval) [Orabug: 32355205]\n[5.4.17-2102.200.0]\n- lockd: dont use interval-based rebinding over TCP (Calum Mackay) [Orabug: 32337714] \n- tools: update header files in the tools directory (Thomas Tai) [Orabug: 32316504] \n- perf: Fix a kABI breakage in perf_event.h (Thomas Tai) [Orabug: 32316504] \n- perf/x86: Fix n_metric for cancelled txn (Peter Zijlstra) [Orabug: 32316504] \n- perf/x86: Fix n_pair for cancelled txn (Peter Zijlstra) [Orabug: 32316504] \n- perf/x86/intel: Check perf metrics feature for each CPU (Kan Liang) [Orabug: 32316504] \n- perf/x86/intel: Support per-thread RDPMC TopDown metrics (Kan Liang) [Orabug: 32316504] \n- perf/x86/intel: Support TopDown metrics on Ice Lake (Kan Liang) [Orabug: 32316504] \n- perf/x86: Use event_base_rdpmc for the RDPMC userspace support (Kan Liang) [Orabug: 32316504] \n- perf/x86: Add a macro for RDPMC offset of fixed counters (Kan Liang) [Orabug: 32316504] \n- perf/x86/intel: Generic support for hardware TopDown metrics (Kan Liang) [Orabug: 32316504] \n- perf/core: Add a new PERF_EV_CAP_SIBLING event capability (Kan Liang) [Orabug: 32316504] \n- perf/core: Unify {pinned,flexible}_sched_in() (Peter Zijlstra) [Orabug: 32316504] \n- perf/x86/intel: Use switch in intel_pmu_disable/enable_event (Kan Liang) [Orabug: 32316504] \n- perf/x86: Keep LBR records unchanged in host context for guest usage (Like Xu) [Orabug: 32316504] \n- perf/x86/intel: Fix the name of perf METRICS (Kan Liang) [Orabug: 32316504] \n- perf/x86/intel: Move BTS index to 47 (Kan Liang) [Orabug: 32316504] \n- perf/x86/intel: Introduce the fourth fixed counter (Kan Liang) [Orabug: 32316504] \n- perf/x86/intel: Name the global status bit in NMI handler (Kan Liang) [Orabug: 32316504] \n- perf/x86: Add constraint to create guest LBR event without hw counter (Like Xu) [Orabug: 32316504] \n- perf/x86/lbr: Add interface to get LBR information (Like Xu) [Orabug: 32316504] \n- perf/x86/core: Refactor hw->idx checks and cleanup (Like Xu) [Orabug: 32316504] \n- perf/x86/intel: Avoid unnecessary PEBS_ENABLE MSR access in PMI (Kan Liang) [Orabug: 32316504] \n- perf/x86: Provide stubs of KVM helpers for non-Intel CPUs (Sean Christopherson) [Orabug: 32316504] \n- partitions/efi: Enable no warning option for the GPT warnings related to alternative header (Saeed Mirzamohammadi) [Orabug: 32302135] \n- xen-blkback: set ring->xenblkd to NULL after kthread_stop() (Pawel Wieczorkiewicz) [Orabug: 32260251] {CVE-2020-29569}\n- Revert cpu/hotplug: avoid race between cpuset_hotplug_workfn and later hotplug (Daniel Jordan) [Orabug: 32295228] \n- cpuset: fix race between hotplug work and later CPU offline (Daniel Jordan) [Orabug: 32295228] \n- uek-rpm: aarch64: update PMU configs for Altra (Dave Kleikamp) [Orabug: 32290042] \n- driver/perf: Add PMU driver for the ARM DMC-620 memory controller (Tuan Phan) [Orabug: 32290042] \n- perf: arm-cmn: Fix conversion specifiers for node type (Will Deacon) [Orabug: 32290042] \n- perf: arm-cmn: Fix unsigned comparison to less than zero (Will Deacon) [Orabug: 32290042] \n- perf: Add Arm CMN-600 PMU driver (Robin Murphy) [Orabug: 32290042] \n- perf: Add Arm CMN-600 DT binding (Robin Murphy) [Orabug: 32290042] \n- perf: arm_dsu: Support DSU ACPI devices (Tuan Phan) [Orabug: 32290042] \n- ACPI: APEI: Kick the memory_failure() queue for synchronous errors (James Morse) [Orabug: 32290042] \n- iommu/arm-smmu-v3: Dont reserve implementation defined register space (Jean-Philippe Brucker) [Orabug: 32290042] \n- Revert BACKPORT: perf: Add Arm CMN-600 DT binding (Dave Kleikamp) [Orabug: 32290042] \n- Revert BACKPORT: WIP: perf: Add Arm CMN-600 PMU driver (Dave Kleikamp) [Orabug: 32290042] \n- Revert BACKPORT: WIP: perf/arm-cmn: Add ACPI support (Dave Kleikamp) [Orabug: 32290042] \n- Revert perf: Add ARM DMC-620 PMU driver. (Dave Kleikamp) [Orabug: 32290042] \n- Revert BACKPORT: ACPI / APEI: Kick the memory_failure() queue for synchronous errors (Dave Kleikamp) [Orabug: 32290042] \n- Revert Perf: arm-cmn: Allow irq to be shared. (Dave Kleikamp) [Orabug: 32290042] \n- Revert perf: arm_cmn: improve and make it work on 2P. (Dave Kleikamp) [Orabug: 32290042] \n- Revert perf: arm_dsu: Allow IRQ to be shared among devices. (Dave Kleikamp) [Orabug: 32290042] \n- Revert perf: arm_dsu: Support ACPI mode. (Dave Kleikamp) [Orabug: 32290042] \n- Revert perf: arm_dmc620: Update ACPI ID. (Dave Kleikamp) [Orabug: 32290042] \n- Revert perf: avoid breaking KABI by reusing enum (Dave Kleikamp) [Orabug: 32290042] \n- Revert perf/smmuv3: Allow sharing MMIO registers with the SMMU driver (Dave Kleikamp) [Orabug: 32290042] \n- xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park) [Orabug: 32253408] {CVE-2020-29568}\n- xen/xenbus: Count pending messages for each watch (SeongJae Park) [Orabug: 32253408] {CVE-2020-29568}\n- xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae Park) [Orabug: 32253408] {CVE-2020-29568}\n- xen/xenbus: Add will_handle callback support in xenbus_watch_path() (SeongJae Park) [Orabug: 32253408] {CVE-2020-29568}\n- xen/xenbus: Allow watches discard events before queueing (SeongJae Park) [Orabug: 32253408] {CVE-2020-29568}\n[5.4.17-2051]\n- futex: Fix inode life-time issue (Peter Zijlstra) [Orabug: 32233513] {CVE-2020-14381}\n- uek-rpm: Add nvme-tcp and nvme-rdma to ol7 and ol8 nano kernels (Alan Adamson) [Orabug: 32230382] \n- intel_idle: Customize IceLake server support (Chen Yu) [Orabug: 32218857] \n- dm crypt: Allow unaligned bio buffer lengths for skcipher devices (Sudhakar Panneerselvam) [Orabug: 32210420] \n- uek-rpm: enable VDPA subsystem and drivers (Si-Wei Liu) [Orabug: 32121107] \n- vdpa/mlx5: Fix dependency on MLX5_CORE (Eli Cohen) [Orabug: 32121107] \n- vdpa/mlx5: should keep avail_index despite device status (Si-Wei Liu) [Orabug: 32121107] \n- vdpa/mlx5: Avoid warnings about shifts on 32-bit platforms (Nathan Chancellor) [Orabug: 32121107] \n- vdpa/mlx5: fix up endian-ness for mtu (Michael S. Tsirkin) [Orabug: 32121107] \n- vdpa/mlx5: Fix pointer math in mlx5_vdpa_get_config() (Dan Carpenter) [Orabug: 32121107] \n- vdpa/mlx5: fix memory allocation failure checks (Colin Ian King) [Orabug: 32121107] \n- vdpa/mlx5: Fix uninitialised variable in core/mr.c (Alex Dewar) [Orabug: 32121107] \n- vdpa/mlx5: Add VDPA driver for supported mlx5 devices (Eli Cohen) [Orabug: 32121107] \n- vdpa/mlx5: Add shared memory registration code (Eli Cohen) [Orabug: 32121107] \n- vdpa/mlx5: Add support library for mlx5 VDPA implementation (Eli Cohen) [Orabug: 32121107] \n- vdpa/mlx5: Add hardware descriptive header file (Eli Cohen) [Orabug: 32121107] \n- net/mlx5: Add interface changes required for VDPA (Eli Cohen) [Orabug: 32121107] \n- net/mlx5: Expose vDPA emulation device capabilities (Yishai Hadas) [Orabug: 32121107] \n- net/mlx5: Add Virtio Emulation related device capabilities (Yishai Hadas) [Orabug: 32121107] \n- net/mlx5: Add VDPA interface type to supported enumerations (Eli Cohen) [Orabug: 32121107] \n- net/mlx5: Support setting access rights of dma addresses (Eli Cohen) [Orabug: 32121107] \n- net/mlx5: Provide simplified command interfaces (Leon Romanovsky) [Orabug: 32121107] \n- vhost-vdpa: fix page pinning leakage in error path (rework) (Si-Wei Liu) [Orabug: 32121107] \n- vhost-vdpa: fix vhost_vdpa_map() on error condition (Si-Wei Liu) [Orabug: 32121107] \n- vhost: Dont call log_access_ok() when using IOTLB (Greg Kurz) [Orabug: 32121107] \n- vhost vdpa: fix vhost_vdpa_open error handling (Mike Christie) [Orabug: 32121107] \n- vhost-vdpa: fix backend feature ioctls (Jason Wang) [Orabug: 32121107] \n- vhost: Fix documentation (Eli Cohen) [Orabug: 32121107] \n- vhost-iotlb: fix vhost_iotlb_itree_next() documentation (Stefano Garzarella) [Orabug: 32121107] \n- vdpa: Fix pointer math bug in vdpasim_get_config() (Dan Carpenter) [Orabug: 32121107] \n- vdpa_sim: init iommu lock (Michael S. Tsirkin) [Orabug: 32121107] \n- vdpa: Modify get_vq_state() to return error code (Eli Cohen) [Orabug: 32121107] \n- net/vdpa: Use struct for set/get vq state (Eli Cohen) [Orabug: 32121107] \n- vdpa: remove hard coded virtq num (Max Gurtovoy) [Orabug: 32121107] \n- vdpasim: support batch updating (Jason Wang) [Orabug: 32121107] \n- vhost-vdpa: support IOTLB batching hints (Jason Wang) [Orabug: 32121107] \n- vhost-vdpa: support get/set backend features (Jason Wang) [Orabug: 32121107] \n- vhost: generialize backend features setting/getting (Jason Wang) [Orabug: 32121107] \n- vhost-vdpa: refine ioctl pre-processing (Jason Wang) [Orabug: 32121107] \n- vDPA: dont change vq irq after DRIVER_OK (Zhu Lingshan) [Orabug: 32121107] \n- irqbypass: do not start cons/prod when failed connect (Zhu Lingshan) [Orabug: 32121107] \n- vhost_vdpa: implement IRQ offloading in vhost_vdpa (Zhu Lingshan) [Orabug: 32121107] \n- vDPA: add get_vq_irq() in vdpa_config_ops (Zhu Lingshan) [Orabug: 32121107] \n- kvm: detect assigned device via irqbypass manager (Zhu Lingshan) [Orabug: 32121107] \n- vhost: introduce vhost_vring_call (Zhu Lingshan) [Orabug: 32121107] \n- vdpasim: protect concurrent access to iommu iotlb (Max Gurtovoy) [Orabug: 32121107] \n- vhost: vdpa: remove per device feature whitelist (Jason Wang) [Orabug: 32121107] \n- virtio_net: use LE accessors for speed/duplex (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio-iommu: convert to LE accessors (Michael S. Tsirkin) [Orabug: 32121107] \n- drm/virtio: convert to LE accessors (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_pmem: convert to LE accessors (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_crypto: convert to LE accessors (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_fs: convert to LE accessors (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_input: convert to LE accessors (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_balloon: use LE config space accesses (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_config: rewrite LE accessors without _Generic (Si-Wei Liu) [Orabug: 32121107] \n- virtio_config: fix up warnings on parisc (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_config: add virtio_cread_le_feature (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_caif: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_config: LE config space accessors (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_config: cread/write cleanup (Michael S. Tsirkin) [Orabug: 32121107] \n- vdpa_sim: fix endian-ness of config space (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_vdpa: legacy features handling (Michael S. Tsirkin) [Orabug: 32121107] \n- vhost/vdpa: switch to new helpers (Michael S. Tsirkin) [Orabug: 32121107] \n- vdpa: make sure set_features is invoked for legacy (Michael S. Tsirkin) [Orabug: 32121107] \n- mlxbf-tmfifo: sparse tags for config access (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_scsi: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_pmem: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_net: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_input: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_gpu: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_fs: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_crypto: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_console: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_blk: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_balloon: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_9p: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio: allow __virtioXX, __leXX in config space (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_ring: sparse warning fixup (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio: VIRTIO_F_IOMMU_PLATFORM -> VIRTIO_F_ACCESS_PLATFORM (Michael S. Tsirkin) [Orabug: 32121107] \n- vhost_vdpa: Fix potential underflow in vhost_vdpa_mmap() (Dan Carpenter) [Orabug: 32121107] \n- vdpa: fix typos in the comments for __vdpa_alloc_device() (Jason Wang) [Orabug: 32121107] \n- vhost_vdpa: Support config interrupt in vdpa (Zhu Lingshan) [Orabug: 32121107] \n- vdpasim: Fix some coccinelle warnings (Samuel Zou) [Orabug: 32121107] \n- vhost_vdpa: disable doorbell mapping for !MMU (Michael S. Tsirkin) [Orabug: 32121107] \n- vhost_vdpa: support doorbell mapping via mmap (Jason Wang) [Orabug: 32121107] \n- vdpa: introduce get_vq_notification method (Jason Wang) [Orabug: 32121107] \n- vdpasim: remove unused variable ret (YueHaibing) [Orabug: 32121107] \n- vdpa: fix comment of vdpa_register_device() (Jason Wang) [Orabug: 32121107] \n- vdpa: make vhost, virtio depend on menu (Michael S. Tsirkin) [Orabug: 32121107] \n- vdpa: allow a 32 bit vq alignment (Michael S. Tsirkin) [Orabug: 32121107] \n- vdpasim: Return status in vdpasim_get_status (YueHaibing) [Orabug: 32121107] \n- vhost: remove set but not used variable status (Jason Yan) [Orabug: 32121107] \n- vhost: vdpa: remove unnecessary null check (Gustavo A. R. Silva) [Orabug: 32121107] \n- vdpa-sim: depend on HAS_DMA (Michael S. Tsirkin) [Orabug: 32121107] \n- vdpa: move to drivers/vdpa (Michael S. Tsirkin) [Orabug: 32121107] \n- vdpasim: vDPA device simulator (Jason Wang) [Orabug: 32121107] \n- vhost: introduce vDPA-based backend (Tiwei Bie) [Orabug: 32121107] \n- virtio: introduce a vDPA based transport (Jason Wang) [Orabug: 32121107] \n- vDPA: introduce vDPA bus (Jason Wang) [Orabug: 32121107] \n- scsi: mpt3sas: Update driver version to 36.100.00.00 (Suganath Prabu S) [Orabug: 32242278] \n- scsi: mpt3sas: Handle trigger page after firmware update (Suganath Prabu S) [Orabug: 32242278] \n- scsi: mpt3sas: Add persistent MPI trigger page (Suganath Prabu S) [Orabug: 32242278] \n- scsi: mpt3sas: Add persistent SCSI sense trigger page (Suganath Prabu S) [Orabug: 32242278] \n- scsi: mpt3sas: Add persistent Event trigger page (Suganath Prabu S) [Orabug: 32242278] \n- scsi: mpt3sas: Add persistent Master trigger page (Suganath Prabu S) [Orabug: 32242278] \n- scsi: mpt3sas: Add persistent trigger pages support (Suganath Prabu S) [Orabug: 32242278] \n- scsi: mpt3sas: Sync time periodically between driver and firmware (Suganath Prabu S) [Orabug: 32242278] \n- scsi: mpt3sas: Bump driver version to 35.101.00.00 (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Add module parameter multipath_on_hba (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Handle vSES vphy object during HBA reset (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Add bypass_dirty_port_flag parameter (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Handling HBA vSES device (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Set valid PhysicalPort in SMPPassThrough (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Update hba_port objects after host reset (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Get sas_device objects using devices rphy (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Rename transport_del_phy_from_an_existing_port() (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Get device objects using sas_address & portID (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Update hba_ports sas_address & phy_mask (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Rearrange _scsih_mark_responding_sas_device() (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Allocate memory for hba_port objects (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Define hba_port structure (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Fix ioctl timeout (Suganath Prabu S) [Orabug: 32242278] \n- kabi: fix issues with slab memory allocator. (Libo Chen) [Orabug: 32119767] \n- mm: memcg/slab: uncharge during kmem_cache_free_bulk() (Bharata B Rao) [Orabug: 32119767] \n- mm: memcg/slab: fix racy access to page->mem_cgroup in mem_cgroup_from_obj() (Roman Gushchin) [Orabug: 32119767] \n- mm: slab: fix potential double free in ___cache_free (Shakeel Butt) [Orabug: 32119767] \n- mm: memcontrol: restore proper dirty throttling when memory.high changes (Johannes Weiner) [Orabug: 32119767] \n- mm: memcontrol: avoid workload stalls when lowering memory.high (Roman Gushchin) [Orabug: 32119767] \n- mm: kmem: switch to static_branch_likely() in memcg_kmem_enabled() (Roman Gushchin) [Orabug: 32119767] \n- mm: slab: rename (un)charge_slab_page() to (un)account_slab_page() (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: remove unused argument by charge_slab_page() (Roman Gushchin) [Orabug: 32119767] \n- tools/cgroup: add memcg_slabinfo.py tool (Roman Gushchin) [Orabug: 32119767] \n- kselftests: cgroup: add kernel memory accounting tests (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: use a single set of kmem_caches for all allocations (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: remove redundant check in memcg_accumulate_slabinfo() (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: deprecate slab_root_caches (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: remove memcg_kmem_get_cache() (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: simplify memcg cache creation (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: use a single set of kmem_caches for all accounted allocations (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: move memcg_kmem_bypass() to memcontrol.h (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: deprecate memory.kmem.slabinfo (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: charge individual slab objects instead of pages (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: save obj_cgroup for non-root slab objects (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: allocate obj_cgroups for non-root slab pages (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: obj_cgroup API (Roman Gushchin) [Orabug: 32119767] \n- mm: slub: implement SLUB version of obj_to_index() (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg: convert vmstat slab counters to bytes (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg: prepare for byte-sized vmstat items (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg: factor out memcg- and lruvec-level changes out of __mod_lruvec_state() (Roman Gushchin) [Orabug: 32119767] \n- mm: kmem: make memcg_kmem_enabled() irreversible (Roman Gushchin) [Orabug: 32119767] \n- mm, slab/slub: improve error reporting and overhead of cache_from_obj() (Vlastimil Babka) [Orabug: 32119767] \n- mm, slub: introduce kmem_cache_debug_flags() (Vlastimil Babka) [Orabug: 32119767] \n- mm, slab: fix sign conversion problem in memcg_uncharge_slab() (Waiman Long) [Orabug: 32119767] \n- memcg: fix memcg_kmem_bypass() for remote memcg charging (Zefan Li) [Orabug: 32119767] \n- slub: Remove userspace notifier for cache add/remove (Christoph Lameter) [Orabug: 32119767] \n- mm: kmem: rename (__)memcg_kmem_(un)charge_memcg() to __memcg_kmem_(un)charge() (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: cache page number in memcg_(un)charge_slab() (Roman Gushchin) [Orabug: 32119767] \n- mm: kmem: switch to nr_pages in (__)memcg_kmem_charge_memcg() (Roman Gushchin) [Orabug: 32119767] \n- mm: kmem: rename memcg_kmem_(un)charge() into memcg_kmem_(un)charge_page() (Roman Gushchin) [Orabug: 32119767] \n- mm: kmem: cleanup memcg_kmem_uncharge_memcg() arguments (Roman Gushchin) [Orabug: 32119767] \n- mm: kmem: cleanup (__)memcg_kmem_charge_memcg() arguments (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: use mem_cgroup_from_obj() (Roman Gushchin) [Orabug: 32119767] \n- mm/slub.c: avoid slub allocation while holding list_lock (Yu Zhao) [Orabug: 32119767] \n- mm: clean up and clarify lruvec lookup procedure (Johannes Weiner) [Orabug: 32119767] \n- mm: memcontrol: try harder to set a new memory.high (Johannes Weiner) [Orabug: 32119767] \n- mm/slub.c: clean up validate_slab() (Yu Zhao) [Orabug: 32119767] \n- Linux 5.4.83 (Greg Kroah-Hartman) \n- Revert geneve: pull IP header before ECN decapsulation (Jakub Kicinski) \n- x86/insn-eval: Use new for_each_insn_prefix() macro to loop over prefixes bytes (Masami Hiramatsu) \n- netfilter: nftables_offload: set address type in control dissector (Pablo Neira Ayuso) \n- netfilter: nf_tables: avoid false-postive lockdep splat (Florian Westphal) \n- Input: i8042 - fix error return code in i8042_setup_aux() (Luo Meng) \n- dm writecache: remove BUG() and fail gracefully instead (Mike Snitzer) \n- i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc() (Zhihao Cheng) \n- rtw88: debug: Fix uninitialized memory in debugfs code (Dan Carpenter) \n- ASoC: wm_adsp: fix error return code in wm_adsp_load() (Luo Meng) \n- tipc: fix a deadlock when flushing scheduled work (Hoang Huu Le) \n- netfilter: ipset: prevent uninit-value in hash_ip6_add (Eric Dumazet) \n- gfs2: check for empty rgrp tree in gfs2_ri_update (Bob Peterson) \n- can: af_can: can_rx_unregister(): remove WARN() statement from list operation sanity check (Oliver Hartkopp) \n- lib/syscall: fix syscall registers retrieval on 32-bit platforms (Willy Tarreau) {CVE-2020-28588}\n- tracing: Fix userstacktrace option for instances (Steven Rostedt (VMware)) \n- iommu/amd: Set DTE[IntTabLen] to represent 512 IRTEs (Suravee Suthikulpanit) \n- spi: bcm2835: Release the DMA channel if probe fails after dma_init (Peter Ujfalusi) \n- i2c: imx: Check for I2SR_IAL after every byte (Christian Eggers) \n- i2c: imx: Fix reset of I2SR_IAL flag (Christian Eggers) \n- speakup: Reject setting the speakup line discipline outside of speakup (Samuel Thibault) \n- mm/swapfile: do not sleep with a spin lock held (Qian Cai) \n- mm: list_lru: set shrinker map bit when child nr_items is not zero (Yang Shi) \n- coredump: fix core_pattern parse error (Menglong Dong) \n- x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes (Masami Hiramatsu) \n- dm: remove invalid sparse __acquires and __releases annotations (Mike Snitzer) \n- dm: fix bug with RCU locking in dm_blk_report_zones (Sergei Shtepa) \n- powerpc/pseries: Pass MSI affinity to irq_create_mapping() (Laurent Vivier) \n- genirq/irqdomain: Add an irq_create_mapping_affinity() function (Laurent Vivier) \n- powerpc/64s/powernv: Fix memory corruption when saving SLB entries on MCE (Nicholas Piggin) \n- dm writecache: fix the maximum number of arguments (Mikulas Patocka) \n- scsi: mpt3sas: Fix ioctl timeout (Suganath Prabu S) \n- drm/i915/gt: Program mocs:63 for cache eviction on gen9 (Chris Wilson) \n- thunderbolt: Fix use-after-free in remove_unplugged_switch() (Mika Westerberg) \n- i2c: imx: Dont generate STOP condition if arbitration has been lost (Christian Eggers) \n- cifs: fix potential use-after-free in cifs_echo_request() (Paulo Alcantara) \n- cifs: allow syscalls to be restarted in __smb_send_rqst() (Paulo Alcantara) \n- ftrace: Fix updating FTRACE_FL_TRAMP (Naveen N. Rao) \n- ALSA: hda/generic: Add option to enforce preferred_dacs pairs (Takashi Iwai) \n- ALSA: hda/realtek - Add new codec supported for ALC897 (Kailang Yang) \n- ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294 (Jian-Hong Pan) \n- ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model (Takashi Iwai) \n- ALSA: hda/realtek: Fix bass speaker DAC assignment on Asus Zephyrus G14 (Takashi Iwai) \n- tty: Fix ->session locking (Jann Horn) \n- tty: Fix ->pgrp locking in tiocspgrp() (Jann Horn) \n- USB: serial: option: fix Quectel BG96 matching (Bjorn Mork) \n- USB: serial: option: add support for Thales Cinterion EXS82 (Giacinto Cifelli) \n- USB: serial: option: add Fibocom NL668 variants (Vincent Palatin) \n- USB: serial: ch341: sort device-id entries (Johan Hovold) \n- USB: serial: ch341: add new Product ID for CH341A (Jan-Niklas Burfeind) \n- USB: serial: kl5kusb105: fix memleak on open (Johan Hovold) \n- usb: gadget: f_fs: Use local copy of descriptors for userspace copy (Vamsi Krishna Samavedam) \n- Partially revert bpf: Zero-fill re-used per-cpu map element (Sasha Levin) \n- pinctrl: baytrail: Fix pin being driven low for a while on gpiod_get(..., GPIOD_OUT_HIGH) (Hans de Goede) \n- pinctrl: baytrail: Replace WARN with dev_info_once when setting direct-irq pin to output (Hans de Goede) \n- Linux 5.4.82 (Greg Kroah-Hartman) \n- RDMA/i40iw: Address an mmap handler exploit in i40iw (Shiraz Saleem) \n- tracing: Remove WARN_ON in start_thread() (Vasily Averin) \n- Input: i8042 - add ByteSpeed touchpad to noloop table (Po-Hsu Lin) \n- Input: xpad - support Ardwiino Controllers (Sanjay Govind) \n- ALSA: usb-audio: US16x08: fix value count for level meters (Hector Martin) \n- net/mlx5: Fix wrong address reclaim when command interface is down (Eran Ben Elisha) \n- net/mlx5: DR, Proper handling of unsupported Connect-X6DX SW steering (Yevgeny Kliteynik) \n- net/sched: act_mpls: ensure LSE is pullable before reading it (Davide Caratti) \n- net: openvswitch: ensure LSE is pullable before reading it (Davide Caratti) \n- net: skbuff: ensure LSE is pullable before decrementing the MPLS ttl (Davide Caratti) \n- net: mvpp2: Fix error return code in mvpp2_open() (Wang Hai) \n- chelsio/chtls: fix a double free in chtls_setkey() (Dan Carpenter) \n- vxlan: fix error return code in __vxlan_dev_create() (Zhang Changzhong) \n- net: pasemi: fix error return code in pasemi_mac_open() (Zhang Changzhong) \n- cxgb3: fix error return code in t3_sge_alloc_qset() (Zhang Changzhong) \n- net/x25: prevent a couple of overflows (Dan Carpenter) \n- net: ip6_gre: set dev->hard_header_len when using header_ops (Antoine Tenart) \n- geneve: pull IP header before ECN decapsulation (Eric Dumazet) \n- inet_ecn: Fix endianness of checksum update when setting ECT(1) (Toke Hoiland-Jorgensen) \n- ibmvnic: Fix TX completion error handling (Thomas Falcon) \n- ibmvnic: Ensure that SCRQ entry reads are correctly ordered (Thomas Falcon) \n- chelsio/chtls: fix panic during unload reload chtls (Vinay Kumar Yadav) \n- dt-bindings: net: correct interrupt flags in examples (Krzysztof Kozlowski) \n- ipv4: Fix tos mask in inet_rtm_getroute() (Guillaume Nault) \n- netfilter: bridge: reset skb->pkt_type after NF_INET_POST_ROUTING traversal (Antoine Tenart) \n- sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list (Vincent Guittot) \n- ima: extend boot_aggregate with kernel measurements (Maurizio Drocco) \n- staging/octeon: fix up merge error (Randy Dunlap) \n- bonding: wait for sysfs kobject destruction before freeing struct slave (Jamie Iles) \n- usbnet: ipheth: fix connectivity with iOS 14 (Yves-Alexis Perez) \n- tun: honor IOCB_NOWAIT flag (Jens Axboe) \n- tcp: Set INET_ECN_xmit configuration in tcp_reinit_congestion_control (Alexander Duyck) \n- sock: set sk_err to ee_errno on dequeue from errq (Willem de Bruijn) \n- rose: Fix Null pointer dereference in rose_send_frame() (Anmol Karn) \n- net/tls: Protect from calling tls_dev_del for TLS RX twice (Maxim Mikityanskiy) \n- net/tls: missing received data after fast remote close (Vadim Fedorenko) \n- net/af_iucv: set correct sk_protocol for child sockets (Julian Wiedmann) \n- ipv6: addrlabel: fix possible memory leak in ip6addrlbl_net_init (Wang Hai) \n- devlink: Hold rtnl lock while reading netdev attributes (Parav Pandit)", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-03-31T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14381", "CVE-2020-25639", "CVE-2020-27170", "CVE-2020-27171", "CVE-2020-28374", "CVE-2020-28588", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-36158", "CVE-2021-20177", "CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-3347", "CVE-2021-3348", "CVE-2021-3444"], "modified": "2021-03-31T00:00:00", "id": "ELSA-2021-9140", "href": "http://linux.oracle.com/errata/ELSA-2021-9140.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-26T18:27:51", "description": "[4.18.0-348.OL8]\n- Update Oracle Linux certificates (Kevin Lyons)\n- Disable signing for aarch64 (Ilya Okomin)\n- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]\n- Update x509.genkey [Orabug: 24817676]\n- Conflict with shim-ia32 and shim-x64 <= 15-11.0.5\n[4.18.0-348]\n- drm/nouveau/fifo/ga102: initialise chid on return from channel creation (Ben Skeggs) [1997878]\n- drm/nouveau/ga102-: support ttm buffer moves via copy engine (Ben Skeggs) [1997878]\n- drm/nouveau/kms/tu102-: delay enabling cursor until after assign_windows (Ben Skeggs) [1997878]\n- drm/nouveau/kms/nv50: workaround EFI GOP window channel format differences (Ben Skeggs) [1997878]\n- drm/nouveau/disp: power down unused DP links during init (Ben Skeggs) [1997878]\n- drm/nouveau: recognise GA107 (Ben Skeggs) [1997878]\n[4.18.0-347]\n- PCI: Mark TI C667X to avoid bus reset (Alex Williamson) [1975768]\n[4.18.0-346]\n- redhat: switch secureboot kernel image signing to release keys (Bruno Meneguele)\n- CI: handle RT branches in a single config (Veronika Kabatova)\n- CI: Fix RT check branch name (Veronika Kabatova)\n- CI: Drop private CI config (Veronika Kabatova)\n- CI: extend template use (Veronika Kabatova)\n- Revert 'Merge: mt7921e: enable new Mediatek wireless hardware' (Bruno Meneguele) [2009501]\n- megaraid_sas: fix concurrent access to ISR between IRQ polling and real interrupt (Tomas Henzl) [2009022]\n- scsi: megaraid_sas: mq_poll support (Tomas Henzl) [2009022]\n- [PATCH v2] scsi: qla2xxx: Suppress unnecessary log messages during login (Nilesh Javali) [1982186]\n- scsi: qla2xxx: Fix excessive messages during device logout (Nilesh Javali) [1982186]\n- PCI: pciehp: Ignore Link Down/Up caused by DPC (Myron Stowe) [1981741]\n- arm64: kpti: Fix 'kpti=off' when KASLR is enabled (Mark Salter) [1979731]\n- arm64: Fix CONFIG_ARCH_RANDOM=n build (Mark Salter) [1979731]\n- redhat/configs: aarch64: add CONFIG_ARCH_RANDOM (Mark Salter) [1979731]\n- arm64: Implement archrandom.h for ARMv8.5-RNG (Mark Salter) [1979731]\n- arm64: kconfig: Fix alignment of E0PD help text (Mark Salter) [1979731]\n- arm64: Use register field helper in kaslr_requires_kpti() (Mark Salter) [1979731]\n- arm64: Simplify early check for broken TX1 when KASLR is enabled (Mark Salter) [1979731]\n- arm64: Use a variable to store non-global mappings decision (Mark Salter) [1979731]\n- arm64: Dont use KPTI where we have E0PD (Mark Salter) [1979731]\n- arm64: Factor out checks for KASLR in KPTI code into separate function (Mark Salter) [1979731]\n- redhat/configs: Add CONFIG_ARM64_E0PD (Mark Salter) [1979731]\n- arm64: Add initial support for E0PD (Mark Salter) [1979731]\n- arm64: cpufeature: Export matrix and other features to userspace (Mark Salter) [1980098]\n- arm64: docs: cpu-feature-registers: Document ID_AA64PFR1_EL1 (Mark Salter) [1980098]\n- docs/arm64: cpu-feature-registers: Rewrite bitfields that dont follow [e, s] (Mark Salter) [1980098]\n- docs/arm64: cpu-feature-registers: Documents missing visible fields (Mark Salter) [1980098]\n- arm64: Introduce system_capabilities_finalized() marker (Mark Salter) [1980098]\n- arm64: entry.S: Do not preempt from IRQ before all cpufeatures are enabled (Mark Salter) [1980098]\n- docs/arm64: elf_hwcaps: Document HWCAP_SB (Mark Salter) [1980098]\n- docs/arm64: elf_hwcaps: sort the HWCAP{, 2} documentation by ascending value (Mark Salter) [1980098]\n- arm64: cpufeature: Treat ID_AA64ZFR0_EL1 as RAZ when SVE is not enabled (Mark Salter) [1980098]\n- arm64: cpufeature: Effectively expose FRINT capability to userspace (Mark Salter) [1980098]\n- arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG} (Mark Salter) [1980098]\n- arm64: Expose FRINT capabilities to userspace (Mark Salter) [1980098]\n- arm64: Expose ARMv8.5 CondM capability to userspace (Mark Salter) [1980098]\n- docs: arm64: convert perf.txt to ReST format (Mark Salter) [1980098]\n- docs: arm64: convert docs to ReST and rename to .rst (Mark Salter) [1980098]\n- Documentation/arm64: HugeTLB page implementation (Mark Salter) [1980098]\n- Documentation/arm64/sve: Couple of improvements and typos (Mark Salter) [1980098]\n- arm64: cpufeature: Fix missing ZFR0 in __read_sysreg_by_encoding() (Mark Salter) [1980098]\n- arm64: Expose SVE2 features for userspace (Mark Salter) [1980098]\n- arm64: Advertise ARM64_HAS_DCPODP cpu feature (Mark Salter) [1980098]\n- arm64: add CVADP support to the cache maintenance helper (Mark Salter) [1980098]\n- arm64: Fix minor issues with the dcache_by_line_op macro (Mark Salter) [1980098]\n- arm64: Expose DC CVADP to userspace (Mark Salter) [1980098]\n- arm64: Handle trapped DC CVADP (Mark Salter) [1980098]\n- arm64: HWCAP: encapsulate elf_hwcap (Mark Salter) [1980098]\n- arm64: HWCAP: add support for AT_HWCAP2 (Mark Salter) [1980098]\n- x86/MCE/AMD, EDAC/mce_amd: Add new SMCA bank types (Aristeu Rozanski) [1965331]\n- x86/MCE/AMD, EDAC/mce_amd: Remove struct smca_hwid.xec_bitmap (Aristeu Rozanski) [1965331]\n- EDAC, mce_amd: Print ExtErrorCode and description on a single line (Aristeu Rozanski) [1965331]\n[4.18.0-345]\n- e1000e: Do not take care about recovery NVM checksum (Ken Cox) [1984558]\n- qrtr: disable CONFIG_QRTR for non x86_64 archs (inigo Huguet) [1999642]\n- ceph: fix possible null-pointer dereference in ceph_mdsmap_decode() (Jeff Layton) [1989999]\n- ceph: fix dereference of null pointer cf (Jeff Layton) [1989999]\n- ceph: correctly handle releasing an embedded cap flush (Jeff Layton) [1989999]\n- ceph: take snap_empty_lock atomically with snaprealm refcount change (Jeff Layton) [1989999]\n- ceph: dont WARN if were still opening a session to an MDS (Jeff Layton) [1989999]\n- rbd: dont hold lock_rwsem while running_list is being drained (Jeff Layton) [1989999]\n- rbd: always kick acquire on 'acquired' and 'released' notifications (Jeff Layton) [1989999]\n- ceph: take reference to req->r_parent at point of assignment (Jeff Layton) [1989999]\n- ceph: eliminate ceph_async_iput() (Jeff Layton) [1989999]\n- ceph: dont take s_mutex in ceph_flush_snaps (Jeff Layton) [1989999]\n- ceph: dont take s_mutex in try_flush_caps (Jeff Layton) [1989999]\n- ceph: dont take s_mutex or snap_rwsem in ceph_check_caps (Jeff Layton) [1989999]\n- ceph: eliminate session->s_gen_ttl_lock (Jeff Layton) [1989999]\n- ceph: allow ceph_put_mds_session to take NULL or ERR_PTR (Jeff Layton) [1989999]\n- ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm (Jeff Layton) [1989999]\n- ceph: add some lockdep assertions around snaprealm handling (Jeff Layton) [1989999]\n- ceph: decoding error in ceph_update_snap_realm should return -EIO (Jeff Layton) [1989999]\n- ceph: add IO size metrics support (Jeff Layton) [1989999]\n- ceph: update and rename __update_latency helper to __update_stdev (Jeff Layton) [1989999]\n- ceph: simplify the metrics struct (Jeff Layton) [1989999]\n- libceph: fix doc warnings in cls_lock_client.c (Jeff Layton) [1989999]\n- libceph: remove unnecessary ret variable in ceph_auth_init() (Jeff Layton) [1989999]\n- libceph: kill ceph_none_authorizer::reply_buf (Jeff Layton) [1989999]\n- ceph: make ceph_queue_cap_snap static (Jeff Layton) [1989999]\n- ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty (Jeff Layton) [1989999]\n- libceph: set global_id as soon as we get an auth ticket (Jeff Layton) [1989999]\n- libceph: dont pass result into ac->ops->handle_reply() (Jeff Layton) [1989999]\n- ceph: fix error handling in ceph_atomic_open and ceph_lookup (Jeff Layton) [1989999]\n- ceph: must hold snap_rwsem when filling inode for async create (Jeff Layton) [1989999]\n- libceph: Fix spelling mistakes (Jeff Layton) [1989999]\n- libceph: dont set global_id until we get an auth ticket (Jeff Layton) [1989999]\n- libceph: bump CephXAuthenticate encoding version (Jeff Layton) [1989999]\n- ceph: dont allow access to MDS-private inodes (Jeff Layton) [1989999]\n- ceph: fix up some bare fetches of i_size (Jeff Layton) [1989999]\n- ceph: support getting ceph.dir.rsnaps vxattr (Jeff Layton) [1989999]\n- ceph: drop pinned_page parameter from ceph_get_caps (Jeff Layton) [1989999]\n- ceph: fix inode leak on getattr error in __fh_to_dentry (Jeff Layton) [1989999]\n- ceph: only check pool permissions for regular files (Jeff Layton) [1989999]\n- ceph: send opened files/pinned caps/opened inodes metrics to MDS daemon (Jeff Layton) [1989999]\n- ceph: avoid counting the same request twice or more (Jeff Layton) [1989999]\n- ceph: rename the metric helpers (Jeff Layton) [1989999]\n- ceph: fix kerneldoc copypasta over ceph_start_io_direct (Jeff Layton) [1989999]\n- ceph: dont use d_add in ceph_handle_snapdir (Jeff Layton) [1989999]\n- ceph: dont clobber i_snap_caps on non-I_NEW inode (Jeff Layton) [1989999]\n- ceph: fix fall-through warnings for Clang (Jeff Layton) [1989999]\n- net: ceph: Fix a typo in osdmap.c (Jeff Layton) [1989999]\n- ceph: dont allow type or device number to change on non-I_NEW inodes (Jeff Layton) [1989999]\n- ceph: defer flushing the capsnap if the Fb is used (Jeff Layton) [1989999]\n- ceph: allow queueing cap/snap handling after putting cap references (Jeff Layton) [1989999]\n- ceph: clean up inode work queueing (Jeff Layton) [1989999]\n- ceph: fix flush_snap logic after putting caps (Jeff Layton) [1989999]\n- libceph: fix 'Boolean result is used in bitwise operation' warning (Jeff Layton) [1989999]\n- new helper: inode_wrong_type() (Jeff Layton) [1989999]\n- kabi: Adding symbol single_release (fs/seq_file.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol single_open (fs/seq_file.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol seq_read (fs/seq_file.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol seq_printf (fs/seq_file.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol seq_lseek (fs/seq_file.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol unregister_chrdev_region (fs/char_dev.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol cdev_init (fs/char_dev.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol cdev_del (fs/char_dev.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol cdev_alloc (fs/char_dev.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol cdev_add (fs/char_dev.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol alloc_chrdev_region (fs/char_dev.c) (cestmir Kalina) [1945486]\n- kabi: Adding symbol pcie_capability_read_word (drivers/pci/access.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pcie_capability_read_dword (drivers/pci/access.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pcie_capability_clear_and_set_word (drivers/pci/access.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pci_write_config_dword (drivers/pci/access.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pci_write_config_byte (drivers/pci/access.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pci_set_power_state (drivers/pci/pci.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pci_read_config_dword (drivers/pci/access.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pci_read_config_byte (drivers/pci/access.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pci_irq_vector (drivers/pci/msi.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pci_get_device (drivers/pci/search.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pci_free_irq_vectors (drivers/pci/msi.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol pci_alloc_irq_vectors_affinity (drivers/pci/msi.c) (cestmir Kalina) [1945485]\n- kabi: Adding symbol kexec_crash_loaded (kernel/kexec_core.c) (cestmir Kalina) [1945491]\n[4.18.0-344]\n- perf/x86/intel: Fix PEBS-via-PT reload base value for Extended PEBS (Michael Petlan) [1998051]\n- perf/x86/intel/uncore: Fix Add BW copypasta (Michael Petlan) [1998051]\n- perf/x86/intel/uncore: Add BW counters for GT, IA and IO breakdown (Michael Petlan) [1998051]\n- Revert 'ice: Add initial support framework for LAG' (Michal Schmidt) [1999016]\n- net: re-initialize slow_gro flag at gro_list_prepare time (Paolo Abeni) [2002367]\n- cxgb4: dont touch blocked freelist bitmap after free (Rahul Lakkireddy) [1998148]\n- cxgb4vf: configure ports accessible by the VF (Rahul Lakkireddy) [1961329]\n- scsi: lpfc: Fix memory leaks in error paths while issuing ELS RDF/SCR request (Dick Kennedy) [1976332]\n- scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS handling (Dick Kennedy) [1976332]\n- scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash (Dick Kennedy) [1976332]\n[4.18.0-343]\n- rcu: Avoid unneeded function call in rcu_read_unlock() (Waiman Long) [1997500]\n- mt76: connac: do not schedule mac_work if the device is not running (Inigo Huguet) [1956419 1972045]\n- mt7921e: enable module in config (Inigo Huguet) [1956419 1972045]\n- Revert tools/power/cpupower: Read energy_perf_bias from sysfs (Steve Best) [1999926]\n- libnvdimm/namespace: Differentiate between probe mapping and runtime mapping (Jeff Moyer) [1795719]\n- libnvdimm/pfn_dev: Dont clear device memmap area during generic namespace probe (Jeff Moyer) [1795719]\n- perf/x86/intel/uncore: Clean up error handling path of iio mapping (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Fix for iio mapping on Skylake Server (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Generic support for the MMIO type of uncore blocks (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Generic support for the PCI type of uncore blocks (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Rename uncore_notifier to uncore_pci_sub_notifier (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Generic support for the MSR type of uncore blocks (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Parse uncore discovery tables (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Expose an Uncore unit to IIO PMON mapping (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Wrap the max dies calculation into an accessor (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Expose an Uncore unit to PMON mapping (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Validate MMIO address before accessing (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Record the size of mapped area (Michael Petlan) [1837330]\n- perf/x86/intel/uncore: Fix oops when counting IMC uncore events on some TGL (Michael Petlan) [1837330]\n- crypto: qat - remove unused macro in FW loader (Vladis Dronov) [1920086]\n- crypto: qat - check return code of qat_hal_rd_rel_reg() (Vladis Dronov) [1920086]\n- crypto: qat - report an error if MMP file size is too large (Vladis Dronov) [1920086]\n- crypto: qat - check MMP size before writing to the SRAM (Vladis Dronov) [1920086]\n- crypto: qat - return error when failing to map FW (Vladis Dronov) [1920086]\n- crypto: qat - enable detection of accelerators hang (Vladis Dronov) [1920086]\n- crypto: qat - Fix a double free in adf_create_ring (Vladis Dronov) [1920086]\n- crypto: qat - fix error path in adf_isr_resource_alloc() (Vladis Dronov) [1920086]\n- crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init (Vladis Dronov) [1920086]\n- crypto: qat - dont release uninitialized resources (Vladis Dronov) [1920086]\n- crypto: qat - fix use of 'dma_map_single' (Vladis Dronov) [1920086]\n- crypto: qat - fix unmap invalid dma address (Vladis Dronov) [1920086]\n- crypto: qat - fix spelling mistake: 'messge' -> 'message' (Vladis Dronov) [1920086]\n- crypto: qat - reduce size of mapped region (Vladis Dronov) [1920086]\n- crypto: qat - change format string and cast ring size (Vladis Dronov) [1920086]\n- crypto: qat - fix potential spectre issue (Vladis Dronov) [1920086]\n- crypto: qat - configure arbiter mapping based on engines enabled (Vladis Dronov) [1920086]\n[4.18.0-342]\n- selftest: netfilter: add test case for unreplied tcp connections (Florian Westphal) [1991523]\n- netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (Florian Westphal) [1991523]\n- net/sched: store the last executed chain also for clsact egress (Davide Caratti) [1980537]\n- ice: fix Tx queue iteration for Tx timestamp enablement (Ken Cox) [1999743]\n- perf evsel: Add missing cloning of evsel->use_config_name (Michael Petlan) [1838635]\n- perf Documentation: Document intel-hybrid support (Michael Petlan) [1838635]\n- perf tests: Skip 'perf stat metrics (shadow stat) test' for hybrid (Michael Petlan) [1838635]\n- perf tests: Support 'Convert perf time to TSC' test for hybrid (Michael Petlan) [1838635]\n- perf tests: Support 'Session topology' test for hybrid (Michael Petlan) [1838635]\n- perf tests: Support 'Parse and process metrics' test for hybrid (Michael Petlan) [1838635]\n- perf tests: Support 'Track with sched_switch' test for hybrid (Michael Petlan) [1838635]\n- perf tests: Skip 'Setup struct perf_event_attr' test for hybrid (Michael Petlan) [1838635]\n- perf tests: Add hybrid cases for 'Roundtrip evsel->name' test (Michael Petlan) [1838635]\n- perf tests: Add hybrid cases for 'Parse event definition strings' test (Michael Petlan) [1838635]\n- perf record: Uniquify hybrid event name (Michael Petlan) [1838635]\n- perf stat: Warn group events from different hybrid PMU (Michael Petlan) [1838635]\n- perf stat: Filter out unmatched aggregation for hybrid event (Michael Petlan) [1838635]\n- perf stat: Add default hybrid events (Michael Petlan) [1838635]\n- perf record: Create two hybrid 'cycles' events by default (Michael Petlan) [1838635]\n- perf parse-events: Support event inside hybrid pmu (Michael Petlan) [1838635]\n- perf parse-events: Compare with hybrid pmu name (Michael Petlan) [1838635]\n- perf parse-events: Create two hybrid raw events (Michael Petlan) [1838635]\n- perf parse-events: Create two hybrid cache events (Michael Petlan) [1838635]\n- perf parse-events: Create two hybrid hardware events (Michael Petlan) [1838635]\n- perf stat: Uniquify hybrid event name (Michael Petlan) [1838635]\n- perf pmu: Add hybrid helper functions (Michael Petlan) [1838635]\n- perf pmu: Save detected hybrid pmus to a global pmu list (Michael Petlan) [1838635]\n- perf pmu: Save pmu name (Michael Petlan) [1838635]\n- perf pmu: Simplify arguments of __perf_pmu__new_alias (Michael Petlan) [1838635]\n- perf jevents: Support unit value 'cpu_core' and 'cpu_atom' (Michael Petlan) [1838635]\n- tools headers uapi: Update toolss copy of linux/perf_event.h (Michael Petlan) [1838635]\n[4.18.0-341]\n- mptcp: Only send extra TCP acks in eligible socket states (Paolo Abeni) [1997178]\n- mptcp: fix possible divide by zero (Paolo Abeni) [1997178]\n- mptcp: drop tx skb cache (Paolo Abeni) [1997178]\n- mptcp: fix memory leak on address flush (Paolo Abeni) [1997178]\n- ice: Only lock to update netdev dev_addr (Michal Schmidt) [1995868]\n- ice: restart periodic outputs around time changes (Ken Cox) [1992750]\n- ice: Fix perout start time rounding (Ken Cox) [1992750]\n- net/sched: ets: fix crash when flipping from 'strict' to 'quantum' (Davide Caratti) [1981184]\n- ovl: prevent private clone if bind mount is not allowed (Miklos Szeredi) [1993131] {CVE-2021-3732}\n- gfs2: Dont call dlm after protocol is unmounted (Bob Peterson) [1997193]\n- gfs2: dont stop reads while withdraw in progress (Bob Peterson) [1997193]\n- gfs2: Mark journal inodes as 'dont cache' (Bob Peterson) [1997193]\n- bpf: bpftool: Add -fno-asynchronous-unwind-tables to BPF Clang invocation (Yauheni Kaliuta) [1997124]\n- perf/x86/intel: Apply mid ACK for small core (Michael Petlan) [1838573]\n- perf/x86/intel/lbr: Zero the xstate buffer on allocation (Michael Petlan) [1838573]\n- perf: Fix task context PMU for Hetero (Michael Petlan) [1838573]\n- perf/x86/intel: Fix fixed counter check warning for some Alder Lake (Michael Petlan) [1838573]\n- perf/x86/lbr: Remove cpuc->lbr_xsave allocation from atomic context (Michael Petlan) [1838573]\n- x86/fpu/xstate: Fix an xstate size check warning with architectural LBRs (Michael Petlan) [1838573]\n- perf/x86/rapl: Add support for Intel Alder Lake (Michael Petlan) [1838573]\n- perf/x86/cstate: Add Alder Lake CPU support (Michael Petlan) [1838573]\n- perf/x86/msr: Add Alder Lake CPU support (Michael Petlan) [1838573]\n- perf/x86/intel/uncore: Add Alder Lake support (Michael Petlan) [1838573]\n- perf: Extend PERF_TYPE_HARDWARE and PERF_TYPE_HW_CACHE (Michael Petlan) [1838573]\n- perf/x86/intel: Add Alder Lake Hybrid support (Michael Petlan) [1838573]\n- perf/x86: Support filter_match callback (Michael Petlan) [1838573]\n- perf/x86/intel: Add attr_update for Hybrid PMUs (Michael Petlan) [1838573]\n- perf/x86: Add structures for the attributes of Hybrid PMUs (Michael Petlan) [1838573]\n- perf/x86: Register hybrid PMUs (Michael Petlan) [1838573]\n- perf/x86: Factor out x86_pmu_show_pmu_cap (Michael Petlan) [1838573]\n- perf/x86: Remove temporary pmu assignment in event_init (Michael Petlan) [1838573]\n- perf/x86/intel: Factor out intel_pmu_check_extra_regs (Michael Petlan) [1838573]\n- perf/x86/intel: Factor out intel_pmu_check_event_constraints (Michael Petlan) [1838573]\n- perf/x86/intel: Factor out intel_pmu_check_num_counters (Michael Petlan) [1838573]\n- perf/x86: Hybrid PMU support for extra_regs (Michael Petlan) [1838573]\n- perf/x86: Hybrid PMU support for event constraints (Michael Petlan) [1838573]\n- perf/x86: Hybrid PMU support for hardware cache event (Michael Petlan) [1838573]\n- perf/x86: Hybrid PMU support for unconstrained (Michael Petlan) [1838573]\n- perf/x86: Hybrid PMU support for counters (Michael Petlan) [1838573]\n- perf/x86: Hybrid PMU support for intel_ctrl (Michael Petlan) [1838573]\n- perf/x86/intel: Hybrid PMU support for perf capabilities (Michael Petlan) [1838573]\n- perf/x86: Track pmu in per-CPU cpu_hw_events (Michael Petlan) [1838573]\n- perf/x86/intel/lbr: Support XSAVES for arch LBR read (Michael Petlan) [1838573]\n- perf/x86/intel/lbr: Support XSAVES/XRSTORS for LBR context switch (Michael Petlan) [1838573]\n- x86/fpu/xstate: Add helpers for LBR dynamic supervisor feature (Michael Petlan) [1838573]\n- x86/fpu/xstate: Support dynamic supervisor feature for LBR (Michael Petlan) [1838573]\n- x86/fpu: Use proper mask to replace full instruction mask (Michael Petlan) [1838573]\n- x86/cpu: Add helper function to get the type of the current hybrid CPU (Michael Petlan) [1838573]\n- x86/cpufeatures: Enumerate Intel Hybrid Technology feature bit (Michael Petlan) [1838573]\n- HID: make arrays usage and value to be the same (Benjamin Tissoires) [1974942]\n- ACPI: PM: s2idle: Invert Microsoft UUID entry and exit (David Arcari) [1960440]\n- platform/x86: amd-pmc: Fix undefined reference to __udivdi3 (David Arcari) [1960440]\n- platform/x86: amd-pmc: Fix missing unlock on error in amd_pmc_send_cmd() (David Arcari) [1960440]\n- platform/x86: amd-pmc: Use return code on suspend (David Arcari) [1960440]\n- platform/x86: amd-pmc: Add new acpi id for future PMC controllers (David Arcari) [1960440]\n- platform/x86: amd-pmc: Add support for ACPI ID AMDI0006 (David Arcari) [1960440]\n- platform/x86: amd-pmc: Add support for logging s0ix counters (David Arcari) [1960440]\n- platform/x86: amd-pmc: Add support for logging SMU metrics (David Arcari) [1960440]\n- platform/x86: amd-pmc: call dump registers only once (David Arcari) [1960440]\n- platform/x86: amd-pmc: Fix SMU firmware reporting mechanism (David Arcari) [1960440]\n- platform/x86: amd-pmc: Fix command completion code (David Arcari) [1960440]\n- usb: pci-quirks: disable D3cold on xhci suspend for s2idle on AMD Renoir (David Arcari) [1960440]\n- ACPI: PM: Only mark EC GPE for wakeup on Intel systems (David Arcari) [1960440]\n- ACPI: PM: Adjust behavior for field problems on AMD systems (David Arcari) [1960440]\n- ACPI: PM: s2idle: Add support for new Microsoft UUID (David Arcari) [1960440]\n- ACPI: PM: s2idle: Add support for multiple func mask (David Arcari) [1960440]\n- ACPI: PM: s2idle: Refactor common code (David Arcari) [1960440]\n- ACPI: PM: s2idle: Use correct revision id (David Arcari) [1960440]\n- ACPI: PM: s2idle: Add missing LPS0 functions for AMD (David Arcari) [1960440]\n- lockd: Fix invalid lockowner cast after vfs_test_lock (Benjamin Coddington) [1986138]\n[4.18.0-340]\n- blk-mq: fix is_flush_rq (Ming Lei) [1992700]\n- blk-mq: fix kernel panic during iterating over flush request (Ming Lei) [1992700]\n[4.18.0-339]\n- smb2: fix use-after-free in smb2_ioctl_query_info() (Ronnie Sahlberg) [1952781]\n- dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() (Mike Snitzer) [1996854]\n- md/raid10: Remove rcu_dereference when it doesnt need rcu lock to protect (Nigel Croxon) [1978115]\n- scsi: csiostor: Mark known unused variable as __always_unused (Raju Rangoju) [1961333]\n- scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() (Raju Rangoju) [1961333]\n- scsi: csiostor: Remove set but not used variable 'rln' (Raju Rangoju) [1961333]\n- scsi: csiostor: Return value not required for csio_dfs_destroy (Raju Rangoju) [1961333]\n- scsi: csiostor: Fix NULL check before debugfs_remove_recursive (Raju Rangoju) [1961333]\n- scsi: csiostor: Dont enable IRQs too early (Raju Rangoju) [1961333]\n- scsi: csiostor: Fix spelling typos (Raju Rangoju) [1961333]\n- scsi: csiostor: Prefer pcie_capability_read_word() (Raju Rangoju) [1961333]\n- scsi: target: cxgbit: Unmap DMA buffer before calling target_execute_cmd() (Raju Rangoju) [1961394]\n- net: Use skb_frag_off accessors (Raju Rangoju) [1961394]\n- net: Use skb accessors in network drivers (Raju Rangoju) [1961394]\n- cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds (Raju Rangoju) [1961394]\n- scsi: libcxgbi: Fix a use after free in cxgbi_conn_xmit_pdu() (Raju Rangoju) [1961394]\n- scsi: libcxgbi: Use kvzalloc instead of opencoded kzalloc/vzalloc (Raju Rangoju) [1961394]\n- scsi: libcxgbi: Remove unnecessary NULL checks for 'tdata' pointer (Raju Rangoju) [1961394]\n- scsi: cxgb4i: Remove an unnecessary NULL check for 'cconn' pointer (Raju Rangoju) [1961394]\n- scsi: cxgb4i: Clean up a debug printk (Raju Rangoju) [1961394]\n- scsi: cxgb4i: Fix dereference of pointer tdata before it is null checked (Raju Rangoju) [1961394]\n- scsi: libcxgbi: fix NULL pointer dereference in cxgbi_device_destroy() (Raju Rangoju) [1961394]\n- scsi: libcxgbi: remove unused function to stop warning (Raju Rangoju) [1961394]\n- scsi: libcxgbi: add a check for NULL pointer in cxgbi_check_route() (Raju Rangoju) [1961394]\n- net/chelsio: Delete drive and module versions (Raju Rangoju) [1961394]\n- chelsio: Replace zero-length array with flexible-array member (Raju Rangoju) [1961394]\n- [netdrv] treewide: prefix header search paths with / (Raju Rangoju) [1961394]\n- libcxgb: fix incorrect ppmax calculation (Raju Rangoju) [1961394]\n- scsi: cxgb4i: Fix TLS dependency (Raju Rangoju) [1961394]\n- [target] treewide: Use fallthrough pseudo-keyword (Raju Rangoju) [1961394]\n- scsi: cxgb4i: Add support for iSCSI segmentation offload (Raju Rangoju) [1961394]\n- [target] treewide: Use sizeof_field() macro (Raju Rangoju) [1961394]\n- [target] treewide: replace '---help---' in Kconfig files with 'help' (Raju Rangoju) [1961394]\n- scsi: cxgb4i: Remove superfluous null check (Raju Rangoju) [1961394]\n[4.18.0-338]\n- KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653) (Jon Maloy) [1985413] {CVE-2021-3653}\n- KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656) (Jon Maloy) [1985430] {CVE-2021-3656}\n- drm/i915/rkl: Remove require_force_probe protection (Lyude Paul) [1985159]\n- drm/i915/display: support ddr5 mem types (Lyude Paul) [1992233]\n- drm/i915/adl_s: Update ddi buf translation tables (Lyude Paul) [1992233]\n- drm/i915/adl_s: Wa_14011765242 is also needed on A1 display stepping (Lyude Paul) [1992233]\n- drm/i915/adl_s: Extend Wa_1406941453 (Lyude Paul) [1992233]\n- drm/i915: Implement Wa_1508744258 (Lyude Paul) [1992233]\n- drm/i915/adl_s: Fix dma_mask_size to 39 bit (Lyude Paul) [1992233]\n- drm/i915: Add the missing adls vswing tables (Lyude Paul) [1992233]\n- drm/i915: Add Wa_14011060649 (Lyude Paul) [1992233]\n- drm/i915/adl_s: Add Interrupt Support (Lyude Paul) [1992233]\n- drm/amdgpu: add another Renoir DID (Lyude Paul) [1980900]\n[4.18.0-337]\n- net/mlx5: Fix flow table chaining (Amir Tzin) [1987139]\n- openvswitch: fix sparse warning incorrect type (Mark Gray) [1992773]\n- openvswitch: fix alignment issues (Mark Gray) [1992773]\n- openvswitch: update kdoc OVS_DP_ATTR_PER_CPU_PIDS (Mark Gray) [1992773]\n- openvswitch: Introduce per-cpu upcall dispatch (Mark Gray) [1992773]\n- KVM: X86: Expose bus lock debug exception to guest (Paul Lai) [1842322]\n- KVM: X86: Add support for the emulation of DR6_BUS_LOCK bit (Paul Lai) [1842322]\n- scsi: libfc: Fix array index out of bound exception (Chris Leech) [1972643]\n- scsi: libfc: FDMI enhancements (Chris Leech) [1972643]\n- scsi: libfc: Add FDMI-2 attributes (Chris Leech) [1972643]\n- scsi: qedf: Add vendor identifier attribute (Chris Leech) [1972643]\n- scsi: libfc: Initialisation of RHBA and RPA attributes (Chris Leech) [1972643]\n- scsi: libfc: Correct the condition check and invalid argument passed (Chris Leech) [1972643]\n- scsi: libfc: Work around -Warray-bounds warning (Chris Leech) [1972643]\n- scsi: fc: FDMI enhancement (Chris Leech) [1972643]\n- scsi: libfc: Move scsi/fc_encode.h to libfc (Chris Leech) [1972643]\n- scsi: fc: Correct RHBA attributes length (Chris Leech) [1972643]\n- block: return ELEVATOR_DISCARD_MERGE if possible (Ming Lei) [1991976]\n- x86/fpu: Prevent state corruption in __fpu__restore_sig() (Terry Bowman) [1970086]\n- x86/fpu: Invalidate FPU state after a failed XRSTOR from a user buffer (Terry Bowman) [1970086]\n- x86/pkru: Write hardware init value to PKRU when xstate is init (Terry Bowman) [1970086]\n- x86/process: Check PF_KTHREAD and not current->mm for kernel threads (Terry Bowman) [1970086]\n- x86/fpu: Add address range checks to copy_user_to_xstate() (Terry Bowman) [1970086]\n- selftests/x86: Test signal frame XSTATE header corruption handling (Terry Bowman) [1970086]\n- Bump DRM backport version to 5.12.14 (Lyude Paul) [1944405]\n- drm/i915: Use the correct max source link rate for MST (Lyude Paul) [1944405 1966599]\n- drm/dp_mst: Use Extended Base Receiver Capability DPCD space (Lyude Paul) [1944405 1966599]\n- drm/i915/display: Defeature PSR2 for RKL and ADL-S (Lyude Paul) [1944405]\n- drm/i915/adl_s: ADL-S platform Update PCI ids for Mobile BGA (Lyude Paul) [1944405]\n- drm/amdgpu: wait for moving fence after pinning (Lyude Paul) [1944405]\n- drm/radeon: wait for moving fence after pinning (Lyude Paul) [1944405]\n- drm/nouveau: wait for moving fence after pinning v2 (Lyude Paul) [1944405]\n- radeon: use memcpy_to/fromio for UVD fw upload (Lyude Paul) [1944405]\n- drm/amd/amdgpu:save psp ring wptr to avoid attack (Lyude Paul) [1944405]\n- drm/amd/display: Fix potential memory leak in DMUB hw_init (Lyude Paul) [1944405]\n- drm/amdgpu: refine amdgpu_fru_get_product_info (Lyude Paul) [1944405]\n- drm/amd/display: Allow bandwidth validation for 0 streams. (Lyude Paul) [1944405]\n- drm: Lock pointer access in drm_master_release() (Lyude Paul) [1944405]\n- drm: Fix use-after-free read in drm_getunique() (Lyude Paul) [1944405]\n- drm/amdgpu: make sure we unpin the UVD BO (Lyude Paul) [1944405]\n- drm/amdgpu: Dont query CE and UE errors (Lyude Paul) [1944405]\n- drm/amdgpu/jpeg3: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]\n- drm/amdgpu/jpeg2.5: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]\n- drm/amdgpu/vcn3: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]\n- amdgpu: fix GEM obj leak in amdgpu_display_user_framebuffer_create (Lyude Paul) [1944405]\n- drm/i915/selftests: Fix return value check in live_breadcrumbs_smoketest() (Lyude Paul) [1944405]\n- drm/amdgpu: stop touching sched.ready in the backend (Lyude Paul) [1944405]\n- drm/amd/amdgpu: fix a potential deadlock in gpu reset (Lyude Paul) [1944405]\n- drm/amdgpu: Fix a use-after-free (Lyude Paul) [1944405]\n- drm/amd/amdgpu: fix refcount leak (Lyude Paul) [1944405]\n- drm/amd/display: Disconnect non-DP with no EDID (Lyude Paul) [1944405]\n- drm/amdgpu/jpeg2.0: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]\n- drm/amdgpu/vcn2.5: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]\n- drm/amdgpu/vcn2.0: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]\n- drm/amdkfd: correct sienna_cichlid SDMA RLC register offset error (Lyude Paul) [1944405]\n- drm/amdgpu/vcn1: add cancel_delayed_work_sync before power gate (Lyude Paul) [1944405]\n- drm/amd/pm: correct MGpuFanBoost setting (Lyude Paul) [1944405]\n- drm/i915: Reenable LTTPR non-transparent LT mode for DPCD_REV<1.4 (Lyude Paul) [1944405]\n- drm/i915/gt: Disable HiZ Raw Stall Optimization on broken gen7 (Lyude Paul) [1944405]\n- dma-buf: fix unintended pin/unpin warnings (Lyude Paul) [1944405]\n- drm/amdgpu: update sdma golden setting for Navi12 (Lyude Paul) [1944405]\n- drm/amdgpu: update gc golden setting for Navi12 (Lyude Paul) [1944405]\n- drm/amdgpu: disable 3DCGCG on picasso/raven1 to avoid compute hang (Lyude Paul) [1944405]\n- drm/amdgpu: Fix GPU TLB update error when PAGE_SIZE > AMDGPU_PAGE_SIZE (Lyude Paul) [1944405]\n- drm/radeon: use the dummy page for GART if needed (Lyude Paul) [1944405]\n- drm/amd/display: Use the correct max downscaling value for DCN3.x family (Lyude Paul) [1944405]\n- drm/i915/gem: Pin the L-shape quirked object as unshrinkable (Lyude Paul) [1944405]\n- drm/ttm: Do not add non-system domain BO into swap list (Lyude Paul) [1944405]\n- drm/amd/display: Fix two cursor duplication when using overlay (Lyude Paul) [1944405]\n- amdgpu/pm: Prevent force of DCEFCLK on NAVI10 and SIENNA_CICHLID (Lyude Paul) [1944405]\n- drm/i915/display: fix compiler warning about array overrun (Lyude Paul) [1944405]\n- drm/i915: Fix crash in auto_retire (Lyude Paul) [1944405]\n- drm/i915/overlay: Fix active retire callback alignment (Lyude Paul) [1944405]\n- drm/i915: Read C0DRB3/C1DRB3 as 16 bits again (Lyude Paul) [1944405]\n- drm/i915/gt: Fix a double free in gen8_preallocate_top_level_pdp (Lyude Paul) [1944405]\n- drm/i915/dp: Use slow and wide link training for everything (Lyude Paul) [1944405]\n- drm/i915: Avoid div-by-zero on gen2 (Lyude Paul) [1944405]\n- drm/amd/display: Initialize attribute for hdcp_srm sysfs file (Lyude Paul) [1944405]\n- drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected (Lyude Paul) [1944405]\n- drm/radeon: Avoid power table parsing memory leaks (Lyude Paul) [1944405]\n- drm/radeon: Fix off-by-one power_state index heap overwrite (Lyude Paul) [1944405]\n- drm/amdgpu: Add mem sync flag for IB allocated by SA (Lyude Paul) [1944405]\n- drm/amd/display: add handling for hdcp2 rx id list validation (Lyude Paul) [1944405]\n- drm/amd/display: fixed divide by zero kernel crash during dsc enablement (Lyude Paul) [1944405]\n- drm/amd/display: Force vsync flip when reconfiguring MPCC (Lyude Paul) [1944405]\n- arm64: enable tlbi range instructions (Jeremy Linton) [1861872]\n- arm64: tlb: Use the TLBI RANGE feature in arm64 (Jeremy Linton) [1861872]\n- arm64: tlb: Detect the ARMv8.4 TLBI RANGE feature (Jeremy Linton) [1861872]\n- arm64/cpufeature: Add remaining feature bits in ID_AA64ISAR0 register (Jeremy Linton) [1861872]\n- arm64: tlbflush: Ensure start/end of address range are aligned to stride (Jeremy Linton) [1861872]\n- arm64: Detect the ARMv8.4 TTL feature (Jeremy Linton) [1861872]\n- arm64: tlbi: Set MAX_TLBI_OPS to PTRS_PER_PTE (Jeremy Linton) [1861872]\n[4.18.0-336]\n- bpf: Fix integer overflow involving bucket_size (Jiri Olsa) [1992588]\n- bpf: Fix leakage due to insufficient speculative store bypass mitigation (Jiri Olsa) [1992588]\n- bpf: Introduce BPF nospec instruction for mitigating Spectre v4 (Jiri Olsa) [1992588]\n- bpf: Fix OOB read when printing XDP link fdinfo (Jiri Olsa) [1992588]\n- bpf, test: fix NULL pointer dereference on invalid expected_attach_type (Jiri Olsa) [1992588]\n- bpf: Fix tail_call_reachable rejection for interpreter when jit failed (Jiri Olsa) [1992588]\n- bpf: Track subprog poke descriptors correctly and fix use-after-free (Jiri Olsa) [1992588]\n- bpf: Fix null ptr deref with mixed tail calls and subprogs (Jiri Olsa) [1992588]\n- bpf: Fix leakage under speculation on mispredicted branches (Jiri Olsa) [1992588]\n- bpf: Set mac_len in bpf_skb_change_head (Jiri Olsa) [1992588]\n- bpf: Prevent writable memory-mapping of read-only ringbuf pages (Jiri Olsa) [1992588]\n- bpf: Fix alu32 const subreg bound tracking on bitwise operations (Jiri Olsa) [1992588]\n- xsk: Fix broken Tx ring validation (Jiri Olsa) [1992588]\n- xsk: Fix for xp_aligned_validate_desc() when len == chunk_size (Jiri Olsa) [1992588]\n- bpf: link: Refuse non-O_RDWR flags in BPF_OBJ_GET (Jiri Olsa) [1992588]\n- bpf: Refcount task stack in bpf_get_task_stack (Jiri Olsa) [1992588]\n- bpf: Use NOP_ATOMIC5 instead of emit_nops(&prog, 5) for BPF_TRAMP_F_CALL_ORIG (Jiri Olsa) [1992588]\n- selftest/bpf: Add a test to check trampoline freeing logic. (Jiri Olsa) [1992588]\n- bpf: Fix fexit trampoline. (Jiri Olsa) [1992588]\n- ftrace: Fix modify_ftrace_direct. (Jiri Olsa) [1992588]\n- ftrace: Add a helper function to modify_ftrace_direct() to allow arch optimization (Jiri Olsa) [1992588]\n- ftrace: Add helper find_direct_entry() to consolidate code (Jiri Olsa) [1992588]\n- bpf: Fix truncation handling for mod32 dst reg wrt zero (Jiri Olsa) [1992588]\n- bpf: Fix an unitialized value in bpf_iter (Jiri Olsa) [1992588]\n- bpf_lru_list: Read double-checked variable once without lock (Jiri Olsa) [1992588]\n- mt76: validate rx A-MSDU subframes (Inigo Huguet) [1991459] {CVE-2020-24588 CVE-2020-26144}\n- ath11k: Drop multicast fragments (Inigo Huguet) [1991459] {CVE-2020-26145}\n- ath11k: Clear the fragment cache during key install (Inigo Huguet) [1991459] {CVE-2020-24587}\n- ath10k: Validate first subframe of A-MSDU before processing the list (Inigo Huguet) [1991459] {CVE-2020-24588 CVE-2020-26144}\n- ath10k: Fix TKIP Michael MIC verification for PCIe (Inigo Huguet) [1991459] {CVE-2020-26141}\n- ath10k: drop MPDU which has discard flag set by firmware for SDIO (Inigo Huguet) [1991459] {CVE-2020-24588}\n- ath10k: drop fragments with multicast DA for SDIO (Inigo Huguet) [1991459] {CVE-2020-26145}\n- ath10k: drop fragments with multicast DA for PCIe (Inigo Huguet) [1991459] {CVE-2020-26145}\n- ath10k: add CCMP PN replay protection for fragmented frames for PCIe (Inigo Huguet) [1991459]\n- mac80211: extend protection against mixed key and fragment cache attacks (Inigo Huguet) [1991459] {CVE-2020-24586 CVE-2020-24587}\n- mac80211: do not accept/forward invalid EAPOL frames (Inigo Huguet) [1991459] {CVE-2020-26139}\n- mac80211: prevent attacks on TKIP/WEP as well (Inigo Huguet) [1991459] {CVE-2020-26141}\n- mac80211: check defrag PN against current frame (Inigo Huguet) [1991459]\n- mac80211: add fragment cache to sta_info (Inigo Huguet) [1991459] {CVE-2020-24586 CVE-2020-24587}\n- mac80211: drop A-MSDUs on old ciphers (Inigo Huguet) [1991459] {CVE-2020-24588}\n- cfg80211: mitigate A-MSDU aggregation attacks (Inigo Huguet) [1991459] {CVE-2020-24588 CVE-2020-26144}\n- mac80211: properly handle A-MSDUs that start with an RFC 1042 header (Inigo Huguet) [1991459]\n- mac80211: prevent mixed key and fragment cache attacks (Inigo Huguet) [1991459] {CVE-2020-24586 CVE-2020-24587}\n- mac80211: assure all fragments are encrypted (Inigo Huguet) [1991459] {CVE-2020-26147}\n- tipc: call tipc_wait_for_connect only when dlen is not 0 (Xin Long) [1989361]\n- mptcp: remove tech preview warning (Florian Westphal) [1985120]\n- tcp: consistently disable header prediction for mptcp (Florian Westphal) [1985120]\n- selftests: mptcp: fix case multiple subflows limited by server (Florian Westphal) [1985120]\n- selftests: mptcp: turn rp_filter off on each NIC (Florian Westphal) [1985120]\n- selftests: mptcp: display proper reason to abort tests (Florian Westphal) [1985120]\n- mptcp: properly account bulk freed memory (Florian Westphal) [1985120]\n- mptcp: fix 'masking a bool' warning (Florian Westphal) [1985120]\n- mptcp: refine mptcp_cleanup_rbuf (Florian Westphal) [1985120]\n- mptcp: use fast lock for subflows when possible (Florian Westphal) [1985120]\n- mptcp: avoid processing packet if a subflow reset (Florian Westphal) [1985120]\n- mptcp: add sk parameter for mptcp_get_options (Florian Westphal) [1985120]\n- mptcp: fix syncookie process if mptcp can not_accept new subflow (Florian Westphal) [1985120]\n- mptcp: fix warning in __skb_flow_dissect() when do syn cookie for subflow join (Florian Westphal) [1985120]\n- mptcp: avoid race on msk state changes (Florian Westphal) [1985120]\n- mptcp: fix 32 bit DSN expansion (Florian Westphal) [1985120]\n- mptcp: fix bad handling of 32 bit ack wrap-around (Florian Westphal) [1985120]\n- tcp: parse mptcp options contained in reset packets (Florian Westphal) [1985120]\n- ionic: count csum_none when offload enabled (Jonathan Toppins) [1991646]\n- ionic: fix up dim accounting for tx and rx (Jonathan Toppins) [1991646]\n- ionic: remove intr coalesce update from napi (Jonathan Toppins) [1991646]\n- ionic: catch no ptp support earlier (Jonathan Toppins) [1991646]\n- ionic: make all rx_mode work threadsafe (Jonathan Toppins) [1991646]\n- dmaengine: idxd: Fix missing error code in idxd_cdev_open() (Jerry Snitselaar) [1990637]\n- dmaengine: idxd: add missing dsa driver unregister (Jerry Snitselaar) [1990637]\n- dmaengine: idxd: add engine 'struct device' missing bus type assignment (Jerry Snitselaar) [1990637]\n- dmaengine: idxd: remove MSIX masking for interrupt handlers (Jerry Snitselaar) [1990637]\n- dmaengine: idxd: Use cpu_feature_enabled() (Jerry Snitselaar) [1990637]\n- dmaengine: idxd: enable SVA feature for IOMMU (Jerry Snitselaar) [1990637]\n- dmagenine: idxd: Dont add portal offset in idxd_submit_desc (Jerry Snitselaar) [1990637]\n- ethtool: strset: fix message length calculation (Balazs Nemeth) [1989003]\n- net: add strict checks in netdev_name_node_alt_destroy() (Andrea Claudi) [1859038]\n- net: rtnetlink: fix bugs in rtnl_alt_ifname() (Andrea Claudi) [1859038]\n- net: rtnetlink: add linkprop commands to add and delete alternative ifnames (Andrea Claudi) [1859038]\n- net: check all name nodes in __dev_alloc_name (Andrea Claudi) [1859038]\n- net: fix a leak in register_netdevice() (Andrea Claudi) [1859038]\n- tun: fix memory leak in error path (Andrea Claudi) [1859038]\n- net: propagate errors correctly in register_netdevice() (Andrea Claudi) [1859038]\n- net: introduce name_node struct to be used in hashlist (Andrea Claudi) [1859038]\n- net: procfs: use index hashlist instead of name hashlist (Andrea Claudi) [1859038]\n- configs: Enable CONFIG_CHELSIO_INLINE_CRYPTO (Raju Rangoju) [1961368]\n- cxgb4/ch_ktls: Clear resources when pf4 device is removed (Raju Rangoju) [1961374]\n- ch_ktls: Remove redundant variable result (Raju Rangoju) [1961374]\n- ch_ktls: do not send snd_una update to TCB in middle (Raju Rangoju) [1961374]\n- ch_ktls: tcb close causes tls connection failure (Raju Rangoju) [1961374]\n- ch_ktls: fix device connection close (Raju Rangoju) [1961374]\n- ch_ktls: Fix kernel panic (Raju Rangoju) [1961374]\n- ch_ktls: fix enum-conversion warning (Raju Rangoju) [1961374]\n- net: ethernet: chelsio: inline_crypto: Mundane typos fixed throughout the file chcr_ktls.c (Raju Rangoju) [1961374]\n- ch_ipsec: Remove initialization of rxq related data (Raju Rangoju) [1961388]\n- ch_ktls: fix build warning for ipv4-only config (Raju Rangoju) [1961374]\n- ch_ktls: lock is not freed (Raju Rangoju) [1961374]\n- ch_ktls: stop the txq if reaches threshold (Raju Rangoju) [1961374]\n- ch_ktls: tcb update fails sometimes (Raju Rangoju) [1961374]\n- ch_ktls/cxgb4: handle partial tag alone SKBs (Raju Rangoju) [1961374]\n- ch_ktls: dont free skb before sending FIN (Raju Rangoju) [1961374]\n- ch_ktls: packet handling prior to start marker (Raju Rangoju) [1961374]\n- ch_ktls: Correction in middle record handling (Raju Rangoju) [1961374]\n- ch_ktls: missing handling of header alone (Raju Rangoju) [1961374]\n- ch_ktls: Correction in trimmed_len calculation (Raju Rangoju) [1961374]\n- cxgb4/ch_ktls: creating skbs causes panic (Raju Rangoju) [1961374]\n- ch_ktls: Update cheksum information (Raju Rangoju) [1961374]\n- ch_ktls: Correction in finding correct length (Raju Rangoju) [1961374]\n- cxgb4/ch_ktls: decrypted bit is not enough (Raju Rangoju) [1961374]\n- cxgb4/ch_ipsec: Replace the module name to ch_ipsec from chcr (Raju Rangoju) [1961388]\n- cxgb4/ch_ktls: ktls stats are added at port level (Raju Rangoju) [1961374]\n- ch_ktls: Issue if connection offload fails (Raju Rangoju) [1961374]\n- chelsio/chtls: Re-add dependencies on CHELSIO_T4 to fix modular CHELSIO_T4 (Raju Rangoju) [1961388]\n- chelsio/chtls: CHELSIO_INLINE_CRYPTO should depend on CHELSIO_T4 (Raju Rangoju) [1961388]\n- crypto: chelsio - fix minor indentation issue (Raju Rangoju) [1961368]\n- crypto/chcr: move nic TLS functionality to drivers/net (Raju Rangoju) [1961368]\n- cxgb4/ch_ipsec: Registering xfrmdev_ops with cxgb4 (Raju Rangoju) [1961388]\n- crypto/chcr: Moving chelsios inline ipsec functionality to /drivers/net (Raju Rangoju) [1961368]\n- chelsio/chtls: separate chelsio tls driver from crypto driver (Raju Rangoju) [1961368]\n- crypto: chelsio - Fix some pr_xxx messages (Raju Rangoju) [1961368]\n- crypto: chelsio - Avoid some code duplication (Raju Rangoju) [1961368]\n- crypto: drivers - set the flag CRYPTO_ALG_ALLOCATES_MEMORY (Raju Rangoju) [1961368]\n- crypto: aead - remove useless setting of type flags (Raju Rangoju) [1961368]\n- crypto: Replace zero-length array with flexible-array (Raju Rangoju) [1961368]\n- [Crypto] treewide: replace '---help---' in Kconfig files with 'help' (Raju Rangoju) [1961368]\n- Crypto/chcr: Checking cra_refcnt before unregistering the algorithms (Raju Rangoju) [1961368]\n- Crypto/chcr: Calculate src and dst sg lengths separately for dma map (Raju Rangoju) [1961368]\n- Crypto/chcr: Fixes a coccinile check error (Raju Rangoju) [1961368]\n- Crypto/chcr: Fixes compilations warnings (Raju Rangoju) [1961368]\n- crypto/chcr: IPV6 code needs to be in CONFIG_IPV6 (Raju Rangoju) [1961368]\n- crypto: lib/sha1 - remove unnecessary includes of linux/cryptohash.h (Raju Rangoju) [1961368]\n- Crypto/chcr: fix for hmac(sha) test fails (Raju Rangoju) [1961368]\n- Crypto/chcr: fix for ccm(aes) failed test (Raju Rangoju) [1961368]\n- Crypto/chcr: fix ctr, cbc, xts and rfc3686-ctr failed tests (Raju Rangoju) [1961368]\n- crypto: chelsio - remove redundant assignment to variable error (Raju Rangoju) [1961368]\n- chcr: Fix CPU hard lockup (Raju Rangoju) [1961368]\n- crypto: remove CRYPTO_TFM_RES_BAD_KEY_LEN (Raju Rangoju) [1961368]\n- crypto: chelsio - switch to skcipher API (Raju Rangoju) [1961368]\n- crypto: chelsio - Remove VLA usage of skcipher (Raju Rangoju) [1961368]", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-11-16T00:00:00", "type": "oraclelinux", "title": "kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0427", "CVE-2020-24502", "CVE-2020-24503", "CVE-2020-24504", "CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26139", "CVE-2020-26140", "CVE-2020-26141", "CVE-2020-26143", "CVE-2020-26144", "CVE-2020-26145", "CVE-2020-26146", "CVE-2020-26147", "CVE-2020-27777", "CVE-2020-29368", "CVE-2020-29660", "CVE-2020-36158", "CVE-2020-36386", "CVE-2021-0129", "CVE-2021-20194", "CVE-2021-20239", "CVE-2021-23133", "CVE-2021-28950", "CVE-2021-28971", "CVE-2021-29155", "CVE-2021-29646", "CVE-2021-29650", "CVE-2021-31440", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-33200", "CVE-2021-3348", "CVE-2021-3489", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3600", "CVE-2021-3635", "CVE-2021-3653", "CVE-2021-3656", "CVE-2021-3659", "CVE-2021-3679", "CVE-2021-3732"], "modified": "2021-11-16T00:00:00", "id": "ELSA-2021-4356", "href": "http://linux.oracle.com/errata/ELSA-2021-4356.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2022-06-16T14:54:07", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-9040 advisory.\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.7, "vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-02-09T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9040)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-36158"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.54.1.el6uek", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.54.1.el7uek", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2021-9040.NASL", "href": "https://www.tenable.com/plugins/nessus/146304", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9040.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146304);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2020-36158\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9040)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2021-9040 advisory.\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9040.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.54.1.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.54.1.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.8.13-118.54.1.el6uek', '3.8.13-118.54.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-9040');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.8';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'dtrace-modules-3.8.13-118.54.1.el6uek-0.4.5-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.54.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.54.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.54.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.54.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.54.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.54.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'},\n {'reference':'dtrace-modules-3.8.13-118.54.1.el7uek-0.4.5-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.54.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.54.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.54.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.54.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.54.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.54.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dtrace-modules-3.8.13-118.54.1.el6uek / dtrace-modules-3.8.13-118.54.1.el7uek / kernel-uek / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:54:09", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-9041 advisory.\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.\n\nThis advisory was deprecated by OracleLinux. See related links.", "cvss3": {"score": 6.7, "vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-02-09T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9041) (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-36158"], "modified": "2021-02-11T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.54.1.el6uek", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.54.1.el7uek", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2021-9041.NASL", "href": "https://www.tenable.com/plugins/nessus/146305", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2021/02/11. Retracted by vendor. \n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146305);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/11\");\n\n script_cve_id(\"CVE-2020-36158\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9041) (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2021-9041 advisory.\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\n\nThis advisory was deprecated by OracleLinux. See related links.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9041.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2021-February/010841.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"n/a\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.54.1.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.54.1.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated. The advisory was retracted by the vendor.\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:52:41", "description": "The remote Fedora 33 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2021-3465ada1ca advisory.\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.7, "vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-01-14T00:00:00", "type": "nessus", "title": "Fedora 33 : kernel / kernel-headers (2021-3465ada1ca)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-36158"], "modified": "2021-04-12T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "p-cpe:/a:fedoraproject:fedora:kernel", "p-cpe:/a:fedoraproject:fedora:kernel-headers"], "id": "FEDORA_2021-3465ADA1CA.NASL", "href": "https://www.tenable.com/plugins/nessus/144966", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2021-3465ada1ca\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144966);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/12\");\n\n script_cve_id(\"CVE-2020-36158\");\n script_xref(name:\"FEDORA\", value:\"2021-3465ada1ca\");\n\n script_name(english:\"Fedora 33 : kernel / kernel-headers (2021-3465ada1ca)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 33 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nFEDORA-2021-3465ada1ca advisory.\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2021-3465ada1ca\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel and / or kernel-headers packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:33\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-headers\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Fedora' >!< release) audit(AUDIT_OS_NOT, 'Fedora');\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^33([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 33', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-36158');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for FEDORA-2021-3465ada1ca');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'reference':'kernel-5.10.6-200.fc33', 'release':'FC33', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-5.10.6-200.fc33', 'release':'FC33', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-headers');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:51:06", "description": "An update of the linux package has been released.", "cvss3": {"score": 6.7, "vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-01-20T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Linux PHSA-2021-1.0-0354", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-36158"], "modified": "2021-01-22T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2021-1_0-0354_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/145231", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-1.0-0354. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145231);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/22\");\n\n script_cve_id(\"CVE-2020-36158\");\n\n script_name(english:\"Photon OS 1.0: Linux PHSA-2021-1.0-0354\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-354.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 1.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-4.4.250-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', reference:'linux-api-headers-4.4.250-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-dev-4.4.250-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-docs-4.4.250-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-drivers-gpu-4.4.250-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-esx-4.4.250-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-esx-devel-4.4.250-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-esx-docs-4.4.250-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-oprofile-4.4.250-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-sound-4.4.250-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-tools-4.4.250-1.ph1')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:55:46", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4877-1 advisory.\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - ** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior. (CVE-2021-3178)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.7, "vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-23T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4877-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-36158", "CVE-2021-3178"], "modified": "2021-03-23T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1013-dell300x", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1066-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1080-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1086-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1094-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1095-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1097-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1109-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-137-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-137-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-137-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-dell300x", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04-edge"], "id": "UBUNTU_USN-4877-1.NASL", "href": "https://www.tenable.com/plugins/nessus/147992", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4877-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147992);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/23\");\n\n script_cve_id(\"CVE-2020-36158\", \"CVE-2021-3178\");\n script_xref(name:\"USN\", value:\"4877-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4877-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-4877-1 advisory.\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - ** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a\n subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via\n READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this\n attack; see also the exports(5) no_subtree_check default behavior. (CVE-2021-3178)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4877-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1013-dell300x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1066-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1080-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1086-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1094-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1095-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1097-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1109-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-137-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-137-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-137-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-dell300x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04-edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021 Canonical, Inc. / NASL script (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-36158', 'CVE-2021-3178');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4877-1');\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-1066-oracle', 'pkgver': '4.15.0-1066.74~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-1094-gcp', 'pkgver': '4.15.0-1094.107~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-1095-aws', 'pkgver': '4.15.0-1095.102~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-1109-azure', 'pkgver': '4.15.0-1109.121~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-137-generic', 'pkgver': '4.15.0-137.141~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-137-generic-lpae', 'pkgver': '4.15.0-137.141~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-137-lowlatency', 'pkgver': '4.15.0-137.141~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-aws-hwe', 'pkgver': '4.15.0.1095.88'},\n {'osver': '16.04', 'pkgname': 'linux-image-azure', 'pkgver': '4.15.0.1109.100'},\n {'osver': '16.04', 'pkgname': 'linux-image-azure-edge', 'pkgver': '4.15.0.1109.100'},\n {'osver': '16.04', 'pkgname': 'linux-image-gcp', 'pkgver': '4.15.0.1094.95'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-hwe-16.04', 'pkgver': '4.15.0.137.133'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-hwe-16.04-edge', 'pkgver': '4.15.0.137.133'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lpae-hwe-16.04', 'pkgver': '4.15.0.137.133'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lpae-hwe-16.04-edge', 'pkgver': '4.15.0.137.133'},\n {'osver': '16.04', 'pkgname': 'linux-image-gke', 'pkgver': '4.15.0.1094.95'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency-hwe-16.04', 'pkgver': '4.15.0.137.133'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency-hwe-16.04-edge', 'pkgver': '4.15.0.137.133'},\n {'osver': '16.04', 'pkgname': 'linux-image-oem', 'pkgver': '4.15.0.137.133'},\n {'osver': '16.04', 'pkgname': 'linux-image-oracle', 'pkgver': '4.15.0.1066.54'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual-hwe-16.04', 'pkgver': '4.15.0.137.133'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual-hwe-16.04-edge', 'pkgver': '4.15.0.137.133'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1013-dell300x', 'pkgver': '4.15.0-1013.17'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1066-oracle', 'pkgver': '4.15.0-1066.74'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1080-raspi2', 'pkgver': '4.15.0-1080.85'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1086-kvm', 'pkgver': '4.15.0-1086.88'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1094-gcp', 'pkgver': '4.15.0-1094.107'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1095-aws', 'pkgver': '4.15.0-1095.102'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1097-snapdragon', 'pkgver': '4.15.0-1097.106'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1109-azure', 'pkgver': '4.15.0-1109.121'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-137-generic', 'pkgver': '4.15.0-137.141'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-137-generic-lpae', 'pkgver': '4.15.0-137.141'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-137-lowlatency', 'pkgver': '4.15.0-137.141'},\n {'osver': '18.04', 'pkgname': 'linux-image-aws-lts-18.04', 'pkgver': '4.15.0.1095.98'},\n {'osver': '18.04', 'pkgname': 'linux-image-azure-lts-18.04', 'pkgver': '4.15.0.1109.82'},\n {'osver': '18.04', 'pkgname': 'linux-image-dell300x', 'pkgver': '4.15.0.1013.15'},\n {'osver': '18.04', 'pkgname': 'linux-image-gcp-lts-18.04', 'pkgver': '4.15.0.1094.112'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic', 'pkgver': '4.15.0.137.124'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-hwe-16.04', 'pkgver': '4.15.0.137.124'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-hwe-16.04-edge', 'pkgver': '4.15.0.137.124'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae', 'pkgver': '4.15.0.137.124'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae-hwe-16.04', 'pkgver': '4.15.0.137.124'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae-hwe-16.04-edge', 'pkgver': '4.15.0.137.124'},\n {'osver': '18.04', 'pkgname': 'linux-image-kvm', 'pkgver': '4.15.0.1086.82'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency', 'pkgver': '4.15.0.137.124'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency-hwe-16.04', 'pkgver': '4.15.0.137.124'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency-hwe-16.04-edge', 'pkgver': '4.15.0.137.124'},\n {'osver': '18.04', 'pkgname': 'linux-image-oracle-lts-18.04', 'pkgver': '4.15.0.1066.76'},\n {'osver': '18.04', 'pkgname': 'linux-image-raspi2', 'pkgver': '4.15.0.1080.77'},\n {'osver': '18.04', 'pkgname': 'linux-image-snapdragon', 'pkgver': '4.15.0.1097.100'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual', 'pkgver': '4.15.0.137.124'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual-hwe-16.04', 'pkgver': '4.15.0.137.124'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual-hwe-16.04-edge', 'pkgver': '4.15.0.137.124'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-image-4.15.0-1013-dell300x / linux-image-4.15.0-1066-oracle / etc');\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:51:09", "description": "An update of the linux package has been released.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-01-26T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Linux PHSA-2021-2.0-0314", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28374", "CVE-2020-36158"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2021-2_0-0314_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/145459", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-2.0-0314. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145459);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\"CVE-2020-28374\", \"CVE-2020-36158\");\n\n script_name(english:\"Photon OS 2.0: Linux PHSA-2021-2.0-0314\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-314.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-28374\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 2.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', reference:'linux-api-headers-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-aws-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-aws-devel-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-aws-docs-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-aws-drivers-gpu-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-aws-oprofile-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-aws-sound-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-devel-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-docs-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-drivers-gpu-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-esx-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-esx-devel-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-esx-docs-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-oprofile-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-secure-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-secure-devel-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-secure-docs-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-secure-lkcm-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-sound-4.9.252-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'linux-tools-4.9.252-1.ph2')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:56:40", "description": "The remote Ubuntu 20.04 LTS / 20.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4879-1 advisory.\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation. (CVE-2021-20194)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-23T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS / 20.10 : Linux kernel vulnerabilities (USN-4879-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-36158", "CVE-2021-20194"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.10", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1017-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1017-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1020-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1022-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1024-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1024-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1025-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-45-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-45-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-45-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-45-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04-edge"], "id": "UBUNTU_USN-4879-1.NASL", "href": "https://www.tenable.com/plugins/nessus/147974", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4879-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147974);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\"CVE-2020-36158\", \"CVE-2021-20194\");\n script_xref(name:\"USN\", value:\"4879-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS / 20.10 : Linux kernel vulnerabilities (USN-4879-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 20.10 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-4879-1 advisory.\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config\n params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y ,\n CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution,\n the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap\n overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly\n privileges escalation. (CVE-2021-20194)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4879-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-20194\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1017-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1017-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1020-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1022-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1024-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1024-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1025-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-45-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-45-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-45-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-45-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04-edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2022 Canonical, Inc. / NASL script (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(20\\.04|20\\.10)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 20.10', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-36158', 'CVE-2021-20194');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4879-1');\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'osver': '20.04', 'pkgname': 'linux-image-5.8.0-45-generic', 'pkgver': '5.8.0-45.51~20.04.1+1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.8.0-45-generic-64k', 'pkgver': '5.8.0-45.51~20.04.1+1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.8.0-45-generic-lpae', 'pkgver': '5.8.0-45.51~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.8.0-45-lowlatency', 'pkgver': '5.8.0-45.51~20.04.1+1'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-64k-hwe-20.04', 'pkgver': '5.8.0.45.51~20.04.31'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-64k-hwe-20.04-edge', 'pkgver': '5.8.0.45.51~20.04.31'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-hwe-20.04', 'pkgver': '5.8.0.45.51~20.04.31'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-hwe-20.04-edge', 'pkgver': '5.8.0.45.51~20.04.31'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae-hwe-20.04', 'pkgver': '5.8.0.45.51~20.04.31'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae-hwe-20.04-edge', 'pkgver': '5.8.0.45.51~20.04.31'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency-hwe-20.04', 'pkgver': '5.8.0.45.51~20.04.31'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency-hwe-20.04-edge', 'pkgver': '5.8.0.45.51~20.04.31'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual-hwe-20.04', 'pkgver': '5.8.0.45.51~20.04.31'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual-hwe-20.04-edge', 'pkgver': '5.8.0.45.51~20.04.31'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-1017-raspi', 'pkgver': '5.8.0-1017.20'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-1017-raspi-nolpae', 'pkgver': '5.8.0-1017.20'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-1020-kvm', 'pkgver': '5.8.0-1020.22'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-1022-oracle', 'pkgver': '5.8.0-1022.23'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-1024-azure', 'pkgver': '5.8.0-1024.26'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-1024-gcp', 'pkgver': '5.8.0-1024.25'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-1025-aws', 'pkgver': '5.8.0-1025.27'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-45-generic', 'pkgver': '5.8.0-45.51'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-45-generic-64k', 'pkgver': '5.8.0-45.51'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-45-generic-lpae', 'pkgver': '5.8.0-45.51'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-45-lowlatency', 'pkgver': '5.8.0-45.51'},\n {'osver': '20.10', 'pkgname': 'linux-image-aws', 'pkgver': '5.8.0.1025.27'},\n {'osver': '20.10', 'pkgname': 'linux-image-azure', 'pkgver': '5.8.0.1024.24'},\n {'osver': '20.10', 'pkgname': 'linux-image-gcp', 'pkgver': '5.8.0.1024.24'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic', 'pkgver': '5.8.0.45.50'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-64k', 'pkgver': '5.8.0.45.50'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-64k-hwe-20.04', 'pkgver': '5.8.0.45.50'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-64k-hwe-20.04-edge', 'pkgver': '5.8.0.45.50'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-hwe-20.04', 'pkgver': '5.8.0.45.50'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-hwe-20.04-edge', 'pkgver': '5.8.0.45.50'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-lpae', 'pkgver': '5.8.0.45.50'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-lpae-hwe-20.04', 'pkgver': '5.8.0.45.50'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-lpae-hwe-20.04-edge', 'pkgver': '5.8.0.45.50'},\n {'osver': '20.10', 'pkgname': 'linux-image-gke', 'pkgver': '5.8.0.1024.24'},\n {'osver': '20.10', 'pkgname': 'linux-image-kvm', 'pkgver': '5.8.0.1020.22'},\n {'osver': '20.10', 'pkgname': 'linux-image-lowlatency', 'pkgver': '5.8.0.45.50'},\n {'osver': '20.10', 'pkgname': 'linux-image-lowlatency-hwe-20.04', 'pkgver': '5.8.0.45.50'},\n {'osver': '20.10', 'pkgname': 'linux-image-lowlatency-hwe-20.04-edge', 'pkgver': '5.8.0.45.50'},\n {'osver': '20.10', 'pkgname': 'linux-image-oem-20.04', 'pkgver': '5.8.0.45.50'},\n {'osver': '20.10', 'pkgname': 'linux-image-oracle', 'pkgver': '5.8.0.1022.21'},\n {'osver': '20.10', 'pkgname': 'linux-image-raspi', 'pkgver': '5.8.0.1017.20'},\n {'osver': '20.10', 'pkgname': 'linux-image-raspi-nolpae', 'pkgver': '5.8.0.1017.20'},\n {'osver': '20.10', 'pkgname': 'linux-image-virtual', 'pkgver': '5.8.0.45.50'},\n {'osver': '20.10', 'pkgname': 'linux-image-virtual-hwe-20.04', 'pkgver': '5.8.0.45.50'},\n {'osver': '20.10', 'pkgname': 'linux-image-virtual-hwe-20.04-edge', 'pkgver': '5.8.0.45.50'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-image-5.8.0-1017-raspi / linux-image-5.8.0-1017-raspi-nolpae / etc');\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-13T15:02:23", "description": "The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4876-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - ** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior. (CVE-2021-3178)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2021-03-23T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4876-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-29569", "CVE-2020-36158", "CVE-2021-3178"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1087-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1089-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1123-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1147-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1151-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-204-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-204-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-204-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-xenial"], "id": "UBUNTU_USN-4876-1.NASL", "href": "https://www.tenable.com/plugins/nessus/148001", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4876-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148001);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\"CVE-2020-29569\", \"CVE-2020-36158\", \"CVE-2021-3178\");\n script_xref(name:\"USN\", value:\"4876-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4876-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-4876-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux\n kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect\n and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving\n guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege\n escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - ** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a\n subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via\n READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this\n attack; see also the exports(5) no_subtree_check default behavior. (CVE-2021-3178)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4876-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-29569\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1087-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1089-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1123-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1147-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1151-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-204-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-204-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-204-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-xenial\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2022 Canonical, Inc. / NASL script (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-29569', 'CVE-2020-36158', 'CVE-2021-3178');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4876-1');\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'linux-image-4.4.0-1089-kvm', 'pkgver': '4.4.0-1089.98'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.4.0-1123-aws', 'pkgver': '4.4.0-1123.137'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.4.0-1147-raspi2', 'pkgver': '4.4.0-1147.157'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.4.0-1151-snapdragon', 'pkgver': '4.4.0-1151.161'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.4.0-204-generic', 'pkgver': '4.4.0-204.236'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.4.0-204-generic-lpae', 'pkgver': '4.4.0-204.236'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.4.0-204-lowlatency', 'pkgver': '4.4.0-204.236'},\n {'osver': '16.04', 'pkgname': 'linux-image-aws', 'pkgver': '4.4.0.1123.128'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic', 'pkgver': '4.4.0.204.210'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lpae', 'pkgver': '4.4.0.204.210'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lpae-lts-utopic', 'pkgver': '4.4.0.204.210'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lpae-lts-vivid', 'pkgver': '4.4.0.204.210'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lpae-lts-wily', 'pkgver': '4.4.0.204.210'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lpae-lts-xenial', 'pkgver': '4.4.0.204.210'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lts-utopic', 'pkgver': '4.4.0.204.210'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lts-vivid', 'pkgver': '4.4.0.204.210'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lts-wily', 'pkgver': '4.4.0.204.210'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lts-xenial', 'pkgver': '4.4.0.204.210'},\n {'osver': '16.04', 'pkgname': 'linux-image-kvm', 'pkgver': '4.4.0.1089.87'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency', 'pkgver': '4.4.0.204.210'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency-lts-utopic', 'pkgver': '4.4.0.204.210'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency-lts-vivid', 'pkgver': '4.4.0.204.210'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency-lts-wily', 'pkgver': '4.4.0.204.210'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency-lts-xenial', 'pkgver': '4.4.0.204.210'},\n {'osver': '16.04', 'pkgname': 'linux-image-raspi2', 'pkgver': '4.4.0.1147.147'},\n {'osver': '16.04', 'pkgname': 'linux-image-snapdragon', 'pkgver': '4.4.0.1151.143'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual', 'pkgver': '4.4.0.204.210'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual-lts-utopic', 'pkgver': '4.4.0.204.210'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual-lts-vivid', 'pkgver': '4.4.0.204.210'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual-lts-wily', 'pkgver': '4.4.0.204.210'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual-lts-xenial', 'pkgver': '4.4.0.204.210'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-image-4.4.0-1089-kvm / linux-image-4.4.0-1123-aws / etc');\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:53:50", "description": "The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-9039 advisory.\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore. (CVE-2020-28374)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-02-08T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9039)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28374", "CVE-2020-29660", "CVE-2020-36158"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-container"], "id": "ORACLELINUX_ELSA-2021-9039.NASL", "href": "https://www.tenable.com/plugins/nessus/146299", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9039.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146299);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\"CVE-2020-28374\", \"CVE-2020-29660\", \"CVE-2020-36158\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9039)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2021-9039 advisory.\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal\n in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker\n has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are\n proxied via an attacker-selected backstore. (CVE-2020-28374)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID,\n aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9039.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-28374\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-4.14.35-2025.405.3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-4.14.35'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:53:28", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9035 advisory.\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore. (CVE-2020-28374)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-02-08T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9035)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28374", "CVE-2020-29660", "CVE-2020-36158"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2021-9035.NASL", "href": "https://www.tenable.com/plugins/nessus/146300", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9035.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146300);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\"CVE-2020-28374\", \"CVE-2020-29660\", \"CVE-2020-36158\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9035)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-9035 advisory.\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal\n in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker\n has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are\n proxied via an attacker-selected backstore. (CVE-2020-28374)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID,\n aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9035.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-28374\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.14.35-2025.405.3.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-9035');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.14.35-2025.405.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-4.14.35-2025.405.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2025.405.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2025.405.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2025.405.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2025.405.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2025.405.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2025.405.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-doc-4.14.35-2025.405.3.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.14.35'},\n {'reference':'kernel-uek-headers-4.14.35-2025.405.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2025.405.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2025.405.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-libs-4.14.35-2025.405.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-4.14.35'},\n {'reference':'kernel-uek-tools-libs-devel-4.14.35-2025.405.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-devel-4.14.35'},\n {'reference':'perf-4.14.35-2025.405.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.35-2025.405.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:54:28", "description": "The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9043 advisory.\n\n - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. (CVE-2020-28915)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.7, "vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-02-10T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2021-9043)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28915", "CVE-2020-28974", "CVE-2020-36158"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2021-9043.NASL", "href": "https://www.tenable.com/plugins/nessus/146352", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9043.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146352);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2020-28915\", \"CVE-2020-28974\", \"CVE-2020-36158\");\n\n script_name(english:\"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2021-9043)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-9043 advisory.\n\n - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be\n used by local attackers to read kernel memory, aka CID-6735b4632def. (CVE-2020-28915)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to\n read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because\n KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9043.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.39-400.330.1.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-9043');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.39-400.330.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-2.6.39-400.330.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.330.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.330.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.330.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.330.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.330.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.330.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-doc-2.6.39-400.330.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.39'},\n {'reference':'kernel-uek-firmware-2.6.39-400.330.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.39'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:55:41", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4878-1 advisory.\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - ** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior. (CVE-2021-3178)\n\n - An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.\n (CVE-2021-3347)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-23T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4878-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-36158", "CVE-2021-20239", "CVE-2021-3178", "CVE-2021-3347"], "modified": "2021-03-23T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1011-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1030-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1034-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1037-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1038-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1039-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1039-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1041-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-67-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-67-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-67-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-osp1", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04-edge"], "id": "UBUNTU_USN-4878-1.NASL", "href": "https://www.tenable.com/plugins/nessus/148003", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4878-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148003);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/23\");\n\n script_cve_id(\n \"CVE-2020-36158\",\n \"CVE-2021-3178\",\n \"CVE-2021-3347\",\n \"CVE-2021-20239\"\n );\n script_xref(name:\"USN\", value:\"4878-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4878-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-4878-1 advisory.\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - ** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a\n subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via\n READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this\n attack; see also the exports(5) no_subtree_check default behavior. (CVE-2021-3178)\n\n - An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free\n during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.\n (CVE-2021-3347)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4878-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3347\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1011-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1030-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1034-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1037-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1038-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1039-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1039-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1041-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-67-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-67-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-67-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-osp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04-edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021 Canonical, Inc. / NASL script (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04|20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-36158', 'CVE-2021-3178', 'CVE-2021-3347', 'CVE-2021-20239');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4878-1');\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1011-gkeop', 'pkgver': '5.4.0-1011.12~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1030-raspi', 'pkgver': '5.4.0-1030.33~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1037-gke', 'pkgver': '5.4.0-1037.39~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1038-gcp', 'pkgver': '5.4.0-1038.41~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1039-aws', 'pkgver': '5.4.0-1039.41~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1039-oracle', 'pkgver': '5.4.0-1039.42~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1041-azure', 'pkgver': '5.4.0-1041.43~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-67-generic', 'pkgver': '5.4.0-67.75~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-67-generic-lpae', 'pkgver': '5.4.0-67.75~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-67-lowlatency', 'pkgver': '5.4.0-67.75~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-aws', 'pkgver': '5.4.0.1039.23'},\n {'osver': '18.04', 'pkgname': 'linux-image-aws-edge', 'pkgver': '5.4.0.1039.23'},\n {'osver': '18.04', 'pkgname': 'linux-image-azure', 'pkgver': '5.4.0.1041.21'},\n {'osver': '18.04', 'pkgname': 'linux-image-azure-edge', 'pkgver': '5.4.0.1041.21'},\n {'osver': '18.04', 'pkgname': 'linux-image-gcp', 'pkgver': '5.4.0.1038.25'},\n {'osver': '18.04', 'pkgname': 'linux-image-gcp-edge', 'pkgver': '5.4.0.1038.25'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-hwe-18.04', 'pkgver': '5.4.0.67.75~18.04.62'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-hwe-18.04-edge', 'pkgver': '5.4.0.67.75~18.04.62'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.67.75~18.04.62'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.67.75~18.04.62'},\n {'osver': '18.04', 'pkgname': 'linux-image-gke-5.4', 'pkgver': '5.4.0.1037.39~18.04.5'},\n {'osver': '18.04', 'pkgname': 'linux-image-gkeop-5.4', 'pkgver': '5.4.0.1011.12~18.04.12'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04', 'pkgver': '5.4.0.67.75~18.04.62'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.67.75~18.04.62'},\n {'osver': '18.04', 'pkgname': 'linux-image-oem', 'pkgver': '5.4.0.67.75~18.04.62'},\n {'osver': '18.04', 'pkgname': 'linux-image-oem-osp1', 'pkgver': '5.4.0.67.75~18.04.62'},\n {'osver': '18.04', 'pkgname': 'linux-image-oracle', 'pkgver': '5.4.0.1039.42~18.04.22'},\n {'osver': '18.04', 'pkgname': 'linux-image-oracle-edge', 'pkgver': '5.4.0.1039.42~18.04.22'},\n {'osver': '18.04', 'pkgname': 'linux-image-raspi-hwe-18.04', 'pkgver': '5.4.0.1030.33'},\n {'osver': '18.04', 'pkgname': 'linux-image-raspi-hwe-18.04-edge', 'pkgver': '5.4.0.1030.33'},\n {'osver': '18.04', 'pkgname': 'linux-image-snapdragon-hwe-18.04', 'pkgver': '5.4.0.67.75~18.04.62'},\n {'osver': '18.04', 'pkgname': 'linux-image-snapdragon-hwe-18.04-edge', 'pkgver': '5.4.0.67.75~18.04.62'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual-hwe-18.04', 'pkgver': '5.4.0.67.75~18.04.62'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.67.75~18.04.62'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1011-gkeop', 'pkgver': '5.4.0-1011.12'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1030-raspi', 'pkgver': '5.4.0-1030.33'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1034-kvm', 'pkgver': '5.4.0-1034.35'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1038-gcp', 'pkgver': '5.4.0-1038.41'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1039-aws', 'pkgver': '5.4.0-1039.41'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1039-oracle', 'pkgver': '5.4.0-1039.42'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1041-azure', 'pkgver': '5.4.0-1041.43'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-67-generic', 'pkgver': '5.4.0-67.75'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-67-generic-lpae', 'pkgver': '5.4.0-67.75'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-67-lowlatency', 'pkgver': '5.4.0-67.75'},\n {'osver': '20.04', 'pkgname': 'linux-image-aws', 'pkgver': '5.4.0.1039.40'},\n {'osver': '20.04', 'pkgname': 'linux-image-azure', 'pkgver': '5.4.0.1041.39'},\n {'osver': '20.04', 'pkgname': 'linux-image-gcp', 'pkgver': '5.4.0.1038.47'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic', 'pkgver': '5.4.0.67.70'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-hwe-18.04', 'pkgver': '5.4.0.67.70'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-hwe-18.04-edge', 'pkgver': '5.4.0.67.70'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae', 'pkgver': '5.4.0.67.70'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.67.70'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.67.70'},\n {'osver': '20.04', 'pkgname': 'linux-image-gkeop', 'pkgver': '5.4.0.1011.14'},\n {'osver': '20.04', 'pkgname': 'linux-image-gkeop-5.4', 'pkgver': '5.4.0.1011.14'},\n {'osver': '20.04', 'pkgname': 'linux-image-kvm', 'pkgver': '5.4.0.1034.32'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency', 'pkgver': '5.4.0.67.70'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04', 'pkgver': '5.4.0.67.70'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.67.70'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem', 'pkgver': '5.4.0.67.70'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem-osp1', 'pkgver': '5.4.0.67.70'},\n {'osver': '20.04', 'pkgname': 'linux-image-oracle', 'pkgver': '5.4.0.1039.36'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi', 'pkgver': '5.4.0.1030.65'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi-hwe-18.04', 'pkgver': '5.4.0.1030.65'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi-hwe-18.04-edge', 'pkgver': '5.4.0.1030.65'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi2', 'pkgver': '5.4.0.1030.65'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi2-hwe-18.04', 'pkgver': '5.4.0.1030.65'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi2-hwe-18.04-edge', 'pkgver': '5.4.0.1030.65'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual', 'pkgver': '5.4.0.67.70'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual-hwe-18.04', 'pkgver': '5.4.0.67.70'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.67.70'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-image-5.4.0-1011-gkeop / linux-image-5.4.0-1030-raspi / etc');\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-13T15:01:03", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3.\n For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.(CVE-2020-28374)\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable.(CVE-2020-29568)\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out.\n This only affects systems with a Linux blkback.(CVE-2020-29569)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.(CVE-2020-36158)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2021-02-05T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-1246)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28374", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-36158"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1246.NASL", "href": "https://www.tenable.com/plugins/nessus/146217", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146217);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-28374\",\n \"CVE-2020-29568\",\n \"CVE-2020-29569\",\n \"CVE-2020-36158\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-1246)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - In drivers/target/target_core_xcopy.c in the Linux\n kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote\n attackers to read or write files via directory\n traversal in an XCOPY request, aka CID-2896c93811e3.\n For example, an attack can occur over a network if the\n attacker has access to one iSCSI LUN. The attacker\n gains control over file access because I/O operations\n are proxied via an attacker-selected\n backstore.(CVE-2020-28374)\n\n - An issue was discovered in Xen through 4.14.x. Some\n OSes (such as Linux, FreeBSD, and NetBSD) are\n processing watch events using a single thread. If the\n events are received faster than the thread is able to\n handle, they will get queued. As the queue is\n unbounded, a guest may be able to trigger an OOM in the\n backend. All systems with a FreeBSD, Linux, or NetBSD\n (any version) dom0 are vulnerable.(CVE-2020-29568)\n\n - An issue was discovered in the Linux kernel through\n 5.10.1, as used with Xen through 4.14.x. The Linux\n kernel PV block backend expects the kernel thread\n handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the\n frontend quickly toggles between the states connect and\n disconnect. As a consequence, the block backend may\n re-use a pointer after it was freed. A misbehaving\n guest can trigger a dom0 crash by continuously\n connecting / disconnecting a block frontend. Privilege\n escalation and information leaks cannot be ruled out.\n This only affects systems with a Linux\n blkback.(CVE-2020-29569)\n\n - mwifiex_cmd_802_11_ad_hoc_start in\n drivers/net/wireless/marvell/mwifiex/join.c in the\n Linux kernel through 5.10.4 might allow remote\n attackers to execute arbitrary code via a long SSID\n value, aka CID-5c455c5ab332.(CVE-2020-36158)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1246\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7744bf0c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-29569\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.90-vhulk2011.1.0.h382.eulerosv2r9\",\n \"kernel-tools-4.19.90-vhulk2011.1.0.h382.eulerosv2r9\",\n \"kernel-tools-libs-4.19.90-vhulk2011.1.0.h382.eulerosv2r9\",\n \"python3-perf-4.19.90-vhulk2011.1.0.h382.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-13T15:01:22", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9030 advisory.\n\n - An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea. (CVE-2020-12653)\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-27786)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-02-03T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9030)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12653", "CVE-2020-27786", "CVE-2020-29568", "CVE-2020-29660", "CVE-2020-36158"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2021-9030.NASL", "href": "https://www.tenable.com/plugins/nessus/146096", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9030.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146096);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-12653\",\n \"CVE-2020-27786\",\n \"CVE-2020-29568\",\n \"CVE-2020-29660\",\n \"CVE-2020-36158\"\n );\n script_xref(name:\"IAVB\", value:\"2020-B-0077-S\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9030)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2021-9030 advisory.\n\n - An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in\n drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of\n service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea. (CVE-2020-12653)\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are\n processing watch events using a single thread. If the events are received faster than the thread is able\n to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the\n backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and\n the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to\n this specific memory while freed and before use causes the flow of execution to change and possibly allow\n for memory corruption or privilege escalation. The highest threat from this vulnerability is to\n confidentiality, integrity, as well as system availability. (CVE-2020-27786)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID,\n aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9030.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-27786\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.47.3.el6uek', '4.1.12-124.47.3.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-9030');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.47.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.47.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.47.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.47.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.47.3.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.47.3.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.47.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.47.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.47.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.47.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.47.3.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.47.3.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-13T14:59:40", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3.\n For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.(CVE-2020-28374)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.(CVE-2020-36158)\n\n - In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. User interaction is not required for exploitation. (CVE-2021-0342)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14351)\n\n - fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE:\n some parties argue that such a subdirectory export is not intended to prevent this attack see also the exports(5) no_subtree_check default behavior.(CVE-2021-3178)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-02-05T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-1265)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14351", "CVE-2020-28374", "CVE-2020-36158", "CVE-2021-0342", "CVE-2021-3178"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1265.NASL", "href": "https://www.tenable.com/plugins/nessus/146261", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146261);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-14351\",\n \"CVE-2020-28374\",\n \"CVE-2020-36158\",\n \"CVE-2021-0342\",\n \"CVE-2021-3178\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-1265)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - In drivers/target/target_core_xcopy.c in the Linux\n kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote\n attackers to read or write files via directory\n traversal in an XCOPY request, aka CID-2896c93811e3.\n For example, an attack can occur over a network if the\n attacker has access to one iSCSI LUN. The attacker\n gains control over file access because I/O operations\n are proxied via an attacker-selected\n backstore.(CVE-2020-28374)\n\n - mwifiex_cmd_802_11_ad_hoc_start in\n drivers/net/wireless/marvell/mwifiex/join.c in the\n Linux kernel through 5.10.4 might allow remote\n attackers to execute arbitrary code via a long SSID\n value, aka CID-5c455c5ab332.(CVE-2020-36158)\n\n - In tun_get_user of tun.c, there is possible memory\n corruption due to a use after free. This could lead to\n local escalation of privilege with System execution\n privileges required. User interaction is not required\n for exploitation. (CVE-2021-0342)\n\n - A flaw was found in the Linux kernel. A use-after-free\n memory flaw was found in the perf subsystem allowing a\n local attacker with permission to monitor perf events\n to corrupt memory and possibly escalate privileges. The\n highest threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability. (CVE-2020-14351)\n\n - fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8,\n when there is an NFS export of a subdirectory of a\n filesystem, allows remote attackers to traverse to\n other parts of the filesystem via READDIRPLUS. NOTE:\n some parties argue that such a subdirectory export is\n not intended to prevent this attack see also the\n exports(5) no_subtree_check default\n behavior.(CVE-2021-3178)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1265\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?113ac543\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-28374\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.18.0-147.5.1.2.h340.eulerosv2r9\",\n \"kernel-tools-4.18.0-147.5.1.2.h340.eulerosv2r9\",\n \"kernel-tools-libs-4.18.0-147.5.1.2.h340.eulerosv2r9\",\n \"python3-perf-4.18.0-147.5.1.2.h340.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-13T15:11:45", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9038 advisory.\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore. (CVE-2020-28374)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged user (with root or CAP_NET_ADMIN) when inserting iptables rules could insert a rule which can panic the system. Kernel before kernel 5.5-rc1 is affected. (CVE-2021-20177)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2021-04-14T00:00:00", "type": "nessus", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9038)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28374", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-29660", "CVE-2020-36158", "CVE-2021-20177"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek-container", "p-cpe:/a:oracle:linux:kernel-uek-container-debug"], "id": "ORACLELINUX_ELSA-2021-9038.NASL", "href": "https://www.tenable.com/plugins/nessus/148550", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9038.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148550);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-28374\",\n \"CVE-2020-29568\",\n \"CVE-2020-29569\",\n \"CVE-2020-29660\",\n \"CVE-2020-36158\",\n \"CVE-2021-20177\"\n );\n script_xref(name:\"IAVB\", value:\"2020-B-0077-S\");\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9038)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2021-9038 advisory.\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are\n processing watch events using a single thread. If the events are received faster than the thread is able\n to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the\n backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux\n kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect\n and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving\n guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege\n escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal\n in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker\n has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are\n proxied via an attacker-selected backstore. (CVE-2020-28374)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID,\n aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged\n user (with root or CAP_NET_ADMIN) when inserting iptables rules could insert a rule which can panic the\n system. Kernel before kernel 5.5-rc1 is affected. (CVE-2021-20177)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9038.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container and / or kernel-uek-container-debug packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-29569\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container-debug\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-5.4.17-2036.103.3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2036.103.3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.4.17'},\n {'reference':'kernel-uek-container-5.4.17-2036.103.3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2036.103.3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.4.17'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container / kernel-uek-container-debug');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-13T14:59:43", "description": "The remote OracleVM system is missing necessary patches to address security updates:\n\n - An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea. (CVE-2020-12653)\n\n - A flaw was found in the Linux kernel's implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-27786)\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-02-05T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : kernel-uek (OVMSA-2021-0005)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12653", "CVE-2020-27786", "CVE-2020-28374", "CVE-2020-29568", "CVE-2020-29660", "CVE-2020-36158"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2021-0005.NASL", "href": "https://www.tenable.com/plugins/nessus/146248", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were\n# extracted from OracleVM Security Advisory OVMSA-2021-0005.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146248);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-12653\",\n \"CVE-2020-27786\",\n \"CVE-2020-28374\",\n \"CVE-2020-29568\",\n \"CVE-2020-29660\",\n \"CVE-2020-36158\"\n );\n\n script_name(english:\"OracleVM 3.4 : kernel-uek (OVMSA-2021-0005)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote OracleVM host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote OracleVM system is missing necessary patches to address security updates:\n\n - An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in\n drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of\n service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea. (CVE-2020-12653)\n\n - A flaw was found in the Linux kernel's implementation of MIDI, where an attacker with a local account and\n the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to\n this specific memory while freed and before use causes the flow of execution to change and possibly allow\n for memory corruption or privilege escalation. The highest threat from this vulnerability is to\n confidentiality, integrity, as well as system availability. (CVE-2020-27786)\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are\n processing watch events using a single thread. If the events are received faster than the thread is able\n to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the\n backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID,\n aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2020-12653.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2020-27786.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2020-29568.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2020-29660.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2020-36158.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/OVMSA-2021-0005.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek / kernel-uek-firmware packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-28374\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.47.3.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for OVMSA-2021-0005');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.47.3.el6uek', 'cpu':'x86_64', 'release':'3.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.47.3.el6uek', 'cpu':'x86_64', 'release':'3.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'OVS' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-firmware');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:53:28", "description": "This update for the Linux Kernel 4.4.180-94_121 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180562).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180030).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180032.\n\nCVE-2020-29569: Fixed a use after free due to a logic error (bsc#1180008).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bsc#1179877).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179877).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2021-02-11T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0408-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0465", "CVE-2020-0466", "CVE-2020-29569", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_129-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_135-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_138-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_141-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_146-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_116-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_116-default-debuginfo", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_121-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_121-default-debuginfo", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_124-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_124-default-debuginfo", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_127-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_127-default-debuginfo", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_130-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_130-default-debuginfo", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_135-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_135-default-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-0408-1.NASL", "href": "https://www.tenable.com/plugins/nessus/146401", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0408-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146401);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-29569\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0408-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for the Linux Kernel 4.4.180-94_121 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell\nmwifiex driver (bsc#1180562).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in\nhid-multitouch.c that could have led to local privilege escalation\n(bnc#1180030).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in\ndo_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180032.\n\nCVE-2020-29569: Fixed a use after free due to a logic error\n(bsc#1180008).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem\nthat may have allowed a read-after-free attack against TIOCGSID\n(bsc#1179877).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that\nallowed a use-after-free attack against TIOCSPGRP (bsc#1179877).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180562\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0465/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0466/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29569/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29661/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36158/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210408-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?de7ce351\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2021-404=1\nSUSE-SLE-SAP-12-SP3-2021-405=1 SUSE-SLE-SAP-12-SP3-2021-406=1\nSUSE-SLE-SAP-12-SP3-2021-407=1 SUSE-SLE-SAP-12-SP3-2021-408=1\nSUSE-SLE-SAP-12-SP3-2021-409=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2021-410=1\nSUSE-SLE-SAP-12-SP2-2021-411=1 SUSE-SLE-SAP-12-SP2-2021-412=1\nSUSE-SLE-SAP-12-SP2-2021-413=1 SUSE-SLE-SAP-12-SP2-2021-414=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-404=1\nSUSE-SLE-SERVER-12-SP3-2021-405=1 SUSE-SLE-SERVER-12-SP3-2021-406=1\nSUSE-SLE-SERVER-12-SP3-2021-407=1 SUSE-SLE-SERVER-12-SP3-2021-408=1\nSUSE-SLE-SERVER-12-SP3-2021-409=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-410=1\nSUSE-SLE-SERVER-12-SP2-2021-411=1 SUSE-SLE-SERVER-12-SP2-2021-412=1\nSUSE-SLE-SERVER-12-SP2-2021-413=1 SUSE-SLE-SERVER-12-SP2-2021-414=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-29569\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_129-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_135-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_138-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_141-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_146-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_116-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_116-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_121-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_121-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_124-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_124-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_127-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_127-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_130-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_130-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_135-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_135-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_116-default-7-2.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_116-default-debuginfo-7-2.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_121-default-6-2.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_121-default-debuginfo-6-2.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_124-default-6-2.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_124-default-debuginfo-6-2.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_127-default-6-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_127-default-debuginfo-6-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_130-default-5-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_130-default-debuginfo-5-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_135-default-3-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_135-default-debuginfo-3-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_129-default-8-2.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_135-default-6-2.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_138-default-6-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_141-default-5-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_146-default-3-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-13T15:14:04", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9037 advisory.\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore. (CVE-2020-28374)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged user (with root or CAP_NET_ADMIN) when inserting iptables rules could insert a rule which can panic the system. Kernel before kernel 5.5-rc1 is affected. (CVE-2021-20177)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2021-04-14T00:00:00", "type": "nessus", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9037)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28374", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-29660", "CVE-2020-36158", "CVE-2021-20177"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2021-9037.NASL", "href": "https://www.tenable.com/plugins/nessus/148549", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9037.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148549);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-28374\",\n \"CVE-2020-29568\",\n \"CVE-2020-29569\",\n \"CVE-2020-29660\",\n \"CVE-2020-36158\",\n \"CVE-2021-20177\"\n );\n script_xref(name:\"IAVB\", value:\"2020-B-0077-S\");\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9037)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2021-9037 advisory.\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are\n processing watch events using a single thread. If the events are received faster than the thread is able\n to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the\n backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux\n kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect\n and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving\n guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege\n escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal\n in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker\n has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are\n proxied via an attacker-selected backstore. (CVE-2020-28374)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID,\n aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged\n user (with root or CAP_NET_ADMIN) when inserting iptables rules could insert a rule which can panic the\n system. Kernel before kernel 5.5-rc1 is affected. (CVE-2021-20177)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9037.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-29569\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.4.17-2036.103.3.el7uek', '5.4.17-2036.103.3.el8uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-9037');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-5.4.17-2036.103.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2036.103.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2036.103.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2036.103.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2036.103.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2036.103.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2036.103.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2036.103.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2036.103.3.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2036.103.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2036.103.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-libs-5.4.17-2036.103.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-5.4.17'},\n {'reference':'perf-5.4.17-2036.103.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-5.4.17-2036.103.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-5.4.17-2036.103.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2036.103.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2036.103.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2036.103.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2036.103.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2036.103.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2036.103.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2036.103.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2036.103.3.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:51:12", "description": "The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-01-13T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0095-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0444", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-27068", "CVE-2020-27777", "CVE-2020-27825", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt", "p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt-base", "p-cpe:/a:novell:suse_linux:kernel-rt-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt-devel", "p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-0095-1.NASL", "href": "https://www.tenable.com/plugins/nessus/144908", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0095-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144908);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2020-0444\",\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-27068\",\n \"CVE-2020-27777\",\n \"CVE-2020-27825\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\"\n );\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0095-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell\nmwifiex driver (bsc#1180559).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls\n(bsc#1179960).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in\ndo_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds\ncheck in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in\nhid-multitouch.c that could have led to local privilege escalation\n(bnc#1180029).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in\naudit_data_to_entry (bnc#1180027).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem\nthat may have allowed a read-after-free attack against TIOCGSID\n(bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that\nallowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time\nAbstraction Services (RTAS) interface, affecting guests running on top\nof PowerVM or KVM hypervisors (bnc#1179107).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144912\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179142\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180258\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0444/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0465/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0466/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27068/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27825/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29661/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36158/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210095-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?283ed3db\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Realtime 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-RT-15-SP1-2021-95=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-29661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-debuginfo-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-debuginfo-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-debuginfo-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-base-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-base-debuginfo-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-debugsource-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-devel-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-devel-debuginfo-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debuginfo-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debugsource-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-debuginfo-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-syms-rt-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-4.12.14-14.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-debuginfo-4.12.14-14.47.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:54:28", "description": "The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349).\n\nCVE-2021-20177: Fixed a kernel panic related to iptables string matching rules. A privileged user could insert a rule which could lead to denial of service (bnc#1180765).\n\nCVE-2021-0342: In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required.\n(bnc#1180812)\n\nCVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found, specifically in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878).\n\nCVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc#1176846).\n\nCVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509).\n\nCVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508).\n\nCVE-2020-36158: Fixed an issue wich might have allowed a remote attackers to execute arbitrary code via a long SSID value in mwifiex_cmd_802_11_ad_hoc_start() (bnc#1180559).\n\nCVE-2020-28374: Fixed a vulnerability caused by insufficient identifier checking in the LIO SCSI target code. This could have been used by a remote attackers to read or write files via directory traversal in an XCOPY request (bnc#1178372).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2021-02-10T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0348-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25639", "CVE-2020-27835", "CVE-2020-28374", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-36158", "CVE-2021-0342", "CVE-2021-20177", "CVE-2021-3347"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-base", "p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debugsource", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-0348-1.NASL", "href": "https://www.tenable.com/plugins/nessus/146362", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0348-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146362);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-25639\",\n \"CVE-2020-27835\",\n \"CVE-2020-28374\",\n \"CVE-2020-29568\",\n \"CVE-2020-29569\",\n \"CVE-2020-36158\",\n \"CVE-2021-0342\",\n \"CVE-2021-3347\",\n \"CVE-2021-20177\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0348-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3347: A use-after-free was discovered in the PI futexes\nduring fault handling, allowing local users to execute code in the\nkernel (bnc#1181349).\n\nCVE-2021-20177: Fixed a kernel panic related to iptables string\nmatching rules. A privileged user could insert a rule which could lead\nto denial of service (bnc#1180765).\n\nCVE-2021-0342: In tun_get_user of tun.c, there is possible memory\ncorruption due to a use after free. This could lead to local\nescalation of privilege with System execution privileges required.\n(bnc#1180812)\n\nCVE-2020-27835: A use-after-free in the infiniband hfi1 driver was\nfound, specifically in the way user calls Ioctl after open dev file\nand fork. A local user could use this flaw to crash the system\n(bnc#1179878).\n\nCVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl\n(bnc#1176846).\n\nCVE-2020-29569: Fixed a potential privilege escalation and information\nleaks related to the PV block backend, as used by Xen (bnc#1179509).\n\nCVE-2020-29568: Fixed a denial of service issue, related to processing\nwatch events (bnc#1179508).\n\nCVE-2020-36158: Fixed an issue wich might have allowed a remote\nattackers to execute arbitrary code via a long SSID value in\nmwifiex_cmd_802_11_ad_hoc_start() (bnc#1180559).\n\nCVE-2020-28374: Fixed a vulnerability caused by insufficient\nidentifier checking in the LIO SCSI target code. This could have been\nused by a remote attackers to read or write files via directory\ntraversal in an XCOPY request (bnc#1178372).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064802\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1073513\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074220\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075020\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086301\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086313\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086314\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098633\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104270\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104277\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109837\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127371\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136348\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144912\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176831\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176846\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178049\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178684\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179093\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179508\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179563\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179573\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180562\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180676\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180859\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180891\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180912\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181230\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181231\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181553\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=901327\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25639/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27835/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28374/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29568/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29569/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36158/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-0342/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20177/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3347/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210348-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?00638af0\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-348=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3347\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-29569\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-4.12.14-16.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-base-4.12.14-16.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-base-debuginfo-4.12.14-16.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-debuginfo-4.12.14-16.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-debugsource-4.12.14-16.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-devel-4.12.14-16.44.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-syms-azure-4.12.14-16.44.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:59:43", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables.(CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.(CVE-2021-27365)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.(CVE-2021-27364)\n\n - Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef ('ovl: stack file ops'). This was fixed in kernel version 5.8 by commits 56230d9 ('ovl: verify permissions in ovl_path_open()'), 48bd024 ('ovl: switch to mounter creds in readdir') and 05acefb ('ovl: check permission to open real file'). Additionally, commits 130fdbc ('ovl: pass correct flags for opening real directory') and 292f902 ('ovl: call secutiry hook in ovl_real_ioctl()') in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da ('ovl: do not fail because of O_NOATIMEi') in kernel 5.11.(CVE-2020-16120)\n\n - A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged user (with root or CAP_NET_ADMIN) when inserting iptables rules could insert a rule which can panic the system.(CVE-2021-20177)\n\n - fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE:\n some parties argue that such a subdirectory export is not intended to prevent this attack see also the exports(5) no_subtree_check default behavior.(CVE-2021-3178)\n\n - nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71.(CVE-2021-3348)\n\n - An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.(CVE-2021-3347)\n\n - A flaw was found in the Linux kernel. The marvell wifi driver could allow a local attacker to execute arbitrary code via a long SSID value in mwifiex_cmd_802_11_ad_hoc_start function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-36158)\n\n - A flaw was found in the Linux kernel's implementation of the Linux SCSI target host, where an authenticated attacker could write to any block on the exported SCSI device backing store. This flaw allows an authenticated attacker to send LIO block requests to the Linux system to overwrite data on the backing store. The highest threat from this vulnerability is to integrity. In addition, this flaw affects the tcmu-runner package, where the affected SCSI command is called.(CVE-2020-28374)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-04-15T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.1 : kernel (EulerOS-SA-2021-1715)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16120", "CVE-2020-28374", "CVE-2020-36158", "CVE-2021-20177", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-3178", "CVE-2021-3347", "CVE-2021-3348"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:uvp:2.9.1"], "id": "EULEROS_SA-2021-1715.NASL", "href": "https://www.tenable.com/plugins/nessus/148634", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148634);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-16120\",\n \"CVE-2020-28374\",\n \"CVE-2020-36158\",\n \"CVE-2021-3178\",\n \"CVE-2021-3347\",\n \"CVE-2021-3348\",\n \"CVE-2021-20177\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.9.1 : kernel (EulerOS-SA-2021-1715)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - An issue was discovered in the Linux kernel through\n 5.11.3. A kernel pointer leak can be used to determine\n the address of the iscsi_transport structure. When an\n iSCSI transport is registered with the iSCSI subsystem,\n the transport's handle is available to unprivileged\n users via the sysfs file system, at\n /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When\n read, the show_transport_handle function (in\n drivers/scsi/scsi_transport_iscsi.c) is called, which\n leaks the handle. This handle is actually the pointer\n to an iscsi_transport struct in the kernel module's\n global variables.(CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through\n 5.11.3. Certain iSCSI data structures do not have\n appropriate length constraints or checks, and can\n exceed the PAGE_SIZE value. An unprivileged user can\n send a Netlink message that is associated with iSCSI,\n and has a length up to the maximum length of a Netlink\n message.(CVE-2021-27365)\n\n - An issue was discovered in the Linux kernel through\n 5.11.3. drivers/scsi/scsi_transport_iscsi.c is\n adversely affected by the ability of an unprivileged\n user to craft Netlink messages.(CVE-2021-27364)\n\n - Overlayfs did not properly perform permission checking\n when copying up files in an overlayfs and could be\n exploited from within a user namespace, if, for\n example, unprivileged user namespaces were allowed. It\n was possible to have a file not readable by an\n unprivileged user to be copied to a mountpoint\n controlled by the user, like a removable device. This\n was introduced in kernel version 4.19 by commit d1d04ef\n ('ovl: stack file ops'). This was fixed in kernel\n version 5.8 by commits 56230d9 ('ovl: verify\n permissions in ovl_path_open()'), 48bd024 ('ovl: switch\n to mounter creds in readdir') and 05acefb ('ovl: check\n permission to open real file'). Additionally, commits\n 130fdbc ('ovl: pass correct flags for opening real\n directory') and 292f902 ('ovl: call secutiry hook in\n ovl_real_ioctl()') in kernel 5.8 might also be desired\n or necessary. These additional commits introduced a\n regression in overlay mounts within user namespaces\n which prevented access to files with ownership outside\n of the user namespace. This regression was mitigated by\n subsequent commit b6650da ('ovl: do not fail because of\n O_NOATIMEi') in kernel 5.11.(CVE-2020-16120)\n\n - A flaw was found in the Linux kernel's implementation\n of string matching within a packet. A privileged user\n (with root or CAP_NET_ADMIN) when inserting iptables\n rules could insert a rule which can panic the\n system.(CVE-2021-20177)\n\n - fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8,\n when there is an NFS export of a subdirectory of a\n filesystem, allows remote attackers to traverse to\n other parts of the filesystem via READDIRPLUS. NOTE:\n some parties argue that such a subdirectory export is\n not intended to prevent this attack see also the\n exports(5) no_subtree_check default\n behavior.(CVE-2021-3178)\n\n - nbd_add_socket in drivers/block/nbd.c in the Linux\n kernel through 5.10.12 has an ndb_queue_rq\n use-after-free that could be triggered by local\n attackers (with access to the nbd device) via an I/O\n request at a certain point during device setup, aka\n CID-b98e762e3d71.(CVE-2021-3348)\n\n - An issue was discovered in the Linux kernel through\n 5.10.11. PI futexes have a kernel stack use-after-free\n during fault handling, allowing local users to execute\n code in the kernel, aka\n CID-34b1a1ce1458.(CVE-2021-3347)\n\n - A flaw was found in the Linux kernel. The marvell wifi\n driver could allow a local attacker to execute\n arbitrary code via a long SSID value in\n mwifiex_cmd_802_11_ad_hoc_start function. The highest\n threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability.(CVE-2020-36158)\n\n - A flaw was found in the Linux kernel's implementation\n of the Linux SCSI target host, where an authenticated\n attacker could write to any block on the exported SCSI\n device backing store. This flaw allows an authenticated\n attacker to send LIO block requests to the Linux system\n to overwrite data on the backing store. The highest\n threat from this vulnerability is to integrity. In\n addition, this flaw affects the tcmu-runner package,\n where the affected SCSI command is\n called.(CVE-2020-28374)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1715\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?204dd1c5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3347\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-28374\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.90-vhulk2103.1.0.h443.eulerosv2r9\",\n \"kernel-tools-4.19.90-vhulk2103.1.0.h443.eulerosv2r9\",\n \"kernel-tools-libs-4.19.90-vhulk2103.1.0.h443.eulerosv2r9\",\n \"python3-perf-4.19.90-vhulk2103.1.0.h443.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-13T15:01:24", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\n - CVE-2020-27815 A flaw was reported in the JFS filesystem code allowing a local attacker with the ability to set extended attributes to cause a denial of service.\n\n - CVE-2020-27825 Adam 'pi3' Zabrocki reported a use-after-free flaw in the ftrace ring buffer resizing logic due to a race condition, which could result in denial of service or information leak.\n\n - CVE-2020-27830 Shisong Qin reported a NULL pointer dereference flaw in the Speakup screen reader core driver.\n\n - CVE-2020-28374 David Disseldorp discovered that the LIO SCSI target implementation performed insufficient checking in certain XCOPY requests. An attacker with access to a LUN and knowledge of Unit Serial Number assignments can take advantage of this flaw to read and write to any LIO backstore, regardless of the SCSI transport settings.\n\n - CVE-2020-29568 (XSA-349) Michael Kurth and Pawel Wieczorkiewicz reported that frontends can trigger OOM in backends by updating a watched path.\n\n - CVE-2020-29569 (XSA-350) Olivier Benjamin and Pawel Wieczorkiewicz reported a use-after-free flaw which can be triggered by a block frontend in Linux blkback. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend.\n\n - CVE-2020-29660 Jann Horn reported a locking inconsistency issue in the tty subsystem which may allow a local attacker to mount a read-after-free attack against TIOCGSID.\n\n - CVE-2020-29661 Jann Horn reported a locking issue in the tty subsystem which can result in a use-after-free. A local attacker can take advantage of this flaw for memory corruption or privilege escalation.\n\n - CVE-2020-36158 A buffer overflow flaw was discovered in the mwifiex WiFi driver which could result in denial of service or the execution of arbitrary code via a long SSID value.\n\n - CVE-2021-3347 It was discovered that PI futexes have a kernel stack use-after-free during fault handling. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation.\n\n - CVE-2021-20177 A flaw was discovered in the Linux implementation of string matching within a packet. A privileged user (with root or CAP_NET_ADMIN) can take advantage of this flaw to cause a kernel panic when inserting iptables rules.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2021-02-02T00:00:00", "type": "nessus", "title": "Debian DSA-4843-1 : linux - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27815", "CVE-2020-27825", "CVE-2020-27830", "CVE-2020-28374", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158", "CVE-2021-20177", "CVE-2021-3347"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4843.NASL", "href": "https://www.tenable.com/plugins/nessus/146052", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4843. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(146052);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\"CVE-2020-27815\", \"CVE-2020-27825\", \"CVE-2020-27830\", \"CVE-2020-28374\", \"CVE-2020-29568\", \"CVE-2020-29569\", \"CVE-2020-29660\", \"CVE-2020-29661\", \"CVE-2020-36158\", \"CVE-2021-20177\", \"CVE-2021-3347\");\n script_xref(name:\"DSA\", value:\"4843\");\n\n script_name(english:\"Debian DSA-4843-1 : linux - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\n - CVE-2020-27815\n A flaw was reported in the JFS filesystem code allowing\n a local attacker with the ability to set extended\n attributes to cause a denial of service.\n\n - CVE-2020-27825\n Adam 'pi3' Zabrocki reported a use-after-free flaw in\n the ftrace ring buffer resizing logic due to a race\n condition, which could result in denial of service or\n information leak.\n\n - CVE-2020-27830\n Shisong Qin reported a NULL pointer dereference flaw in\n the Speakup screen reader core driver.\n\n - CVE-2020-28374\n David Disseldorp discovered that the LIO SCSI target\n implementation performed insufficient checking in\n certain XCOPY requests. An attacker with access to a LUN\n and knowledge of Unit Serial Number assignments can take\n advantage of this flaw to read and write to any LIO\n backstore, regardless of the SCSI transport settings.\n\n - CVE-2020-29568 (XSA-349)\n Michael Kurth and Pawel Wieczorkiewicz reported that\n frontends can trigger OOM in backends by updating a\n watched path.\n\n - CVE-2020-29569 (XSA-350)\n Olivier Benjamin and Pawel Wieczorkiewicz reported a\n use-after-free flaw which can be triggered by a block\n frontend in Linux blkback. A misbehaving guest can\n trigger a dom0 crash by continuously connecting /\n disconnecting a block frontend.\n\n - CVE-2020-29660\n Jann Horn reported a locking inconsistency issue in the\n tty subsystem which may allow a local attacker to mount\n a read-after-free attack against TIOCGSID.\n\n - CVE-2020-29661\n Jann Horn reported a locking issue in the tty subsystem\n which can result in a use-after-free. A local attacker\n can take advantage of this flaw for memory corruption or\n privilege escalation.\n\n - CVE-2020-36158\n A buffer overflow flaw was discovered in the mwifiex\n WiFi driver which could result in denial of service or\n the execution of arbitrary code via a long SSID value.\n\n - CVE-2021-3347\n It was discovered that PI futexes have a kernel stack\n use-after-free during fault handling. An unprivileged\n user could use this flaw to crash the kernel (resulting\n in denial of service) or for privilege escalation.\n\n - CVE-2021-20177\n A flaw was discovered in the Linux implementation of\n string matching within a packet. A privileged user (with\n root or CAP_NET_ADMIN) can take advantage of this flaw\n to cause a kernel panic when inserting iptables rules.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970736\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-27815\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-27825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-27830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-28374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-29568\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-29569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-29660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-29661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-36158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-3347\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-20177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2021/dsa-4843\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the linux packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 4.19.171-2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3347\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"affs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"affs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"affs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"affs-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ata-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ata-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ata-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ata-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ata-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"dasd-extra-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"dasd-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"efi-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fancontrol-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fb-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fb-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fb-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fb-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fb-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fb-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firewire-core-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firewire-core-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"hfs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"hfs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"hfs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"hfs-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"hyperv-daemons\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"hypervisor-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"i2c-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"i2c-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"i2c-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"i2c-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ipv6-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jffs2-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"leds-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"leds-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libbpf-dev\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libbpf4.19\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libcpupower-dev\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libcpupower1\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"liblockdep-dev\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"liblockdep4.19\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-compiler-gcc-8-arm\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-compiler-gcc-8-s390\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-compiler-gcc-8-x86\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-config-4.19\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-cpupower\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-doc-4.19\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-4kc-malta\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-5kc-malta\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-686\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-686-pae\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-amd64\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-arm64\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-armel\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-armhf\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-i386\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-mips\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-mips64el\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-mipsel\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-ppc64el\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-s390x\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-amd64\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-arm64\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-armmp\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-armmp-lpae\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-cloud-amd64\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-common\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-common-rt\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-loongson-3\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-marvell\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-octeon\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-powerpc64le\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-rpi\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-rt-686-pae\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-rt-amd64\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-rt-arm64\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-rt-armmp\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-s390x\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-4kc-malta\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-4kc-malta-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-5kc-malta\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-5kc-malta-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-686-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-686-pae-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-686-pae-unsigned\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-686-unsigned\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-amd64-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-amd64-unsigned\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-arm64-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-arm64-unsigned\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-armmp\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-armmp-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-armmp-lpae\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-armmp-lpae-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-cloud-amd64-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-cloud-amd64-unsigned\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-loongson-3\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-loongson-3-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-marvell\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-marvell-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-octeon\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-octeon-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-powerpc64le\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-powerpc64le-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rpi\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rpi-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-686-pae-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-686-pae-unsigned\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-amd64-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-amd64-unsigned\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-arm64-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-arm64-unsigned\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-armmp\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-armmp-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-s390x\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-s390x-dbg\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-amd64-signed-template\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-arm64-signed-template\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-i386-signed-template\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-kbuild-4.19\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-libc-dev\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-perf-4.19\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-source-4.19\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-support-4.19.0-5\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lockdep\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"minix-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"minix-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"minix-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"minix-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"minix-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-core-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-core-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-core-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mouse-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mouse-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mouse-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mouse-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-core-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-core-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-core-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-core-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-core-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-core-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nfs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-wireless-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-wireless-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-wireless-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-wireless-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-wireless-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-wireless-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"pata-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"pata-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"pata-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"pata-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"pata-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"rtc-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-nic-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-nic-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-nic-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-nic-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-nic-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-nic-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"serial-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sound-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sound-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sound-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sound-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"speakup-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"uinput-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"uinput-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"uinput-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usbip\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xfs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xfs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xfs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xfs-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xfs-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xfs-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-armmp-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-marvell-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-octeon-di\", reference:\"4.19.171-2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-s390x-di\", reference:\"4.19.171-2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:52:36", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3.\n For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.(CVE-2020-28374)\n\n - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.(CVE-2020-0427)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.(CVE-2020-36158)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.(CVE-2020-29661)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.(CVE-2020-29660)\n\n - An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.(CVE-2020-28941)\n\n - NULL-ptr deref in the spk_ttyio_receive_buf2() function in spk_ttyio.c.(CVE-2020-27830)\n\n - In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.(CVE-2020-0465)\n\n - A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation.(CVE-2020-27786)\n\n - In the nl80211_policy policy of nl80211.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.(CVE-2020-27068)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.(CVE-2020-29661)\n\n - Array index out of bounds access when setting extended attributes on journaling filesystems.(CVE-2020-27815)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-02-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : kernel (EulerOS-SA-2021-1148)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0427", "CVE-2020-0465", "CVE-2020-27068", "CVE-2020-27786", "CVE-2020-27815", "CVE-2020-27830", "CVE-2020-28374", "CVE-2020-28941", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bpftool", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-source", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1148.NASL", "href": "https://www.tenable.com/plugins/nessus/145726", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145726);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-0427\",\n \"CVE-2020-0465\",\n \"CVE-2020-27068\",\n \"CVE-2020-27786\",\n \"CVE-2020-27815\",\n \"CVE-2020-27830\",\n \"CVE-2020-28374\",\n \"CVE-2020-28941\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : kernel (EulerOS-SA-2021-1148)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - In drivers/target/target_core_xcopy.c in the Linux\n kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote\n attackers to read or write files via directory\n traversal in an XCOPY request, aka CID-2896c93811e3.\n For example, an attack can occur over a network if the\n attacker has access to one iSCSI LUN. The attacker\n gains control over file access because I/O operations\n are proxied via an attacker-selected\n backstore.(CVE-2020-28374)\n\n - In create_pinctrl of core.c, there is a possible out of\n bounds read due to a use after free. This could lead to\n local information disclosure with no additional\n execution privileges needed. User interaction is not\n needed for exploitation.(CVE-2020-0427)\n\n - mwifiex_cmd_802_11_ad_hoc_start in\n drivers/net/wireless/marvell/mwifiex/join.c in the\n Linux kernel through 5.10.4 might allow remote\n attackers to execute arbitrary code via a long SSID\n value, aka CID-5c455c5ab332.(CVE-2020-36158)\n\n - A locking issue was discovered in the tty subsystem of\n the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free\n attack against TIOCSPGRP, aka\n CID-54ffccbf053b.(CVE-2020-29661)\n\n - A locking inconsistency issue was discovered in the tty\n subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may\n allow a read-after-free attack against TIOCGSID, aka\n CID-c8bcd9c5be24.(CVE-2020-29660)\n\n - An issue was discovered in\n drivers/accessibility/speakup/spk_ttyio.c in the Linux\n kernel through 5.9.9. Local attackers on systems with\n the speakup driver could cause a local denial of\n service attack, aka CID-d41227544427. This occurs\n because of an invalid free when the line discipline is\n used more than once.(CVE-2020-28941)\n\n - NULL-ptr deref in the spk_ttyio_receive_buf2() function\n in spk_ttyio.c.(CVE-2020-27830)\n\n - In various methods of hid-multitouch.c, there is a\n possible out of bounds write due to a missing bounds\n check. This could lead to local escalation of privilege\n with no additional execution privileges needed. User\n interaction is not needed for\n exploitation.(CVE-2020-0465)\n\n - A flaw was found in the Linux kernels implementation of\n MIDI, where an attacker with a local account and the\n permissions to issue an ioctl commands to midi devices,\n could trigger a use-after-free. A write to this\n specific memory while freed and before use could cause\n the flow of execution to change and possibly allow for\n memory corruption or privilege\n escalation.(CVE-2020-27786)\n\n - In the nl80211_policy policy of nl80211.c, there is a\n possible out of bounds read due to a missing bounds\n check. This could lead to local information disclosure\n with System execution privileges needed. User\n interaction is not required for\n exploitation.(CVE-2020-27068)\n\n - A locking issue was discovered in the tty subsystem of\n the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free\n attack against TIOCSPGRP, aka\n CID-54ffccbf053b.(CVE-2020-29661)\n\n - Array index out of bounds access when setting extended\n attributes on journaling filesystems.(CVE-2020-27815)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1148\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?30ea9acb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-28374\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"bpftool-4.19.36-vhulk1907.1.0.h962.eulerosv2r8\",\n \"kernel-4.19.36-vhulk1907.1.0.h962.eulerosv2r8\",\n \"kernel-devel-4.19.36-vhulk1907.1.0.h962.eulerosv2r8\",\n \"kernel-headers-4.19.36-vhulk1907.1.0.h962.eulerosv2r8\",\n \"kernel-source-4.19.36-vhulk1907.1.0.h962.eulerosv2r8\",\n \"kernel-tools-4.19.36-vhulk1907.1.0.h962.eulerosv2r8\",\n \"kernel-tools-libs-4.19.36-vhulk1907.1.0.h962.eulerosv2r8\",\n \"perf-4.19.36-vhulk1907.1.0.h962.eulerosv2r8\",\n \"python-perf-4.19.36-vhulk1907.1.0.h962.eulerosv2r8\",\n \"python3-perf-4.19.36-vhulk1907.1.0.h962.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-13T14:59:45", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\nCVE-2020-27815\n\nA flaw was reported in the JFS filesystem code allowing a local attacker with the ability to set extended attributes to cause a denial of service.\n\nCVE-2020-27825\n\nAdam 'pi3' Zabrocki reported a use-after-free flaw in the ftrace ring buffer resizing logic due to a race condition, which could result in denial of service or information leak.\n\nCVE-2020-27830\n\nShisong Qin reported a NULL pointer dereference flaw in the Speakup screen reader core driver.\n\nCVE-2020-28374\n\nDavid Disseldorp discovered that the LIO SCSI target implementation performed insufficient checking in certain XCOPY requests. An attacker with access to a LUN and knowledge of Unit Serial Number assignments can take advantage of this flaw to read and write to any LIO backstore, regardless of the SCSI transport settings.\n\nCVE-2020-29568 (XSA-349)\n\nMichael Kurth and Pawel Wieczorkiewicz reported that frontends can trigger OOM in backends by updating a watched path.\n\nCVE-2020-29569 (XSA-350)\n\nOlivier Benjamin and Pawel Wieczorkiewicz reported a use-after-free flaw which can be triggered by a block frontend in Linux blkback. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend.\n\nCVE-2020-29660\n\nJann Horn reported a locking inconsistency issue in the tty subsystem which may allow a local attacker to mount a read-after-free attack against TIOCGSID.\n\nCVE-2020-29661\n\nJann Horn reported a locking issue in the tty subsystem which can result in a use-after-free. A local attacker can take advantage of this flaw for memory corruption or privilege escalation.\n\nCVE-2020-36158\n\nA buffer overflow flaw was discovered in the mwifiex WiFi driver which could result in denial of service or the execution of arbitrary code via a long SSID value.\n\nCVE-2021-3347\n\nIt was discovered that PI futexes have a kernel stack use-after-free during fault handling. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation.\n\nCVE-2021-20177\n\nA flaw was discovered in the Linux implementation of string matching within a packet. A privileged user (with root or CAP_NET_ADMIN) can take advantage of this flaw to cause a kernel panic when inserting iptables rules.\n\nFor Debian 9 stretch, these problems have been fixed in version 4.19.171-2~deb9u1.\n\nWe recommend that you upgrade your linux-4.19 packages.\n\nFor the detailed security status of linux-4.19 please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/linux-4.19\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2021-02-16T00:00:00", "type": "nessus", "title": "Debian DLA-2557-1 : linux-4.19 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27815", "CVE-2020-27825", "CVE-2020-27830", "CVE-2020-28374", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158", "CVE-2021-20177", "CVE-2021-3347"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-config-4.19", "p-cpe:/a:debian:debian_linux:linux-doc-4.19", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-cloud-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-marvell", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rpi", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.19", "p-cpe:/a:debian:debian_linux:linux-perf-4.19", "p-cpe:/a:debian:debian_linux:linux-source-4.19", "p-cpe:/a:debian:debian_linux:linux-support-4.19.0-0.bpo.10", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2557.NASL", "href": "https://www.tenable.com/plugins/nessus/146512", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2557-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(146512);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\"CVE-2020-27815\", \"CVE-2020-27825\", \"CVE-2020-27830\", \"CVE-2020-28374\", \"CVE-2020-29568\", \"CVE-2020-29569\", \"CVE-2020-29660\", \"CVE-2020-29661\", \"CVE-2020-36158\", \"CVE-2021-20177\", \"CVE-2021-3347\");\n\n script_name(english:\"Debian DLA-2557-1 : linux-4.19 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2020-27815\n\nA flaw was reported in the JFS filesystem code allowing a local\nattacker with the ability to set extended attributes to cause a denial\nof service.\n\nCVE-2020-27825\n\nAdam 'pi3' Zabrocki reported a use-after-free flaw in the ftrace ring\nbuffer resizing logic due to a race condition, which could result in\ndenial of service or information leak.\n\nCVE-2020-27830\n\nShisong Qin reported a NULL pointer dereference flaw in the Speakup\nscreen reader core driver.\n\nCVE-2020-28374\n\nDavid Disseldorp discovered that the LIO SCSI target implementation\nperformed insufficient checking in certain XCOPY requests. An attacker\nwith access to a LUN and knowledge of Unit Serial Number assignments\ncan take advantage of this flaw to read and write to any LIO\nbackstore, regardless of the SCSI transport settings.\n\nCVE-2020-29568 (XSA-349)\n\nMichael Kurth and Pawel Wieczorkiewicz reported that frontends can\ntrigger OOM in backends by updating a watched path.\n\nCVE-2020-29569 (XSA-350)\n\nOlivier Benjamin and Pawel Wieczorkiewicz reported a use-after-free\nflaw which can be triggered by a block frontend in Linux blkback. A\nmisbehaving guest can trigger a dom0 crash by continuously connecting\n/ disconnecting a block frontend.\n\nCVE-2020-29660\n\nJann Horn reported a locking inconsistency issue in the tty subsystem\nwhich may allow a local attacker to mount a read-after-free attack\nagainst TIOCGSID.\n\nCVE-2020-29661\n\nJann Horn reported a locking issue in the tty subsystem which can\nresult in a use-after-free. A local attacker can take advantage of\nthis flaw for memory corruption or privilege escalation.\n\nCVE-2020-36158\n\nA buffer overflow flaw was discovered in the mwifiex WiFi driver which\ncould result in denial of service or the execution of arbitrary code\nvia a long SSID value.\n\nCVE-2021-3347\n\nIt was discovered that PI futexes have a kernel stack use-after-free\nduring fault handling. An unprivileged user could use this flaw to\ncrash the kernel (resulting in denial of service) or for privilege\nescalation.\n\nCVE-2021-20177\n\nA flaw was discovered in the Linux implementation of string matching\nwithin a packet. A privileged user (with root or CAP_NET_ADMIN) can\ntake advantage of this flaw to cause a kernel panic when inserting\niptables rules.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.19.171-2~deb9u1.\n\nWe recommend that you upgrade your linux-4.19 packages.\n\nFor the detailed security status of linux-4.19 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/linux-4.19\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux-4.19\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux-4.19\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3347\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-config-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-cloud-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.19.0-0.bpo.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"linux-config-4.19\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.19\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-686\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-686-pae\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-amd64\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-arm64\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-armel\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-armhf\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-i386\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-amd64\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-arm64\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-armmp\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-armmp-lpae\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-cloud-amd64\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-common\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-common-rt\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-marvell\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rpi\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-686-pae\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-amd64\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-arm64\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-armmp\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-pae\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-pae-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-amd64\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-amd64-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-arm64\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-arm64-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-lpae\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-cloud-amd64\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-marvell\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-marvell-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rpi\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rpi-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-686-pae\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-amd64\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-amd64-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-arm64\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-arm64-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-armmp\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-armmp-dbg\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.19\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.19\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.19\", reference:\"4.19.171-2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.19.0-0.bpo.10\", reference:\"4.19.171-2~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:52:36", "description": "The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2020-29373: Fixed an unsafe handling of the root directory during path lookups in fs/io_uring.c (bnc#1179434).\n\nCVE-2020-11668: Fixed the mishandling of invalid descriptors in the Xirlink camera USB driver (bnc#1168952).\n\nCVE-2020-27830: Fixed a NULL pointer dereference in speakup (bsc#1179656).\n\nCVE-2020-29370: Fixed a race condition in kmem_cache_alloc_bulk (bnc#1179435).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-01-14T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0108-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0444", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-11668", "CVE-2020-27068", "CVE-2020-27777", "CVE-2020-27825", "CVE-2020-27830", "CVE-2020-29370", "CVE-2020-29373", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt", "p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt-devel", "p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-0108-1.NASL", "href": "https://www.tenable.com/plugins/nessus/144959", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0108-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144959);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2020-0444\",\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-11668\",\n \"CVE-2020-27068\",\n \"CVE-2020-27777\",\n \"CVE-2020-27825\",\n \"CVE-2020-27830\",\n \"CVE-2020-29370\",\n \"CVE-2020-29373\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\"\n );\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0108-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell\nmwifiex driver (bsc#1180559).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls\n(bsc#1179960).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in\ndo_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds\ncheck in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in\naudit_data_to_entry (bnc#1180027).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in\nhid-multitouch.c that could have led to local privilege escalation\n(bnc#1180029).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that\nallowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem\nthat may have allowed a read-after-free attack against TIOCGSID\n(bnc#1179745).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time\nAbstraction Services (RTAS) interface, affecting guests running on top\nof PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2020-29373: Fixed an unsafe handling of the root directory during\npath lookups in fs/io_uring.c (bnc#1179434).\n\nCVE-2020-11668: Fixed the mishandling of invalid descriptors in the\nXirlink camera USB driver (bnc#1168952).\n\nCVE-2020-27830: Fixed a NULL pointer dereference in speakup\n(bsc#1179656).\n\nCVE-2020-29370: Fixed a race condition in kmem_cache_alloc_bulk\n(bnc#1179435).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1165933\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168952\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171000\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172733\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174486\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175480\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176396\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177326\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177500\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177733\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178049\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178270\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179435\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179670\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179675\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179676\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179678\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179680\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179681\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179682\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179684\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179687\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179689\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179690\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179703\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179704\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179707\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179710\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179712\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179714\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179763\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179892\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180258\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180261\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180566\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0444/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0465/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0466/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-11668/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27068/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27825/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27830/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29370/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29373/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29661/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36158/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210108-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7e05a131\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Realtime 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-RT-15-SP2-2021-108=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-29661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-debuginfo-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-debuginfo-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-debuginfo-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-debugsource-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-devel-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-devel-debuginfo-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debuginfo-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debugsource-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-debuginfo-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-syms-rt-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-5.3.18-22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-debuginfo-5.3.18-22.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:51:38", "description": "The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c (bsc#1179663).\n\nCVE-2020-27786: Fixed a use after free in kernel midi subsystem snd_rawmidi_kernel_read1() (bsc#1179601).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-01-15T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:0118-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20669", "CVE-2019-20934", "CVE-2020-0444", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-27068", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-27825", "CVE-2020-28374", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158", "CVE-2020-4788"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-0118-1.NASL", "href": "https://www.tenable.com/plugins/nessus/145018", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0118-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145018);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2018-20669\",\n \"CVE-2019-20934\",\n \"CVE-2020-0444\",\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-4788\",\n \"CVE-2020-27068\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-27825\",\n \"CVE-2020-28374\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\"\n );\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:0118-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell\nmwifiex driver (bsc#1180559).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls\n(bsc#1179960).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in\ndo_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds\ncheck in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in\nhid-multitouch.c that could have led to local privilege escalation\n(bnc#1180029).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in\naudit_data_to_entry (bnc#1180027).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem\nthat may have allowed a read-after-free attack against TIOCGSID\n(bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that\nallowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time\nAbstraction Services (RTAS) interface, affecting guests running on top\nof PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because\nNUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c\n(bsc#1179663).\n\nCVE-2020-27786: Fixed a use after free in kernel midi subsystem\nsnd_rawmidi_kernel_read1() (bsc#1179601).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064802\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109837\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139944\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144912\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178270\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179142\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179520\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179670\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179714\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179723\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179724\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180258\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20669/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-20934/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0444/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0465/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0466/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27068/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27786/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27825/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28374/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29661/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36158/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-4788/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210118-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3fabc347\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-WE-15-SP1-2021-118=1\n\nSUSE Linux Enterprise Module for Live Patching 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-118=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2021-118=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2021-118=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2021-118=1\n\nSUSE Linux Enterprise High Availability 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-118=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-28374\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-debuginfo-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debuginfo-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debugsource-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-debuginfo-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-debugsource-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-syms-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-debuginfo-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-base-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-base-debuginfo-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-debuginfo-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-debugsource-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-devel-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-devel-debuginfo-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-obs-build-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-obs-build-debugsource-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-syms-4.12.14-197.78.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:52:41", "description": "The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-28374: Fixed a LIO security issue (bsc#1178372).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c (bsc#1179663).\n\nCVE-2020-27786: Fixed a use after free in kernel midi subsystem snd_rawmidi_kernel_read1() (bsc#1179601).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666).\n\nCVE-2018-20669: Fixed an improper check i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c (bsc#1122971).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-01-20T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0133-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20669", "CVE-2019-20934", "CVE-2020-0444", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-27068", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-27825", "CVE-2020-28374", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158", "CVE-2020-4788"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-0133-1.NASL", "href": "https://www.tenable.com/plugins/nessus/145120", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0133-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145120);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2018-20669\",\n \"CVE-2019-20934\",\n \"CVE-2020-0444\",\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-4788\",\n \"CVE-2020-27068\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-27825\",\n \"CVE-2020-28374\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0133-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-28374: Fixed a LIO security issue (bsc#1178372).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell\nmwifiex driver (bsc#1180559).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls\n(bsc#1179960).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in\ndo_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds\ncheck in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in\nhid-multitouch.c that could have led to local privilege escalation\n(bnc#1180029).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in\naudit_data_to_entry (bnc#1180027).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem\nthat may have allowed a read-after-free attack against TIOCGSID\n(bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that\nallowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time\nAbstraction Services (RTAS) interface, affecting guests running on top\nof PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because\nNUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c\n(bsc#1179663).\n\nCVE-2020-27786: Fixed a use after free in kernel midi subsystem\nsnd_rawmidi_kernel_read1() (bsc#1179601).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have\nallowed a local user to obtain sensitive information from the data in\nthe L1 cache under extenuating circumstances (bsc#1177666).\n\nCVE-2018-20669: Fixed an improper check i915_gem_execbuffer2_ioctl in\ndrivers/gpu/drm/i915/i915_gem_execbuffer.c (bsc#1122971).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064802\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109837\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139944\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144912\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178270\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179142\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179403\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179406\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179421\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179520\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179670\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179714\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179723\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179724\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180258\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20669/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-20934/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0444/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0465/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0466/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27068/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27786/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27825/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28374/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29661/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36158/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-4788/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210133-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9b2ee691\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP5 :\n\nzypper in -t patch SUSE-SLE-WE-12-SP5-2021-133=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2021-133=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-133=1\n\nSUSE Linux Enterprise Live Patching 12-SP5 :\n\nzypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-133=1\n\nSUSE Linux Enterprise High Availability 12-SP5 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP5-2021-133=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-28374\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-122.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-122.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-4.12.14-122.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-base-4.12.14-122.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-base-debuginfo-4.12.14-122.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-debuginfo-4.12.14-122.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-debugsource-4.12.14-122.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-devel-4.12.14-122.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-syms-4.12.14-122.57.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:59:45", "description": "The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4912-1 advisory.\n\n - In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-161151868References: N/A (CVE-2020-0423)\n\n - In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-162844689References: Upstream kernel (CVE-2020-0465)\n\n - In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-147802478References: Upstream kernel (CVE-2020-0466)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14351)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of- bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2020-14390)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. (CVE-2020-25285)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - ** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior. (CVE-2021-3178)\n\n - A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3411)\n\n - There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation. (CVE-2021-20194)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-04-14T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-4912-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0423", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-14351", "CVE-2020-14390", "CVE-2020-25285", "CVE-2020-25645", "CVE-2020-25669", "CVE-2020-27830", "CVE-2020-36158", "CVE-2021-20194", "CVE-2021-29154", "CVE-2021-3178", "CVE-2021-3411"], "modified": "2021-04-15T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.6.0-1053-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04"], "id": "UBUNTU_USN-4912-1.NASL", "href": "https://www.tenable.com/plugins/nessus/148494", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4912-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148494);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/15\");\n\n script_cve_id(\n \"CVE-2020-0423\",\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-14351\",\n \"CVE-2020-14390\",\n \"CVE-2020-25285\",\n \"CVE-2020-25645\",\n \"CVE-2020-25669\",\n \"CVE-2020-27830\",\n \"CVE-2020-36158\",\n \"CVE-2021-3178\",\n \"CVE-2021-3411\",\n \"CVE-2021-20194\",\n \"CVE-2021-29154\"\n );\n script_xref(name:\"USN\", value:\"4912-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-4912-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-4912-1 advisory.\n\n - In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could\n lead to local escalation of privilege in the kernel with no additional execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-161151868References: N/A (CVE-2020-0423)\n\n - In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds\n check. This could lead to local escalation of privilege with no additional execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-162844689References: Upstream kernel (CVE-2020-0465)\n\n - In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic\n error. This could lead to local escalation of privilege with no additional execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-147802478References: Upstream kernel (CVE-2020-0466)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem\n allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2020-14351)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of-\n bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of\n the flaw, privilege escalation cannot be fully ruled out. (CVE-2020-14390)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be\n used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified\n other impact, aka CID-17743798d812. (CVE-2020-25285)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may\n be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE\n tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from\n this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - ** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a\n subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via\n READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this\n attack; see also the exports(5) no_subtree_check default behavior. (CVE-2021-3178)\n\n - A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found\n while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to\n data confidentiality and integrity as well as system availability. (CVE-2021-3411)\n\n - There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config\n params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y ,\n CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution,\n the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap\n overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly\n privileges escalation. (CVE-2021-20194)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements,\n allowing them to execute arbitrary code within the kernel context. This affects\n arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4912-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected linux-image-5.6.0-1053-oem and / or linux-image-oem-20.04 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-29154\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.6.0-1053-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021 Canonical, Inc. / NASL script (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-0423', 'CVE-2020-0465', 'CVE-2020-0466', 'CVE-2020-14351', 'CVE-2020-14390', 'CVE-2020-25285', 'CVE-2020-25645', 'CVE-2020-25669', 'CVE-2020-27830', 'CVE-2020-36158', 'CVE-2021-3178', 'CVE-2021-3411', 'CVE-2021-20194', 'CVE-2021-29154');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4912-1');\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'osver': '20.04', 'pkgname': 'linux-image-5.6.0-1053-oem', 'pkgver': '5.6.0-1053.57'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem-20.04', 'pkgver': '5.6.0.1053.49'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-image-5.6.0-1053-oem / linux-image-oem-20.04');\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:53:08", "description": "The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2020-29373: Fixed an unsafe handling of the root directory during path lookups in fs/io_uring.c (bnc#1179434).\n\nCVE-2020-11668: Fixed the mishandling of invalid descriptors in the Xirlink camera USB driver (bnc#1168952).\n\nCVE-2020-27830: Fixed a NULL pointer dereference in speakup (bsc#1179656).\n\nCVE-2020-29370: Fixed a race condition in kmem_cache_alloc_bulk (bnc#1179435).\n\nCVE-2020-27786: Fixed a use after free in kernel midi subsystem snd_rawmidi_kernel_read1() (bsc#1179601).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-01-15T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:0117-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0444", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-11668", "CVE-2020-27068", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-27825", "CVE-2020-27830", "CVE-2020-28374", "CVE-2020-29370", "CVE-2020-29373", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-preempt", "p-cpe:/a:novell:suse_linux:kernel-preempt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-preempt-debugsource", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-0117-1.NASL", "href": "https://www.tenable.com/plugins/nessus/145025", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0117-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145025);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2020-0444\",\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-11668\",\n \"CVE-2020-27068\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-27825\",\n \"CVE-2020-27830\",\n \"CVE-2020-28374\",\n \"CVE-2020-29370\",\n \"CVE-2020-29373\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\"\n );\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:0117-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell\nmwifiex driver (bsc#1180559).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls\n(bsc#1179960).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in\ndo_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds\ncheck in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in\naudit_data_to_entry (bnc#1180027).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in\nhid-multitouch.c that could have led to local privilege escalation\n(bnc#1180029).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that\nallowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem\nthat may have allowed a read-after-free attack against TIOCGSID\n(bnc#1179745).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time\nAbstraction Services (RTAS) interface, affecting guests running on top\nof PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2020-29373: Fixed an unsafe handling of the root directory during\npath lookups in fs/io_uring.c (bnc#1179434).\n\nCVE-2020-11668: Fixed the mishandling of invalid descriptors in the\nXirlink camera USB driver (bnc#1168952).\n\nCVE-2020-27830: Fixed a NULL pointer dereference in speakup\n(bsc#1179656).\n\nCVE-2020-29370: Fixed a race condition in kmem_cache_alloc_bulk\n(bnc#1179435).\n\nCVE-2020-27786: Fixed a use after free in kernel midi subsystem\nsnd_rawmidi_kernel_read1() (bsc#1179601).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139944\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1161099\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1165933\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168952\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171000\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172733\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174486\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175480\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176396\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177326\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177500\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177733\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178049\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178270\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178756\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179435\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179670\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179675\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179676\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179678\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179680\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179681\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179682\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179684\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179687\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179689\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179690\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179703\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179704\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179707\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179710\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179712\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179714\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179763\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179892\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180258\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180261\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180566\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0444/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0465/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0466/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-11668/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27068/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27786/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27825/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27830/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28374/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29370/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29373/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29661/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36158/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210117-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?57d64693\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-117=1\n\nSUSE Linux Enterprise Module for Live Patching 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-117=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2021-117=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-117=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-117=1\n\nSUSE Linux Enterprise High Availability 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-117=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-28374\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debuginfo-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debugsource-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-debuginfo-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-base-5.3.18-24.46.1.9.19.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-debuginfo-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-debugsource-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-devel-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-devel-debuginfo-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-obs-build-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-obs-build-debugsource-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-syms-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"reiserfs-kmp-default-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"reiserfs-kmp-default-debuginfo-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debuginfo-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debugsource-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-debuginfo-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-base-5.3.18-24.46.1.9.19.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-debuginfo-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-debugsource-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-devel-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-devel-debuginfo-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-obs-build-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-obs-build-debugsource-5.3.18-24.46.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-syms-5.3.18-24.46.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:53:07", "description": "The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-29568: An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable (bnc#1179508).\n\n - CVE-2020-29569: The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback (bnc#1179509).\n\n - CVE-2020-25639: Bail out of nouveau_channel_new if channel init fails (bsc#1176846).\n\n - CVE-2020-28374: In drivers/target/target_core_xcopy.c insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN.\n The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore (bnc#1178372 1180676).\n\n - CVE-2020-36158: mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332 (bnc#1180559).\n\n - CVE-2020-27825: A use-after-free flaw was found in kernel/trace/ring_buffer.c. There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat (bnc#1179960).\n\n - CVE-2020-0466: In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1180031).\n\n - CVE-2020-27068: In the nl80211_policy policy of nl80211.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation (bnc#1180086).\n\n - CVE-2020-0465: In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1180029).\n\n - CVE-2020-0444: In audit_free_lsm_field of auditfilter.c, there is a possible bad kfree due to a logic error in audit_data_to_entry. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1180027).\n\n - CVE-2020-29660: A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may have allowed a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24 (bnc#1179745).\n\n - CVE-2020-29661: A locking issue was discovered in the tty subsystem of the Linux kernel drivers/tty/tty_jobctrl.c allowed a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b (bnc#1179745).\n\n - CVE-2020-27777: A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel (bnc#1179107).\n\n - CVE-2020-11668: In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandled invalid descriptors, aka CID-a246b4d54770 (bnc#1168952).\n\n - CVE-2019-20934: An issue was discovered in the Linux kernel On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c (bnc#1179663).\n\n - CVE-2020-27786: A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation (bnc#1179601).\n\n - CVE-2020-4788: IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296 (bnc#1177666).\n\nThe following non-security bugs were fixed :\n\n - ACPI: PNP: compare the string length in the matching_id() (git-fixes).\n\n - ACPICA: Disassembler: create buffer fields in ACPI_PARSE_LOAD_PASS1 (git-fixes).\n\n - ACPICA: Do not increment operation_region reference counts for field units (git-fixes).\n\n - ALSA: ca0106: fix error code handling (git-fixes).\n\n - ALSA: ctl: allow TLV read operation for callback type of element in locked case (git-fixes).\n\n - ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO (git-fixes).\n\n - ALSA: hda/ca0132 - Change Input Source enum strings (git-fixes).\n\n - ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg (git-fixes).\n\n - ALSA: hda/generic: Add option to enforce preferred_dacs pairs (git-fixes).\n\n - ALSA: hda/hdmi: always check pin power status in i915 pin fixup (git-fixes).\n\n - ALSA: hda/realtek - Add new codec supported for ALC897 (git-fixes).\n\n - ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged (git-fixes).\n\n - ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255 (git-fixes).\n\n - ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model (git-fixes).\n\n - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (git-fixes).\n\n - ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation P520 (git-fixes).\n\n - ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294 (git-fixes).\n\n - ALSA: hda/via: Fix runtime PM for Clevo W35xSS (git-fixes).\n\n - ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table (git-fixes).\n\n - ALSA: hda: Fix potential race in unsol event handler (git-fixes).\n\n - ALSA: hda: Fix regressions on clear and reconfig sysfs (git-fixes).\n\n - ALSA: info: Drop WARN_ON() from buffer NULL sanity check (git-fixes).\n\n - ALSA: isa/wavefront: prevent out of bounds write in ioctl (git-fixes).\n\n - ALSA: line6: Perform sanity check for each URB creation (git-fixes).\n\n - ALSA: pcm: Clear the full allocated memory at hw_params (git-fixes).\n\n - ALSA: pcm: oss: Fix a few more UBSAN fixes (git-fixes).\n\n - ALSA: pcm: oss: Fix potential out-of-bounds shift (git-fixes).\n\n - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check (git-fixes).\n\n - ALSA: timer: Limit max amount of slave instances (git-fixes).\n\n - ALSA: usb-audio: Add delay quirk for H570e USB headsets (git-fixes).\n\n - ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes).\n\n - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Alpha S (git-fixes).\n\n - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S (git-fixes).\n\n - ALSA: usb-audio: Disable sample read check if firmware does not give back (git-fixes).\n\n - ALSA: usb-audio: Fix OOB access of mixer element list (git-fixes).\n\n - ALSA: usb-audio: Fix control 'access overflow' errors from chmap (git-fixes).\n\n - ALSA: usb-audio: Fix potential out-of-bounds shift (git-fixes).\n\n - ALSA: usb-audio: Fix race against the error recovery URB submission (git-fixes).\n\n - ALSA: usb-audio: US16x08: fix value count for level meters (git-fixes).\n\n - ALSA: usb-audio: add quirk for Denon DCD-1500RE (git-fixes).\n\n - ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG) (git-fixes).\n\n - ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices (git-fixes).\n\n - ASoC: arizona: Fix a wrong free in wm8997_probe (git-fixes).\n\n - ASoC: cx2072x: Fix doubly definitions of Playback and Capture streams (git-fixes).\n\n - ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed (git-fixes).\n\n - ASoC: jz4740-i2s: add missed checks for clk_get() (git-fixes).\n\n - ASoC: pcm3168a: The codec does not support S32_LE (git-fixes).\n\n - ASoC: pcm: DRAIN support reactivation (git-fixes).\n\n - ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile (git-fixes).\n\n - ASoC: sti: fix possible sleep-in-atomic (git-fixes).\n\n - ASoC: wm8904: fix regcache handling (git-fixes).\n\n - ASoC: wm8998: Fix PM disable depth imbalance on error (git-fixes).\n\n - ASoC: wm_adsp: Do not generate kcontrols without READ flags (git-fixes).\n\n - ASoC: wm_adsp: remove 'ctl' from list on error in wm_adsp_create_control() (git-fixes).\n\n - Avoid a GCC warning about '/*' within a comment.\n\n - Bluetooth: Fix advertising duplicated flags (git-fixes).\n\n - Bluetooth: Fix NULL pointer dereference in hci_event_packet() (git-fixes).\n\n - Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt() (git-fixes).\n\n - Bluetooth: add a mutex lock to avoid UAF in do_enale_set (git-fixes).\n\n - Bluetooth: btusb: Fix detection of some fake CSR controllers with a bcdDevice val of 0x0134 (git-fixes).\n\n - Drop a backported uvcvideo patch that caused a regression (bsc#1180117) Also blacklisting the commit\n\n - EDAC/amd64: Fix PCI component registration (bsc#1112178).\n\n - HID: Add another Primax PIXART OEM mouse quirk (git-fixes).\n\n - HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052).\n\n - HID: Improve Windows Precision Touchpad detection (git-fixes).\n\n - HID: apple: Disable Fn-key key-re-mapping on clone keyboards (git-fixes).\n\n - HID: core: Correctly handle ReportSize being zero (git-fixes).\n\n - HID: core: check whether Usage Page item is after Usage ID items (git-fixes).\n\n - HID: cypress: Support Varmilo Keyboards' media hotkeys (git-fixes).\n\n - HID: hid-sensor-hub: Fix issue with devices with no report ID (git-fixes).\n\n - HID: intel-ish-hid: fix wrong error handling in ishtp_cl_alloc_tx_ring() (git-fixes).\n\n - HID: logitech-hidpp: Silence intermittent get_battery_capacity errors (git-fixes).\n\n - HSI: omap_ssi: Do not jump to free ID in ssi_add_controller() (git-fixes).\n\n - Input: ads7846 - fix integer overflow on Rt calculation (git-fixes).\n\n - Input: ads7846 - fix race that causes missing releases (git-fixes).\n\n - Input: ads7846 - fix unaligned access on 7845 (git-fixes).\n\n - Input: atmel_mxt_ts - disable IRQ across suspend (git-fixes).\n\n - Input: cm109 - do not stomp on control URB (git-fixes).\n\n - Input: cros_ec_keyb - send 'scancodes' in addition to key events (git-fixes).\n\n - Input: cyapa_gen6 - fix out-of-bounds stack access (git-fixes).\n\n - Input: goodix - add upside-down quirk for Teclast X98 Pro tablet (git-fixes).\n\n - Input: i8042 - add Acer laptops to the i8042 reset list (git-fixes).\n\n - Input: i8042 - add ByteSpeed touchpad to noloop table (git-fixes).\n\n - Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists (git-fixes).\n\n - Input: i8042 - allow insmod to succeed on devices without an i8042 controller (git-fixes).\n\n - Input: i8042 - fix error return code in i8042_setup_aux() (git-fixes).\n\n - Input: omap4-keypad - fix runtime PM error handling (git-fixes).\n\n - Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen (git-fixes).\n\n - Input: trackpoint - add new trackpoint variant IDs (git-fixes).\n\n - Input: trackpoint - enable Synaptics trackpoints (git-fixes).\n\n - Input: xpad - support Ardwiino Controllers (git-fixes).\n\n - KVM: x86: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits (bsc#1112178).\n\n - NFC: st95hf: Fix memleak in st95hf_in_send_cmd (git-fixes).\n\n - NFS: fix nfs_path in case of a rename retry (git-fixes).\n\n - NFSD: Add missing NFSv2 .pc_func methods (git-fixes).\n\n - NFSv4.2: fix client's attribute cache management for copy_file_range (git-fixes).\n\n - NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag (git-fixes).\n\n - PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges (git-fixes).\n\n - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge (git-fixes).\n\n - PCI: Do not disable decoding when mmio_always_on is set (git-fixes).\n\n - PCI: Fix pci_slot_release() NULL pointer dereference (git-fixes).\n\n - PM / hibernate: memory_bm_find_bit(): Tighten node optimisation (git-fixes).\n\n - PM: ACPI: Output correct message on target power state (git-fixes).\n\n - PM: hibernate: Freeze kernel threads in software_resume() (git-fixes).\n\n - PM: hibernate: remove the bogus call to get_gendisk() in software_resume() (git-fixes).\n\n - Revert 'ACPI / resources: Use AE_CTRL_TERMINATE to terminate resources walks' (git-fixes).\n\n - Revert 'ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO' (git-fixes).\n\n - Revert 'PM / devfreq: Modify the device name as devfreq(X) for sysfs' (git-fixes).\n\n - Revert 'device property: Keep secondary firmware node secondary by type' (git-fixes).\n\n - Revert 'platform/x86: wmi: Destroy on cleanup rather than unregister' (git-fixes).\n\n - Revert 'powerpc/pseries/hotplug-cpu: Remove double free in error path' (bsc#1065729).\n\n - Revert 'serial: amba-pl011: Make sure we initialize the port.lock spinlock' (git-fixes).\n\n - SMB3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558).\n\n - SMB3: Honor 'posix' flag for multiuser mounts (bsc#1176559).\n\n - SMB3: Honor lease disabling for multiuser mounts (git-fixes).\n\n - SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment() (git-fixes).\n\n - SUNRPC: The RDMA back channel mustn't disappear while requests are outstanding (git-fixes).\n\n - USB: Fix: Do not skip endpoint descriptors with maxpacket=0 (git-fixes).\n\n - USB: Skip endpoints with 0 maxpacket length (git-fixes).\n\n - USB: UAS: introduce a quirk to set no_write_same (git-fixes).\n\n - USB: add RESET_RESUME quirk for Snapscan 1212 (git-fixes).\n\n - USB: dummy-hcd: Fix uninitialized array use in init() (git-fixes).\n\n - USB: gadget: f_acm: add support for SuperSpeed Plus (git-fixes).\n\n - USB: gadget: f_midi: setup SuperSpeed Plus descriptors (git-fixes).\n\n - USB: gadget: f_rndis: fix bitrate for SuperSpeed and above (git-fixes).\n\n - USB: gadget: legacy: fix return error code in acm_ms_bind() (git-fixes).\n\n - USB: ldusb: use unsigned size format specifiers (git-fixes).\n\n - USB: serial: ch341: add new Product ID for CH341A (git-fixes).\n\n - USB: serial: ch341: sort device-id entries (git-fixes).\n\n - USB: serial: digi_acceleport: clean up modem-control handling (git-fixes).\n\n - USB: serial: digi_acceleport: clean up set_termios (git-fixes).\n\n - USB: serial: digi_acceleport: fix write-wakeup deadlocks (git-fixes).\n\n - USB: serial: digi_acceleport: remove in_interrupt() usage.\n\n - USB: serial: digi_acceleport: remove redundant assignment to pointer priv (git-fixes).\n\n - USB: serial: digi_acceleport: rename tty flag variable (git-fixes).\n\n - USB: serial: digi_acceleport: use irqsave() in USB's complete callback (git-fixes).\n\n - USB: serial: iuu_phoenix: fix DMA from stack (git-fixes).\n\n - USB: serial: keyspan_pda: fix dropped unthrottle interrupts (git-fixes).\n\n - USB: serial: keyspan_pda: fix stalled writes (git-fixes).\n\n - USB: serial: keyspan_pda: fix tx-unthrottle use-after-free (git-fixes).\n\n - USB: serial: keyspan_pda: fix write deadlock (git-fixes).\n\n - USB: serial: keyspan_pda: fix write unthrottling (git-fixes).\n\n - USB: serial: keyspan_pda: fix write-wakeup use-after-free (git-fixes).\n\n - USB: serial: kl5kusb105: fix memleak on open (git-fixes).\n\n - USB: serial: mos7720: fix parallel-port state restore (git-fixes).\n\n - USB: serial: option: add Fibocom NL668 variants (git-fixes).\n\n - USB: serial: option: add interface-number sanity check to flag handling (git-fixes).\n\n - USB: serial: option: add support for Thales Cinterion EXS82 (git-fixes).\n\n - USB: serial: option: fix Quectel BG96 matching (git-fixes).\n\n - USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set (git-fixes).\n\n - USB: yurex: fix control-URB timeout handling (git-fixes).\n\n - ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function (git-fixes).\n\n - ath10k: Fix an error handling path (git-fixes).\n\n - ath10k: Release some resources in an error handling path (git-fixes).\n\n - ath10k: Remove msdu from idr when management pkt send fails (git-fixes).\n\n - ath10k: fix backtrace on coredump (git-fixes).\n\n - ath10k: fix get invalid tx rate for Mesh metric (git-fixes).\n\n - ath10k: fix offchannel tx failure when no ath10k_mac_tx_frm_has_freq (git-fixes).\n\n - ath6kl: fix enum-conversion warning (git-fixes).\n\n - ath9k_htc: Discard undersized packets (git-fixes).\n\n - ath9k_htc: Modify byte order for an error message (git-fixes).\n\n - ath9k_htc: Silence undersized packet warnings (git-fixes).\n\n - ath9k_htc: Use appropriate rs_datalen type (git-fixes).\n\n - backlight: lp855x: Ensure regulators are disabled on probe failure (git-fixes).\n\n - btmrvl: Fix firmware filename for sd8997 chipset (bsc#1172694).\n\n - btrfs: fix use-after-free on readahead extent after failure to create it (bsc#1179963).\n\n - btrfs: qgroup: do not commit transaction when we already hold the handle (bsc#1178634).\n\n - btrfs: qgroup: do not try to wait flushing if we're already holding a transaction (bsc#1179575).\n\n - btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1174784).\n\n - bus: fsl-mc: fix error return code in fsl_mc_object_allocate() (git-fixes).\n\n - can: mcp251x: add error check when wq alloc failed (git-fixes).\n\n - can: softing: softing_netdev_open(): fix error handling (git-fixes).\n\n - cfg80211: initialize rekey_data (git-fixes).\n\n - cfg80211: regulatory: Fix inconsistent format argument (git-fixes).\n\n - cifs: add NULL check for ses->tcon_ipc (bsc#1178270).\n\n - cifs: allow syscalls to be restarted in\n __smb_send_rqst() (bsc#1176956).\n\n - cifs: fix check of tcon dfs in smb1 (bsc#1178270).\n\n - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944).\n\n - cirrus: cs89x0: remove set but not used variable 'lp' (git-fixes).\n\n - cirrus: cs89x0: use devm_platform_ioremap_resource() to simplify code (git-fixes).\n\n - clk: at91: usb: continue if clk_hw_round_rate() return zero (git-fixes).\n\n - clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 (git-fixes).\n\n - clk: qcom: Allow constant ratio freq tables for rcg (git-fixes).\n\n - clk: qcom: msm8916: Fix the address location of pll->config_reg (git-fixes).\n\n - clk: s2mps11: Fix a resource leak in error handling paths in the probe function (git-fixes).\n\n - clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1 (git-fixes).\n\n - clk: sunxi-ng: Make sure divider tables have sentinel (git-fixes).\n\n - clk: tegra: Fix Tegra PMC clock out parents (git-fixes).\n\n - clk: tegra: Fix duplicated SE clock entry (git-fixes).\n\n - clk: ti: Fix memleak in ti_fapll_synth_setup (git-fixes).\n\n - clk: ti: composite: fix memory leak (git-fixes).\n\n - clk: ti: dra7-atl-clock: Remove ti_clk_add_alias call (git-fixes).\n\n - clocksource/drivers/asm9260: Add a check for of_clk_get (git-fixes).\n\n - coredump: fix core_pattern parse error (git-fixes).\n\n - cpufreq: highbank: Add missing MODULE_DEVICE_TABLE (git-fixes).\n\n - cpufreq: loongson1: Add missing MODULE_ALIAS (git-fixes).\n\n - cpufreq: scpi: Add missing MODULE_ALIAS (git-fixes).\n\n - cpufreq: st: Add missing MODULE_DEVICE_TABLE (git-fixes).\n\n - crypto: af_alg - avoid undefined behavior accessing salg_name (git-fixes).\n\n - crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe (git-fixes).\n\n - crypto: qat - fix status check in qat_hal_put_rel_rd_xfer() (git-fixes).\n\n - crypto: talitos - Fix return type of current_desc_hdr() (git-fixes).\n\n - cw1200: fix missing destroy_workqueue() on error in cw1200_init_common (git-fixes).\n\n - dmaengine: xilinx_dma: check dma_async_device_register return value (git-fixes).\n\n - dmaengine: xilinx_dma: fix mixed_enum_type coverity warning (git-fixes).\n\n - docs: Fix reST markup when linking to sections (git-fixes).\n\n - drivers: base: Fix NULL pointer exception in\n __platform_driver_probe() if a driver developer is foolish (git-fixes).\n\n - drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe (git-fixes).\n\n - drm/amd/display: remove useless if/else (git-fixes).\n\n - drm/amdgpu: fix build_coefficients() argument (git-fixes).\n\n - drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor() (git-fixes).\n\n - drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[] (bsc#1129770)\n\n - drm/gma500: fix double free of gma_connector (git-fixes).\n\n - drm/meson: dw-hdmi: Register a callback to disable the regulator (git-fixes).\n\n - drm/msm/dpu: Add newline to printks (git-fixes).\n\n - drm/msm/dsi_phy_10nm: implement PHY disabling (git-fixes).\n\n - drm/omap: dmm_tiler: fix return error code in omap_dmm_probe() (git-fixes).\n\n - drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (git-fixes).\n\n - epoll: Keep a reference on files added to the check list (bsc#1180031).\n\n - ethernet: ucc_geth: fix use-after-free in ucc_geth_remove() (git-fixes).\n\n - ext4: correctly report 'not supported' for (usr,grp)jquota when !CONFIG_QUOTA (bsc#1179672).\n\n - ext4: fix bogus warning in ext4_update_dx_flag() (bsc#1179716).\n\n - ext4: fix error handling code in add_new_gdb (bsc#1179722).\n\n - ext4: fix invalid inode checksum (bsc#1179723).\n\n - ext4: fix leaking sysfs kobject after failed mount (bsc#1179670).\n\n - ext4: limit entries returned when counting fsmap records (bsc#1179671).\n\n - ext4: unlock xattr_sem properly in ext4_inline_data_truncate() (bsc#1179673).\n\n - extcon: max77693: Fix modalias string (git-fixes).\n\n - fbcon: Fix user font detection test at fbcon_resize().\n (bsc#1112178)\n\n - fbcon: Remove the superfluous break (bsc#1129770)\n\n - firmware: qcom: scm: Ensure 'a0' status code is treated as signed (git-fixes).\n\n - fix regression in 'epoll: Keep a reference on files added to the check list' (bsc#1180031, git-fixes).\n\n - forcedeth: use per cpu to collect xmit/recv statistics (git-fixes).\n\n - fs: Do not invalidate page buffers in block_write_full_page() (bsc#1179711).\n\n - geneve: change from tx_error to tx_dropped on missing metadata (git-fixes).\n\n - genirq/irqdomain: Add an irq_create_mapping_affinity() function (bsc#1065729).\n\n - gpio: arizona: handle pm_runtime_get_sync failure case (git-fixes).\n\n - gpio: gpio-grgpio: fix possible sleep-in-atomic-context bugs in grgpio_irq_map/unmap() (git-fixes).\n\n - gpio: max77620: Add missing dependency on GPIOLIB_IRQCHIP (git-fixes).\n\n - gpio: max77620: Fixup debounce delays (git-fixes).\n\n - gpio: max77620: Use correct unit for debounce times (git-fixes).\n\n - gpio: mpc8xxx: Add platform device to gpiochip->parent (git-fixes).\n\n - gpio: mvebu: fix potential user-after-free on probe (git-fixes).\n\n - gpiolib: acpi: Add honor_wakeup module-option + quirk mechanism (git-fixes).\n\n - gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 BYT + AXP288 model (git-fixes).\n\n - gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 CHT + AXP288 model (git-fixes).\n\n - gpiolib: acpi: Correct comment for HP x2 10 honor_wakeup quirk (git-fixes).\n\n - gpiolib: acpi: Rework honor_wakeup option into an ignore_wake option (git-fixes).\n\n - gpiolib: acpi: Turn dmi_system_id table into a generic quirk table (git-fixes).\n\n - gpiolib: fix up emulated open drain outputs (git-fixes).\n\n - hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow (git-fixes).\n\n - hwmon: (jc42) Fix name to have no illegal characters (git-fixes).\n\n - i2c: algo: pca: Reapply i2c bus settings after reset (git-fixes).\n\n - i2c: i801: Fix resume bug (git-fixes).\n\n - i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets (git-fixes).\n\n - i2c: pxa: clear all master action bits in i2c_pxa_stop_message() (git-fixes).\n\n - i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output (git-fixes).\n\n - i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc() (git-fixes).\n\n - ibmvnic: add some debugs (bsc#1179896 ltc#190255).\n\n - ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes).\n\n - ibmvnic: continue fatal error reset after passive init (bsc#1171078 ltc#184239 git-fixes).\n\n - ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098 git-fixes).\n\n - ibmvnic: enhance resetting status check during module exit (bsc#1065729).\n\n - ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes).\n\n - ibmvnic: fix call_netdevice_notifiers in do_reset (bsc#1115431 ltc#171853 git-fixes).\n\n - ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231 git-fixes).\n\n - ibmvnic: notify peers when failover and migration happen (bsc#1044120 ltc#155423 git-fixes).\n\n - ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432 git-fixes).\n\n - iio: adc: max1027: Reset the device at probe time (git-fixes).\n\n - iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in rockchip_saradc_resume (git-fixes).\n\n - iio: bmp280: fix compensation of humidity (git-fixes).\n\n - iio: buffer: Fix demux update (git-fixes).\n\n - iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw() (git-fixes).\n\n - iio: fix center temperature of bmc150-accel-core (git-fixes).\n\n - iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel reporting (git-fixes).\n\n - iio: light: bh1750: Resolve compiler warning and make code more readable (git-fixes).\n\n - iio: srf04: fix wrong limitation in distance measuring (git-fixes).\n\n - iio:imu:bmi160: Fix too large a buffer (git-fixes).\n\n - iio:pressure:mpl3115: Force alignment of buffer (git-fixes).\n\n - inet_ecn: Fix endianness of checksum update when setting ECT(1) (git-fixes).\n\n - ipw2x00: Fix -Wcast-function-type (git-fixes).\n\n - irqchip/alpine-msi: Fix freeing of interrupts on allocation error path (git-fixes).\n\n - iwlwifi: mvm: fix kernel panic in case of assert during CSA (git-fixes).\n\n - iwlwifi: mvm: fix unaligned read of rx_pkt_status (git-fixes).\n\n - iwlwifi: pcie: limit memory read spin time (git-fixes).\n\n - kABI fix for g2d (git-fixes).\n\n - kABI workaround for HD-audio generic parser (git-fixes).\n\n - kABI workaround for dsa/b53 changes (git-fixes).\n\n - kABI workaround for net/ipvlan changes (git-fixes).\n\n - kABI: ath10k: move a new structure member to the end (git-fixes).\n\n - kABI: genirq: add back irq_create_mapping (bsc#1065729).\n\n - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015).\n\n - kernel-(binary,source).spec.in: do not create loop symlinks (bsc#1179082)\n\n - kgdb: Fix spurious true from in_dbg_master() (git-fixes).\n\n - mac80211: Check port authorization in the ieee80211_tx_dequeue() case (git-fixes).\n\n - mac80211: allow rx of mesh eapol frames with default rx key (git-fixes).\n\n - mac80211: do not set set TDLS STA bandwidth wider than possible (git-fixes).\n\n - mac80211: fix authentication with iwlwifi/mvm (git-fixes).\n\n - mac80211: fix use of skb payload instead of header (git-fixes).\n\n - mac80211: mesh: fix mesh_pathtbl_init() error path (git-fixes).\n\n - matroxfb: avoid -Warray-bounds warning (git-fixes).\n\n - md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#1163727).\n\n - md-cluster: fix safemode_delay value when converting to clustered bitmap (bsc#1163727).\n\n - md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727).\n\n - md/bitmap: fix memory leak of temporary bitmap (bsc#1163727).\n\n - md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727).\n\n - md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727).\n\n - md/cluster: block reshape with remote resync job (bsc#1163727).\n\n - md/cluster: fix deadlock when node is doing resync job (bsc#1163727).\n\n - md/raid5: fix oops during stripe resizing (git-fixes).\n\n - media: am437x-vpfe: Setting STD to current value is not an error (git-fixes).\n\n - media: cec-funcs.h: add status_req checks (git-fixes).\n\n - media: cx88: Fix some error handling path in 'cx8800_initdev()' (git-fixes).\n\n - media: gp8psk: initialize stats at power control logic (git-fixes).\n\n - media: gspca: Fix memory leak in probe (git-fixes).\n\n - media: i2c: mt9v032: fix enum mbus codes and frame sizes (git-fixes).\n\n - media: i2c: ov2659: Fix missing 720p register config (git-fixes).\n\n - media: i2c: ov2659: fix s_stream return value (git-fixes).\n\n - media: msi2500: assign SPI bus number dynamically (git-fixes).\n\n - media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes).\n\n - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_release_dec_pm() (git-fixes).\n\n - media: platform: add missing put_device() call in mtk_jpeg_probe() and mtk_jpeg_remove() (git-patches).\n\n - media: pvrusb2: Fix oops on tear-down when radio support is not present (git-fixes).\n\n - media: s5p-g2d: Fix a memory leak in an error handling path in 'g2d_probe()' (git-fixes).\n\n - media: saa7146: fix array overflow in vidioc_s_audio() (git-fixes).\n\n - media: si470x-i2c: add missed operations in remove (git-fixes).\n\n - media: siano: fix memory leak of debugfs members in smsdvb_hotplug (git-fixes).\n\n - media: solo6x10: fix missing snd_card_free in error handling case (git-fixes).\n\n - media: sti: bdisp: fix a possible sleep-in-atomic-context bug in bdisp_device_run() (git-fixes).\n\n - media: sunxi-cir: ensure IR is handled when it is continuous (git-fixes).\n\n - media: ti-vpe: vpe: Make sure YUYV is set as default format (git-fixes).\n\n - media: ti-vpe: vpe: ensure buffers are cleaned up properly in abort cases (git-fixes).\n\n - media: ti-vpe: vpe: fix a v4l2-compliance failure about frame sequence number (git-fixes).\n\n - media: ti-vpe: vpe: fix a v4l2-compliance failure about invalid sizeimage (git-fixes).\n\n - media: ti-vpe: vpe: fix a v4l2-compliance failure causing a kernel panic (git-fixes).\n\n - media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel format (git-fixes).\n\n - media: uvcvideo: Set media controller entity functions (git-fixes).\n\n - media: uvcvideo: Silence shift-out-of-bounds warning (git-fixes).\n\n - media: v4l2-async: Fix trivial documentation typo (git-fixes).\n\n - media: v4l2-core: fix touch support in v4l_g_fmt (git-fixes).\n\n - media: v4l2-device.h: Explicitly compare grp(id,mask) to zero in v4l2_device macros (git-fixes).\n\n - mei: bus: do not clean driver pointer (git-fixes).\n\n - mei: protect mei_cl_mtu from null dereference (git-fixes).\n\n - memstick: fix a double-free bug in memstick_check (git-fixes).\n\n - memstick: r592: Fix error return in r592_probe() (git-fixes).\n\n - mfd: rt5033: Fix errorneous defines (git-fixes).\n\n - mfd: wm8994: Fix driver operation if loaded as modules (git-fixes).\n\n - misc: vmw_vmci: fix kernel info-leak by initializing dbells in vmci_ctx_get_chkpt_doorbells() (git-fixes).\n\n - mm,memory_failure: always pin the page in madvise_inject_error (bsc#1180258).\n\n - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() (bsc#1179204).\n\n - mm: do not wake kswapd prematurely when watermark boosting is disabled (git fixes (mm/vmscan)).\n\n - mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure (git-fixes).\n\n - net/smc: fix valid DMBE buffer sizes (git-fixes).\n\n - net/x25: prevent a couple of overflows (bsc#1178590).\n\n - net: aquantia: Fix aq_vec_isr_legacy() return value (git-fixes).\n\n - net: aquantia: fix LRO with FCS error (git-fixes).\n\n - net: bcmgenet: reapply manual settings to the PHY (git-fixes).\n\n - net: broadcom/bcmsysport: Fix signedness in bcm_sysport_probe() (git-fixes).\n\n - net: dsa: b53: Always use dev->vlan_enabled in b53_configure_vlan() (git-fixes).\n\n - net: dsa: b53: Ensure the default VID is untagged (git-fixes).\n\n - net: dsa: b53: Fix default VLAN ID (git-fixes).\n\n - net: dsa: b53: Properly account for VLAN filtering (git-fixes).\n\n - net: dsa: bcm_sf2: Do not assume DSA master supports WoL (git-fixes).\n\n - net: dsa: bcm_sf2: potential array overflow in bcm_sf2_sw_suspend() (git-fixes).\n\n - net: dsa: qca8k: remove leftover phy accessors (git-fixes).\n\n - net: ethernet: stmmac: Fix signedness bug in ipq806x_gmac_of_parse() (git-fixes).\n\n - net: ethernet: ti: cpsw: clear all entries when delete vid (git-fixes).\n\n - net: ethernet: ti: cpsw: fix runtime_pm while add/kill vlan (git-fixes).\n\n - net: hisilicon: Fix signedness bug in hix5hd2_dev_probe() (git-fixes).\n\n - net: macb: add missing barriers when reading descriptors (git-fixes).\n\n - net: macb: fix dropped RX frames due to a race (git-fixes).\n\n - net: macb: fix error format in dev_err() (git-fixes).\n\n - net: macb: fix random memory corruption on RX with 64-bit DMA (git-fixes). - blacklist.conf :\n\n - net: pasemi: fix an use-after-free in pasemi_mac_phy_init() (git-fixes).\n\n - net: phy: Avoid multiple suspends (git-fixes).\n\n - net: phy: micrel: Discern KSZ8051 and KSZ8795 PHYs (git-fixes).\n\n - net: phy: micrel: make sure the factory test bit is cleared (git-fixes).\n\n - net: qca_spi: Move reset_count to struct qcaspi (git-fixes).\n\n - net: seeq: Fix the function used to release some memory in an error handling path (git-fixes).\n\n - net: sh_eth: fix a missing check of of_get_phy_mode (git-fixes).\n\n - net: sonic: replace dev_kfree_skb in sonic_send_packet (git-fixes).\n\n - net: sonic: return NETDEV_TX_OK if failed to map buffer (git-fixes).\n\n - net: stmmac: Fix reception of Broadcom switches tags (git-fixes).\n\n - net: stmmac: dwmac-meson8b: Fix signedness bug in probe (git-fixes).\n\n - net: stmmac: fix csr_clk can't be zero issue (git-fixes).\n\n - net: stmmac: fix length of PTP clock's name string (git-fixes).\n\n - net: stmmac: gmac4+: Not all Unicast addresses may be available (git-fixes).\n\n - net: usb: sr9800: fix uninitialized local variable (git-fixes).\n\n - net:ethernet:aquantia: Extra spinlocks removed (git-fixes).\n\n - nfc: s3fwrn5: Release the nfc firmware (git-fixes).\n\n - nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame (git-fixes).\n\n - ocfs2: fix unbalanced locking (bsc#1180506).\n\n - ocfs2: initialize ip_next_orphan (bsc#1179724).\n\n - orinoco: Move context allocation after processing the skb (git-fixes).\n\n - pNFS/flexfiles: Fix list corruption if the mirror count changes (git-fixes).\n\n - parport: load lowlevel driver if ports not found (git-fixes).\n\n - phy: Revert toggling reset changes (git-fixes).\n\n - pinctrl: amd: fix __iomem annotation in amd_gpio_irq_handler() (git-fixes).\n\n - pinctrl: amd: fix npins for uart0 in kerncz_groups (git-fixes).\n\n - pinctrl: amd: remove debounce filter setting in IRQ type setting (git-fixes).\n\n - pinctrl: baytrail: Avoid clearing debounce value when turning it off (git-fixes).\n\n - pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe() (git-fixes).\n\n - pinctrl: merrifield: Set default bias in case no particular value given (git-fixes).\n\n - pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B (git-fixes).\n\n - platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE (git-fixes).\n\n - platform/x86: dell-smbios-base: Fix error return code in dell_smbios_init (git-fixes).\n\n - platform/x86: mlx-platform: Fix item counter assignment for MSN2700, MSN24xx systems (git-fixes).\n\n - platform/x86: mlx-platform: Remove PSU EEPROM from MSN274x platform configuration (git-fixes).\n\n - platform/x86: mlx-platform: Remove PSU EEPROM from default platform configuration (git-fixes).\n\n - platform/x86: mlx-platform: remove an unused variable (git-fixes).\n\n - power: supply: bq24190_charger: fix reference leak (git-fixes).\n\n - power: supply: bq27xxx_battery: Silence deferred-probe error (git-fixes).\n\n - powerpc/64: Set up a kernel stack for secondaries before cpu_restore() (bsc#1065729).\n\n - powerpc/64s/pseries: Fix hash tlbiel_all_isa300 for guest kernels (bsc#1179888 ltc#190253).\n\n - powerpc/64s: Fix hash ISA v3.0 TLBIEL instruction generation (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253).\n\n - powerpc/pci: Fix broken INTx configuration via OF (bsc#1172145 ltc#184630).\n\n - powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145 ltc#184630).\n\n - powerpc/pci: Remove legacy debug code (bsc#1172145 ltc#184630 git-fixes).\n\n - powerpc/pci: Use of_irq_parse_and_map_pci() helper (bsc#1172145 ltc#184630).\n\n - powerpc/perf: Add generic compat mode pmu driver (bsc#1178900 ltc#189284).\n\n - powerpc/perf: Fix crash with is_sier_available when pmu is not set (bsc#1179578 ltc#189313).\n\n - powerpc/perf: Fix crashes with generic_compat_pmu & BHRB (bsc#1178900 ltc#189284 git-fixes).\n\n - powerpc/perf: init pmu from core-book3s (bsc#1178900 ltc#189284).\n\n - powerpc/pseries/hibernation: remove redundant cacheinfo update (bsc#1138374 ltc#178199 git-fixes).\n\n - powerpc/pseries: Pass MSI affinity to irq_create_mapping() (bsc#1065729).\n\n - powerpc/smp: Add __init to init_big_cores() (bsc#1109695 ltc#171067 git-fixes).\n\n - powerpc/xmon: Change printk() to pr_cont() (bsc#1065729).\n\n - powerpc: Convert to using %pOF instead of full_name (bsc#1172145 ltc#184630).\n\n - powerpc: Fix incorrect stw(, ux, u, x) instructions in\n __set_pte_at (bsc#1065729).\n\n - ppp: remove the PPPIOCDETACH ioctl (git-fixes).\n\n - pwm: lp3943: Dynamically allocate PWM chip base (git-fixes).\n\n - quota: clear padding in v2r1_mem2diskdqb() (bsc#1179714).\n\n - radeon: insert 10ms sleep in dce5_crtc_load_lut (git-fixes).\n\n - ravb: Fix use-after-free ravb_tstamp_skb (git-fixes).\n\n - regmap: Remove duplicate `type` field from regmap `regcache_sync` trace event (git-fixes).\n\n - regmap: debugfs: check count when read regmap file (git-fixes).\n\n - regmap: dev_get_regmap_match(): fix string comparison (git-fixes).\n\n - regulator: max8907: Fix the usage of uninitialized variable in max8907_regulator_probe() (git-fixes).\n\n - regulator: pfuze100-regulator: Variable 'val' in pfuze100_regulator_probe() could be uninitialized (git-fixes).\n\n - regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/ti_abb_clear_all_txdone (git-fixes).\n\n - reiserfs: Fix oops during mount (bsc#1179715).\n\n - reiserfs: Initialize inode keys properly (bsc#1179713).\n\n - remoteproc: Fix wrong rvring index computation (git-fixes).\n\n - rfkill: Fix incorrect check to avoid NULL pointer dereference (git-fixes).\n\n - rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014) \n\n - rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014) \n\n - rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045) \n\n - rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls (bsc#1178401)\n\n - rpm/kernel-(source,binary).spec: do not include ghost symlinks (boo#1179082).\n\n - rtc: 88pm860x: fix possible race condition (git-fixes).\n\n - rtc: hym8563: enable wakeup when applicable (git-fixes).\n\n - rtl8xxxu: fix RTL8723BU connection failure issue after warm reboot (git-fixes).\n\n - rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt() (git-fixes).\n\n - s390/bpf: Fix multiple tail calls (git-fixes).\n\n - s390/cpuinfo: show processor physical address (git-fixes).\n\n - s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes).\n\n - s390/dasd: fix hanging device offline processing (bsc#1144912).\n\n - s390/dasd: fix NULL pointer dereference for ERP requests (git-fixes).\n\n - s390/pci: fix CPU address in MSI for directed IRQ (git-fixes).\n\n - s390/qeth: fix af_iucv notification race (git-fixes).\n\n - s390/qeth: fix tear down of async TX buffers (git-fixes).\n\n - s390/qeth: make af_iucv TX notification call more robust (git-fixes).\n\n - s390/stp: add locking to sysfs functions (git-fixes).\n\n - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (git-fixes).\n\n - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros:\n section\n\n - scsi: Remove unneeded break statements (bsc#1164780).\n\n - scsi: core: Fix VPD LUN ID designator priorities (bsc#1178049, git-fixes).\n\n - scsi: lpfc: Add FDMI Vendor MIB support (bsc#1164780).\n\n - scsi: lpfc: Convert SCSI I/O completions to SLI-3 and SLI-4 handlers (bsc#1164780).\n\n - scsi: lpfc: Convert SCSI path to use common I/O submission path (bsc#1164780).\n\n - scsi: lpfc: Convert abort handling to SLI-3 and SLI-4 handlers (bsc#1164780).\n\n - scsi: lpfc: Correct null ndlp reference on routine exit (bsc#1164780).\n\n - scsi: lpfc: Drop nodelist reference on error in lpfc_gen_req() (bsc#1164780).\n\n - scsi: lpfc: Enable common send_io interface for SCSI and NVMe (bsc#1164780).\n\n - scsi: lpfc: Enable common wqe_template support for both SCSI and NVMe (bsc#1164780).\n\n - scsi: lpfc: Enlarge max_sectors in scsi host templates (bsc#1164780).\n\n - scsi: lpfc: Extend the RDF FPIN Registration descriptor for additional events (bsc#1164780).\n\n - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery (bsc#1164780).\n\n - scsi: lpfc: Fix NPIV Fabric Node reference counting (bsc#1164780).\n\n - scsi: lpfc: Fix NPIV discovery and Fabric Node detection (bsc#1164780).\n\n - scsi: lpfc: Fix duplicate wq_create_version check (bsc#1164780).\n\n - scsi: lpfc: Fix fall-through warnings for Clang (bsc#1164780).\n\n - scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc() (bsc#1164780).\n\n - scsi: lpfc: Fix memory leak on lcb_context (bsc#1164780).\n\n - scsi: lpfc: Fix missing prototype for lpfc_nvmet_prep_abort_wqe() (bsc#1164780).\n\n - scsi: lpfc: Fix missing prototype warning for lpfc_fdmi_vendor_attr_mi() (bsc#1164780).\n\n - scsi: lpfc: Fix pointer defereference before it is null checked issue (bsc#1164780).\n\n - scsi: lpfc: Fix refcounting around SCSI and NVMe transport APIs (bsc#1164780).\n\n - scsi: lpfc: Fix removal of SCSI transport device get and put on dev structure (bsc#1164780).\n\n - scsi: lpfc: Fix scheduling call while in softirq context in lpfc_unreg_rpi (bsc#1164780).\n\n - scsi: lpfc: Fix set but not used warnings from Rework remote port lock handling (bsc#1164780).\n\n - scsi: lpfc: Fix set but unused variables in lpfc_dev_loss_tmo_handler() (bsc#1164780).\n\n - scsi: lpfc: Fix spelling mistake 'Cant' -> 'Can't' (bsc#1164780).\n\n - scsi: lpfc: Fix variable 'vport' set but not used in lpfc_sli4_abts_err_handler() (bsc#1164780).\n\n - scsi: lpfc: Refactor WQE structure definitions for common use (bsc#1164780).\n\n - scsi: lpfc: Reject CT request for MIB commands (bsc#1164780).\n\n - scsi: lpfc: Remove dead code on second !ndlp check (bsc#1164780).\n\n - scsi: lpfc: Remove ndlp when a PLOGI/ADISC/PRLI/REG_RPI ultimately fails (bsc#1164780).\n\n - scsi: lpfc: Remove set but not used 'qp' (bsc#1164780).\n\n - scsi: lpfc: Remove unneeded variable 'status' in lpfc_fcp_cpu_map_store() (bsc#1164780).\n\n - scsi: lpfc: Removed unused macros in lpfc_attr.c (bsc#1164780).\n\n - scsi: lpfc: Rework locations of ndlp reference taking (bsc#1164780).\n\n - scsi: lpfc: Rework remote port lock handling (bsc#1164780).\n\n - scsi: lpfc: Rework remote port ref counting and node freeing (bsc#1164780).\n\n - scsi: lpfc: Unsolicited ELS leaves node in incorrect state while dropping it (bsc#1164780).\n\n - scsi: lpfc: Update changed file copyrights for 2020 (bsc#1164780).\n\n - scsi: lpfc: Update lpfc version to 12.8.0.4 (bsc#1164780).\n\n - scsi: lpfc: Update lpfc version to 12.8.0.5 (bsc#1164780).\n\n - scsi: lpfc: Update lpfc version to 12.8.0.6 (bsc#1164780).\n\n - scsi: lpfc: Use generic power management (bsc#1164780).\n\n - scsi: lpfc: lpfc_attr: Demote kernel-doc format for redefined functions (bsc#1164780).\n\n - scsi: lpfc: lpfc_attr: Fix-up a bunch of kernel-doc misdemeanours (bsc#1164780).\n\n - scsi: lpfc: lpfc_debugfs: Fix a couple of function documentation issues (bsc#1164780).\n\n - scsi: lpfc: lpfc_scsi: Fix a whole host of kernel-doc issues (bsc#1164780).\n\n - scsi: qla2xxx: Change post del message from debug level to log level (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Convert to DEFINE_SHOW_ATTRIBUTE (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Do not check for fw_started while posting NVMe command (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Do not consume srb greedily (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Fix FW initialization error on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Fix N2N and NVMe connect retry failure (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Fix compilation issue in PPC systems (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Fix crash during driver load on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Fix device loss on 4G and older HBAs (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Fix return of uninitialized value in rval (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Fix the call trace for flush workqueue (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Handle aborts correctly for port undergoing deletion (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Limit interrupt vectors to number of CPUs (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Move sess cmd list/lock to driver (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Remove trailing semicolon in macro definition (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Return EBUSY on fcport deletion (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Tear down session if FW say it is down (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Update version to 10.02.00.104-k (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Use constant when it is known (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: remove incorrect sparse #ifdef (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: storvsc: Fix error return in storvsc_probe() (git-fixes).\n\n - scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access (git-fixes).\n\n - serial: 8250_pci: Add Realtek 816a and 816b (git-fixes).\n\n - serial: amba-pl011: Make sure we initialize the port.lock spinlock (git-fixes).\n\n - serial: ar933x_uart: set UART_CS_(RX,TX)_READY_ORIDE (git-fixes).\n\n - serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (git-fixes).\n\n - serial_core: Check for port state when tty is in error state (git-fixes).\n\n - soc/tegra: fuse: Fix index bug in get_process_id (git-fixes).\n\n - soc: imx: gpc: fix power up sequencing (git-fixes).\n\n - soc: mediatek: Check if power domains can be powered on at boot time (git-fixes).\n\n - soc: qcom: smp2p: Safely acquire spinlock without IRQs (git-fixes).\n\n - soc: ti: Fix reference imbalance in knav_dma_probe (git-fixes).\n\n - soc: ti: knav_qmss: fix reference leak in knav_queue_probe (git-fixes).\n\n - spi: Add call to spi_slave_abort() function when spidev driver is released (git-fixes).\n\n - spi: Fix memory leak on splited transfers (git-fixes).\n\n - spi: bcm63xx-hsspi: fix missing clk_disable_unprepare() on error in bcm63xx_hsspi_resume (git-fixes).\n\n - spi: davinci: Fix use-after-free on unbind (git-fixes).\n\n - spi: dw: Enable interrupts in accordance with DMA xfer mode (git-fixes).\n\n - spi: dw: Fix Rx-only DMA transfers (git-fixes).\n\n - spi: dw: Return any value retrieved from the dma_transfer callback (git-fixes).\n\n - spi: img-spfi: fix potential double release (git-fixes).\n\n - spi: img-spfi: fix reference leak in img_spfi_resume (git-fixes).\n\n - spi: pic32: Do not leak DMA channels in probe error path (git-fixes).\n\n - spi: pxa2xx: Add missed security checks (git-fixes).\n\n - spi: spi-cavium-thunderx: Add missing pci_release_regions() (git-fixes).\n\n - spi: spi-loopback-test: Fix out-of-bounds read (git-fixes).\n\n - spi: spi-mem: Fix passing zero to 'PTR_ERR' warning (git-fixes).\n\n - spi: spi-mem: fix reference leak in spi_mem_access_start (git-fixes).\n\n - spi: spi-ti-qspi: fix reference leak in ti_qspi_setup (git-fixes).\n\n - spi: spidev: fix a potential use-after-free in spidev_release() (git-fixes).\n\n - spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path (git-fixes).\n\n - spi: st-ssc4: add missed pm_runtime_disable (git-fixes).\n\n - spi: tegra114: fix reference leak in tegra spi ops (git-fixes).\n\n - spi: tegra20-sflash: fix reference leak in tegra_sflash_resume (git-fixes).\n\n - spi: tegra20-slink: add missed clk_unprepare (git-fixes).\n\n - spi: tegra20-slink: fix reference leak in slink ops of tegra20 (git-fixes).\n\n - splice: only read in as much information as there is pipe buffer space (bsc#1179520).\n\n - staging: comedi: check validity of wMaxPacketSize of usb endpoints found (git-fixes).\n\n - staging: comedi: gsc_hpdi: check dma_alloc_coherent() return value (git-fixes).\n\n - staging: comedi: mf6x4: Fix AI end-of-conversion detection (git-fixes).\n\n - staging: olpc_dcon: Do not call platform_device_unregister() in dcon_probe() (git-fixes).\n\n - staging: olpc_dcon: add a missing dependency (git-fixes).\n\n - staging: rtl8188eu: Add device code for TP-Link TL-WN727N v5.21 (git-fixes).\n\n - staging: rtl8188eu: Add device id for MERCUSYS MW150US v2 (git-fixes).\n\n - staging: rtl8188eu: fix possible null dereference (git-fixes).\n\n - staging: rtl8192u: fix multiple memory leaks on error path (git-fixes).\n\n - staging: vt6656: set usb_set_intfdata on driver fail (git-fixes).\n\n - staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb() (git-fixes).\n\n - staging: wlan-ng: properly check endpoint types (git-fixes).\n\n - sunrpc: fixed rollback in rpc_gssd_dummy_populate() (git-fixes).\n\n - thunderbolt: Use 32-bit writes when writing ring producer/consumer (git-fixes).\n\n - timer: Fix wheel index calculation on last level (git fixes)\n\n - timer: Prevent base->clk from moving backward (git-fixes)\n\n - tty: Fix ->pgrp locking in tiocspgrp() (git-fixes).\n\n - tty: always relink the port (git-fixes).\n\n - tty: link tty and port before configuring it as console (git-fixes).\n\n - tty: synclink_gt: Adjust indentation in several functions (git-fixes).\n\n - tty: synclinkmp: Adjust indentation in several functions (git-fixes).\n\n - tty:serial:mvebu-uart:fix a wrong return (git-fixes).\n\n - uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define (git-fixes).\n\n - uapi/if_ether.h: prevent redefinition of struct ethhdr (git-fixes).\n\n - usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul (git-fixes).\n\n - usb: chipidea: ci_hdrc_imx: add missing put_device() call in usbmisc_get_init_data() (git-fixes).\n\n - usb: dwc2: Fix IN FIFO allocation (git-fixes).\n\n - usb: dwc3: remove the call trace of USBx_GFLADJ (git-fixes).\n\n - usb: dwc3: ulpi: Use VStsDone to detect PHY regs access completion (git-fixes).\n\n - usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe (git-fixes).\n\n - usb: fsl: Check memory resource before releasing it (git-fixes).\n\n - usb: gadget: composite: Fix possible double free memory bug (git-fixes).\n\n - usb: gadget: configfs: Fix missing spin_lock_init() (git-fixes).\n\n - usb: gadget: configfs: Preserve function ordering after bind failure (git-fixes).\n\n - usb: gadget: configfs: fix concurrent issue between composite APIs (git-fixes).\n\n - usb: gadget: f_fs: Use local copy of descriptors for userspace copy (git-fixes).\n\n - usb: gadget: f_uac2: reset wMaxPacketSize (git-fixes).\n\n - usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags (git-fixes).\n\n - usb: gadget: fix wrong endpoint desc (git-fixes).\n\n - usb: gadget: goku_udc: fix potential crashes in probe (git-fixes).\n\n - usb: gadget: net2280: fix memory leak on probe error handling paths (git-fixes).\n\n - usb: gadget: select CONFIG_CRC32 (git-fixes).\n\n - usb: gadget: serial: fix Tx stall after buffer overflow (git-fixes).\n\n - usb: gadget: udc: fix possible sleep-in-atomic-context bugs in gr_probe() (git-fixes).\n\n - usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init() (git-fixes).\n\n - usb: hso: Fix debug compile warning on sparc32 (git-fixes).\n\n - usb: musb: omap2430: Get rid of musb .set_vbus for omap2430 glue (git-fixes).\n\n - usb: oxu210hp-hcd: Fix memory leak in oxu_create (git-fixes).\n\n - usb: usbfs: Suppress problematic bind and unbind uevents (git-fixes).\n\n - usblp: poison URBs upon disconnect (git-fixes).\n\n - usbnet: ipheth: fix connectivity with iOS 14 (git-fixes).\n\n - video: fbdev: neofb: fix memory leak in neo_scan_monitor() (git-fixes).\n\n - vt: Reject zero-sized screen buffer size (git-fixes).\n\n - vt: do not hardcode the mem allocation upper bound (git-fixes).\n\n - wan: ds26522: select CONFIG_BITREVERSE (git-fixes).\n\n - watchdog: coh901327: add COMMON_CLK dependency (git-fixes).\n\n - watchdog: da9062: No need to ping manually before setting timeout (git-fixes).\n\n - watchdog: da9062: do not ping the hw during stop() (git-fixes).\n\n - watchdog: qcom: Avoid context switch in restart handler (git-fixes).\n\n - watchdog: sirfsoc: Add missing dependency on HAS_IOMEM (git-fixes).\n\n - wil6210: select CONFIG_CRC32 (git-fixes).\n\n - wimax: fix duplicate initializer warning (git-fixes).\n\n - wireless: Use linux/stddef.h instead of stddef.h (git-fixes).\n\n - wireless: Use offsetof instead of custom macro (git-fixes).\n\n - x86/apic: Fix integer overflow on 10 bit left shift of cpu_khz (bsc#1112178).\n\n - x86/i8259: Use printk_deferred() to prevent deadlock (bsc#1112178).\n\n - x86/insn-eval: Use new for_each_insn_prefix() macro to loop over prefixes bytes (bsc#1112178).\n\n - x86/mm/ident_map: Check for errors from ident_pud_init() (bsc#1112178).\n\n - x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP (bsc#1112178).\n\n - x86/mm/numa: Remove uninitialized_var() usage (bsc#1112178).\n\n - x86/mm: Fix leak of pmd ptlock (bsc#1112178).\n\n - x86/mtrr: Correct the range check before performing MTRR type lookups (bsc#1112178).\n\n - x86/resctrl: Add necessary kernfs_put() calls to prevent refcount leak (bsc#1112178).\n\n - x86/resctrl: Do not move a task to the same resource group (bsc#1112178).\n\n - x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled (bsc#1112178).\n\n - x86/resctrl: Remove superfluous kernfs_get() calls to prevent refcount leak (bsc#1112178).\n\n - x86/resctrl: Remove unused struct mbm_state::chunks_bw (bsc#1112178).\n\n - x86/resctrl: Use an IPI instead of task_work_add() to update PQR_ASSOC MSR (bsc#1112178).\n\n - x86/speculation: Fix prctl() when spectre_v2_user=(seccomp,prctl),ibpb (bsc#1112178).\n\n - x86/tracing: Introduce a static key for exception tracing (bsc#1179895).\n\n - x86/traps: Simplify pagefault tracing logic (bsc#1179895).\n\n - x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes (bsc#1112178).\n\n - xhci: Give USB2 ports time to enter U3 in bus suspend (git-fixes).\n\n - xprtrdma: fix incorrect header size calculations (git-fixes).", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2021-01-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2021-75)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-20934", "CVE-2020-0444", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-11668", "CVE-2020-25639", "CVE-2020-27068", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-27825", "CVE-2020-28374", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158", "CVE-2020-4788"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2021-75.NASL", "href": "https://www.tenable.com/plugins/nessus/145287", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-75.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145287);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2019-20934\",\n \"CVE-2020-0444\",\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-4788\",\n \"CVE-2020-11668\",\n \"CVE-2020-25639\",\n \"CVE-2020-27068\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-27825\",\n \"CVE-2020-28374\",\n \"CVE-2020-29568\",\n \"CVE-2020-29569\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\"\n );\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2021-75)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The openSUSE Leap 15.1 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-29568: An issue was discovered in Xen through\n 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD)\n are processing watch events using a single thread. If\n the events are received faster than the thread is able\n to handle, they will get queued. As the queue is\n unbounded, a guest may be able to trigger an OOM in the\n backend. All systems with a FreeBSD, Linux, or NetBSD\n (any version) dom0 are vulnerable (bnc#1179508).\n\n - CVE-2020-29569: The Linux kernel PV block backend\n expects the kernel thread handler to reset ring->xenblkd\n to NULL when stopped. However, the handler may not have\n time to run if the frontend quickly toggles between the\n states connect and disconnect. As a consequence, the\n block backend may re-use a pointer after it was freed. A\n misbehaving guest can trigger a dom0 crash by\n continuously connecting / disconnecting a block\n frontend. Privilege escalation and information leaks\n cannot be ruled out. This only affects systems with a\n Linux blkback (bnc#1179509).\n\n - CVE-2020-25639: Bail out of nouveau_channel_new if\n channel init fails (bsc#1176846).\n\n - CVE-2020-28374: In drivers/target/target_core_xcopy.c\n insufficient identifier checking in the LIO SCSI target\n code can be used by remote attackers to read or write\n files via directory traversal in an XCOPY request, aka\n CID-2896c93811e3. For example, an attack can occur over\n a network if the attacker has access to one iSCSI LUN.\n The attacker gains control over file access because I/O\n operations are proxied via an attacker-selected\n backstore (bnc#1178372 1180676).\n\n - CVE-2020-36158: mwifiex_cmd_802_11_ad_hoc_start in\n drivers/net/wireless/marvell/mwifiex/join.c might allow\n remote attackers to execute arbitrary code via a long\n SSID value, aka CID-5c455c5ab332 (bnc#1180559).\n\n - CVE-2020-27825: A use-after-free flaw was found in\n kernel/trace/ring_buffer.c. There was a race problem in\n trace_open and resize of cpu buffer running parallely on\n different cpus, may cause a denial of service problem\n (DOS). This flaw could even allow a local attacker with\n special user privilege to a kernel information leak\n threat (bnc#1179960).\n\n - CVE-2020-0466: In do_epoll_ctl and ep_loop_check_proc of\n eventpoll.c, there is a possible use after free due to a\n logic error. This could lead to local escalation of\n privilege with no additional execution privileges\n needed. User interaction is not needed for exploitation\n (bnc#1180031).\n\n - CVE-2020-27068: In the nl80211_policy policy of\n nl80211.c, there is a possible out of bounds read due to\n a missing bounds check. This could lead to local\n information disclosure with System execution privileges\n needed. User interaction is not required for\n exploitation (bnc#1180086).\n\n - CVE-2020-0465: In various methods of hid-multitouch.c,\n there is a possible out of bounds write due to a missing\n bounds check. This could lead to local escalation of\n privilege with no additional execution privileges\n needed. User interaction is not needed for exploitation\n (bnc#1180029).\n\n - CVE-2020-0444: In audit_free_lsm_field of auditfilter.c,\n there is a possible bad kfree due to a logic error in\n audit_data_to_entry. This could lead to local escalation\n of privilege with no additional execution privileges\n needed. User interaction is not needed for exploitation\n (bnc#1180027).\n\n - CVE-2020-29660: A locking inconsistency issue was\n discovered in the tty subsystem of the Linux kernel\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may\n have allowed a read-after-free attack against TIOCGSID,\n aka CID-c8bcd9c5be24 (bnc#1179745).\n\n - CVE-2020-29661: A locking issue was discovered in the\n tty subsystem of the Linux kernel\n drivers/tty/tty_jobctrl.c allowed a use-after-free\n attack against TIOCSPGRP, aka CID-54ffccbf053b\n (bnc#1179745).\n\n - CVE-2020-27777: A flaw was found in the way RTAS handled\n memory accesses in userspace to kernel communication. On\n a locked down (usually due to Secure Boot) guest system\n running on top of PowerVM or KVM hypervisors (pseries\n platform) a root like local user could use this flaw to\n further increase their privileges to that of a running\n kernel (bnc#1179107).\n\n - CVE-2020-11668: In the Linux kernel before 5.6.1,\n drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink\n camera USB driver) mishandled invalid descriptors, aka\n CID-a246b4d54770 (bnc#1168952).\n\n - CVE-2019-20934: An issue was discovered in the Linux\n kernel On NUMA systems, the Linux fair scheduler has a\n use-after-free in show_numa_stats() because NUMA fault\n statistics are inappropriately freed, aka\n CID-16d51a590a8c (bnc#1179663).\n\n - CVE-2020-27786: A flaw was found in the Linux kernels\n implementation of MIDI, where an attacker with a local\n account and the permissions to issue an ioctl commands\n to midi devices, could trigger a use-after-free. A write\n to this specific memory while freed and before use could\n cause the flow of execution to change and possibly allow\n for memory corruption or privilege escalation\n (bnc#1179601).\n\n - CVE-2020-4788: IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1)\n processors could allow a local user to obtain sensitive\n information from the data in the L1 cache under\n extenuating circumstances. IBM X-Force ID: 189296\n (bnc#1177666).\n\nThe following non-security bugs were fixed :\n\n - ACPI: PNP: compare the string length in the\n matching_id() (git-fixes).\n\n - ACPICA: Disassembler: create buffer fields in\n ACPI_PARSE_LOAD_PASS1 (git-fixes).\n\n - ACPICA: Do not increment operation_region reference\n counts for field units (git-fixes).\n\n - ALSA: ca0106: fix error code handling (git-fixes).\n\n - ALSA: ctl: allow TLV read operation for callback type of\n element in locked case (git-fixes).\n\n - ALSA: hda - Fix silent audio output and corrupted input\n on MSI X570-A PRO (git-fixes).\n\n - ALSA: hda/ca0132 - Change Input Source enum strings\n (git-fixes).\n\n - ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg\n (git-fixes).\n\n - ALSA: hda/generic: Add option to enforce preferred_dacs\n pairs (git-fixes).\n\n - ALSA: hda/hdmi: always check pin power status in i915\n pin fixup (git-fixes).\n\n - ALSA: hda/realtek - Add new codec supported for ALC897\n (git-fixes).\n\n - ALSA: hda/realtek - Couldn't detect Mic if booting with\n headset plugged (git-fixes).\n\n - ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK\n with ALC255 (git-fixes).\n\n - ALSA: hda/realtek: Add mute LED quirk to yet another HP\n x360 model (git-fixes).\n\n - ALSA: hda/realtek: Add some Clove SSID in the\n ALC293(ALC1220) (git-fixes).\n\n - ALSA: hda/realtek: Enable front panel headset LED on\n Lenovo ThinkStation P520 (git-fixes).\n\n - ALSA: hda/realtek: Enable headset of ASUS UX482EG &\n B9400CEA with ALC294 (git-fixes).\n\n - ALSA: hda/via: Fix runtime PM for Clevo W35xSS\n (git-fixes).\n\n - ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to\n patch table (git-fixes).\n\n - ALSA: hda: Fix potential race in unsol event handler\n (git-fixes).\n\n - ALSA: hda: Fix regressions on clear and reconfig sysfs\n (git-fixes).\n\n - ALSA: info: Drop WARN_ON() from buffer NULL sanity check\n (git-fixes).\n\n - ALSA: isa/wavefront: prevent out of bounds write in\n ioctl (git-fixes).\n\n - ALSA: line6: Perform sanity check for each URB creation\n (git-fixes).\n\n - ALSA: pcm: Clear the full allocated memory at hw_params\n (git-fixes).\n\n - ALSA: pcm: oss: Fix a few more UBSAN fixes (git-fixes).\n\n - ALSA: pcm: oss: Fix potential out-of-bounds shift\n (git-fixes).\n\n - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw\n sanity check (git-fixes).\n\n - ALSA: timer: Limit max amount of slave instances\n (git-fixes).\n\n - ALSA: usb-audio: Add delay quirk for H570e USB headsets\n (git-fixes).\n\n - ALSA: usb-audio: Add delay quirk for all Logitech USB\n devices (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for MODX\n (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for Qu-16\n (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for Zoom\n UAC-2 (git-fixes).\n\n - ALSA: usb-audio: Add registration quirk for Kingston\n HyperX Cloud Alpha S (git-fixes).\n\n - ALSA: usb-audio: Add registration quirk for Kingston\n HyperX Cloud Flight S (git-fixes).\n\n - ALSA: usb-audio: Disable sample read check if firmware\n does not give back (git-fixes).\n\n - ALSA: usb-audio: Fix OOB access of mixer element list\n (git-fixes).\n\n - ALSA: usb-audio: Fix control 'access overflow' errors\n from chmap (git-fixes).\n\n - ALSA: usb-audio: Fix potential out-of-bounds shift\n (git-fixes).\n\n - ALSA: usb-audio: Fix race against the error recovery URB\n submission (git-fixes).\n\n - ALSA: usb-audio: US16x08: fix value count for level\n meters (git-fixes).\n\n - ALSA: usb-audio: add quirk for Denon DCD-1500RE\n (git-fixes).\n\n - ALSA: usb-audio: add quirk for Samsung USBC Headset\n (AKG) (git-fixes).\n\n - ALSA: usb-audio: add usb vendor id as DSD-capable for\n Khadas devices (git-fixes).\n\n - ASoC: arizona: Fix a wrong free in wm8997_probe\n (git-fixes).\n\n - ASoC: cx2072x: Fix doubly definitions of Playback and\n Capture streams (git-fixes).\n\n - ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA\n channel failed (git-fixes).\n\n - ASoC: jz4740-i2s: add missed checks for clk_get()\n (git-fixes).\n\n - ASoC: pcm3168a: The codec does not support S32_LE\n (git-fixes).\n\n - ASoC: pcm: DRAIN support reactivation (git-fixes).\n\n - ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile\n (git-fixes).\n\n - ASoC: sti: fix possible sleep-in-atomic (git-fixes).\n\n - ASoC: wm8904: fix regcache handling (git-fixes).\n\n - ASoC: wm8998: Fix PM disable depth imbalance on error\n (git-fixes).\n\n - ASoC: wm_adsp: Do not generate kcontrols without READ\n flags (git-fixes).\n\n - ASoC: wm_adsp: remove 'ctl' from list on error in\n wm_adsp_create_control() (git-fixes).\n\n - Avoid a GCC warning about '/*' within a comment.\n\n - Bluetooth: Fix advertising duplicated flags (git-fixes).\n\n - Bluetooth: Fix NULL pointer dereference in\n hci_event_packet() (git-fixes).\n\n - Bluetooth: Fix slab-out-of-bounds read in\n hci_le_direct_adv_report_evt() (git-fixes).\n\n - Bluetooth: add a mutex lock to avoid UAF in do_enale_set\n (git-fixes).\n\n - Bluetooth: btusb: Fix detection of some fake CSR\n controllers with a bcdDevice val of 0x0134 (git-fixes).\n\n - Drop a backported uvcvideo patch that caused a\n regression (bsc#1180117) Also blacklisting the commit\n\n - EDAC/amd64: Fix PCI component registration\n (bsc#1112178).\n\n - HID: Add another Primax PIXART OEM mouse quirk\n (git-fixes).\n\n - HID: Fix slab-out-of-bounds read in hid_field_extract\n (bsc#1180052).\n\n - HID: Improve Windows Precision Touchpad detection\n (git-fixes).\n\n - HID: apple: Disable Fn-key key-re-mapping on clone\n keyboards (git-fixes).\n\n - HID: core: Correctly handle ReportSize being zero\n (git-fixes).\n\n - HID: core: check whether Usage Page item is after Usage\n ID items (git-fixes).\n\n - HID: cypress: Support Varmilo Keyboards' media hotkeys\n (git-fixes).\n\n - HID: hid-sensor-hub: Fix issue with devices with no\n report ID (git-fixes).\n\n - HID: intel-ish-hid: fix wrong error handling in\n ishtp_cl_alloc_tx_ring() (git-fixes).\n\n - HID: logitech-hidpp: Silence intermittent\n get_battery_capacity errors (git-fixes).\n\n - HSI: omap_ssi: Do not jump to free ID in\n ssi_add_controller() (git-fixes).\n\n - Input: ads7846 - fix integer overflow on Rt calculation\n (git-fixes).\n\n - Input: ads7846 - fix race that causes missing releases\n (git-fixes).\n\n - Input: ads7846 - fix unaligned access on 7845\n (git-fixes).\n\n - Input: atmel_mxt_ts - disable IRQ across suspend\n (git-fixes).\n\n - Input: cm109 - do not stomp on control URB (git-fixes).\n\n - Input: cros_ec_keyb - send 'scancodes' in addition to\n key events (git-fixes).\n\n - Input: cyapa_gen6 - fix out-of-bounds stack access\n (git-fixes).\n\n - Input: goodix - add upside-down quirk for Teclast X98\n Pro tablet (git-fixes).\n\n - Input: i8042 - add Acer laptops to the i8042 reset list\n (git-fixes).\n\n - Input: i8042 - add ByteSpeed touchpad to noloop table\n (git-fixes).\n\n - Input: i8042 - add Entroware Proteus EL07R4 to nomux and\n reset lists (git-fixes).\n\n - Input: i8042 - allow insmod to succeed on devices\n without an i8042 controller (git-fixes).\n\n - Input: i8042 - fix error return code in\n i8042_setup_aux() (git-fixes).\n\n - Input: omap4-keypad - fix runtime PM error handling\n (git-fixes).\n\n - Input: synaptics - enable InterTouch for ThinkPad X1E\n 1st gen (git-fixes).\n\n - Input: trackpoint - add new trackpoint variant IDs\n (git-fixes).\n\n - Input: trackpoint - enable Synaptics trackpoints\n (git-fixes).\n\n - Input: xpad - support Ardwiino Controllers (git-fixes).\n\n - KVM: x86: reinstate vendor-agnostic check on SPEC_CTRL\n cpuid bits (bsc#1112178).\n\n - NFC: st95hf: Fix memleak in st95hf_in_send_cmd\n (git-fixes).\n\n - NFS: fix nfs_path in case of a rename retry (git-fixes).\n\n - NFSD: Add missing NFSv2 .pc_func methods (git-fixes).\n\n - NFSv4.2: fix client's attribute cache management for\n copy_file_range (git-fixes).\n\n - NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2\n EXCHANGE_ID flag (git-fixes).\n\n - PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X\n Bridges (git-fixes).\n\n - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085\n PCIe-to-PCI bridge (git-fixes).\n\n - PCI: Do not disable decoding when mmio_always_on is set\n (git-fixes).\n\n - PCI: Fix pci_slot_release() NULL pointer dereference\n (git-fixes).\n\n - PM / hibernate: memory_bm_find_bit(): Tighten node\n optimisation (git-fixes).\n\n - PM: ACPI: Output correct message on target power state\n (git-fixes).\n\n - PM: hibernate: Freeze kernel threads in\n software_resume() (git-fixes).\n\n - PM: hibernate: remove the bogus call to get_gendisk() in\n software_resume() (git-fixes).\n\n - Revert 'ACPI / resources: Use AE_CTRL_TERMINATE to\n terminate resources walks' (git-fixes).\n\n - Revert 'ALSA: hda - Fix silent audio output and\n corrupted input on MSI X570-A PRO' (git-fixes).\n\n - Revert 'PM / devfreq: Modify the device name as\n devfreq(X) for sysfs' (git-fixes).\n\n - Revert 'device property: Keep secondary firmware node\n secondary by type' (git-fixes).\n\n - Revert 'platform/x86: wmi: Destroy on cleanup rather\n than unregister' (git-fixes).\n\n - Revert 'powerpc/pseries/hotplug-cpu: Remove double free\n in error path' (bsc#1065729).\n\n - Revert 'serial: amba-pl011: Make sure we initialize the\n port.lock spinlock' (git-fixes).\n\n - SMB3: Honor 'handletimeout' flag for multiuser mounts\n (bsc#1176558).\n\n - SMB3: Honor 'posix' flag for multiuser mounts\n (bsc#1176559).\n\n - SMB3: Honor lease disabling for multiuser mounts\n (git-fixes).\n\n - SUNRPC: Properly set the @subbuf parameter of\n xdr_buf_subsegment() (git-fixes).\n\n - SUNRPC: The RDMA back channel mustn't disappear while\n requests are outstanding (git-fixes).\n\n - USB: Fix: Do not skip endpoint descriptors with\n maxpacket=0 (git-fixes).\n\n - USB: Skip endpoints with 0 maxpacket length (git-fixes).\n\n - USB: UAS: introduce a quirk to set no_write_same\n (git-fixes).\n\n - USB: add RESET_RESUME quirk for Snapscan 1212\n (git-fixes).\n\n - USB: dummy-hcd: Fix uninitialized array use in init()\n (git-fixes).\n\n - USB: gadget: f_acm: add support for SuperSpeed Plus\n (git-fixes).\n\n - USB: gadget: f_midi: setup SuperSpeed Plus descriptors\n (git-fixes).\n\n - USB: gadget: f_rndis: fix bitrate for SuperSpeed and\n above (git-fixes).\n\n - USB: gadget: legacy: fix return error code in\n acm_ms_bind() (git-fixes).\n\n - USB: ldusb: use unsigned size format specifiers\n (git-fixes).\n\n - USB: serial: ch341: add new Product ID for CH341A\n (git-fixes).\n\n - USB: serial: ch341: sort device-id entries (git-fixes).\n\n - USB: serial: digi_acceleport: clean up modem-control\n handling (git-fixes).\n\n - USB: serial: digi_acceleport: clean up set_termios\n (git-fixes).\n\n - USB: serial: digi_acceleport: fix write-wakeup deadlocks\n (git-fixes).\n\n - USB: serial: digi_acceleport: remove in_interrupt()\n usage.\n\n - USB: serial: digi_acceleport: remove redundant\n assignment to pointer priv (git-fixes).\n\n - USB: serial: digi_acceleport: rename tty flag variable\n (git-fixes).\n\n - USB: serial: digi_acceleport: use irqsave() in USB's\n complete callback (git-fixes).\n\n - USB: serial: iuu_phoenix: fix DMA from stack\n (git-fixes).\n\n - USB: serial: keyspan_pda: fix dropped unthrottle\n interrupts (git-fixes).\n\n - USB: serial: keyspan_pda: fix stalled writes\n (git-fixes).\n\n - USB: serial: keyspan_pda: fix tx-unthrottle\n use-after-free (git-fixes).\n\n - USB: serial: keyspan_pda: fix write deadlock\n (git-fixes).\n\n - USB: serial: keyspan_pda: fix write unthrottling\n (git-fixes).\n\n - USB: serial: keyspan_pda: fix write-wakeup\n use-after-free (git-fixes).\n\n - USB: serial: kl5kusb105: fix memleak on open\n (git-fixes).\n\n - USB: serial: mos7720: fix parallel-port state restore\n (git-fixes).\n\n - USB: serial: option: add Fibocom NL668 variants\n (git-fixes).\n\n - USB: serial: option: add interface-number sanity check\n to flag handling (git-fixes).\n\n - USB: serial: option: add support for Thales Cinterion\n EXS82 (git-fixes).\n\n - USB: serial: option: fix Quectel BG96 matching\n (git-fixes).\n\n - USB: xhci: fix U1/U2 handling for hardware with\n XHCI_INTEL_HOST quirk set (git-fixes).\n\n - USB: yurex: fix control-URB timeout handling\n (git-fixes).\n\n - ata/libata: Fix usage of page address by page_address in\n ata_scsi_mode_select_xlat function (git-fixes).\n\n - ath10k: Fix an error handling path (git-fixes).\n\n - ath10k: Release some resources in an error handling path\n (git-fixes).\n\n - ath10k: Remove msdu from idr when management pkt send\n fails (git-fixes).\n\n - ath10k: fix backtrace on coredump (git-fixes).\n\n - ath10k: fix get invalid tx rate for Mesh metric\n (git-fixes).\n\n - ath10k: fix offchannel tx failure when no\n ath10k_mac_tx_frm_has_freq (git-fixes).\n\n - ath6kl: fix enum-conversion warning (git-fixes).\n\n - ath9k_htc: Discard undersized packets (git-fixes).\n\n - ath9k_htc: Modify byte order for an error message\n (git-fixes).\n\n - ath9k_htc: Silence undersized packet warnings\n (git-fixes).\n\n - ath9k_htc: Use appropriate rs_datalen type (git-fixes).\n\n - backlight: lp855x: Ensure regulators are disabled on\n probe failure (git-fixes).\n\n - btmrvl: Fix firmware filename for sd8997 chipset\n (bsc#1172694).\n\n - btrfs: fix use-after-free on readahead extent after\n failure to create it (bsc#1179963).\n\n - btrfs: qgroup: do not commit transaction when we already\n hold the handle (bsc#1178634).\n\n - btrfs: qgroup: do not try to wait flushing if we're\n already holding a transaction (bsc#1179575).\n\n - btrfs: remove a BUG_ON() from merge_reloc_roots()\n (bsc#1174784).\n\n - bus: fsl-mc: fix error return code in\n fsl_mc_object_allocate() (git-fixes).\n\n - can: mcp251x: add error check when wq alloc failed\n (git-fixes).\n\n - can: softing: softing_netdev_open(): fix error handling\n (git-fixes).\n\n - cfg80211: initialize rekey_data (git-fixes).\n\n - cfg80211: regulatory: Fix inconsistent format argument\n (git-fixes).\n\n - cifs: add NULL check for ses->tcon_ipc (bsc#1178270).\n\n - cifs: allow syscalls to be restarted in\n __smb_send_rqst() (bsc#1176956).\n\n - cifs: fix check of tcon dfs in smb1 (bsc#1178270).\n\n - cifs: fix potential use-after-free in\n cifs_echo_request() (bsc#1139944).\n\n - cirrus: cs89x0: remove set but not used variable 'lp'\n (git-fixes).\n\n - cirrus: cs89x0: use devm_platform_ioremap_resource() to\n simplify code (git-fixes).\n\n - clk: at91: usb: continue if clk_hw_round_rate() return\n zero (git-fixes).\n\n - clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9\n (git-fixes).\n\n - clk: qcom: Allow constant ratio freq tables for rcg\n (git-fixes).\n\n - clk: qcom: msm8916: Fix the address location of\n pll->config_reg (git-fixes).\n\n - clk: s2mps11: Fix a resource leak in error handling\n paths in the probe function (git-fixes).\n\n - clk: samsung: exynos5433: Add IGNORE_UNUSED flag to\n sclk_i2s1 (git-fixes).\n\n - clk: sunxi-ng: Make sure divider tables have sentinel\n (git-fixes).\n\n - clk: tegra: Fix Tegra PMC clock out parents (git-fixes).\n\n - clk: tegra: Fix duplicated SE clock entry (git-fixes).\n\n - clk: ti: Fix memleak in ti_fapll_synth_setup\n (git-fixes).\n\n - clk: ti: composite: fix memory leak (git-fixes).\n\n - clk: ti: dra7-atl-clock: Remove ti_clk_add_alias call\n (git-fixes).\n\n - clocksource/drivers/asm9260: Add a check for of_clk_get\n (git-fixes).\n\n - coredump: fix core_pattern parse error (git-fixes).\n\n - cpufreq: highbank: Add missing MODULE_DEVICE_TABLE\n (git-fixes).\n\n - cpufreq: loongson1: Add missing MODULE_ALIAS\n (git-fixes).\n\n - cpufreq: scpi: Add missing MODULE_ALIAS (git-fixes).\n\n - cpufreq: st: Add missing MODULE_DEVICE_TABLE\n (git-fixes).\n\n - crypto: af_alg - avoid undefined behavior accessing\n salg_name (git-fixes).\n\n - crypto: omap-aes - Fix PM disable depth imbalance in\n omap_aes_probe (git-fixes).\n\n - crypto: qat - fix status check in\n qat_hal_put_rel_rd_xfer() (git-fixes).\n\n - crypto: talitos - Fix return type of current_desc_hdr()\n (git-fixes).\n\n - cw1200: fix missing destroy_workqueue() on error in\n cw1200_init_common (git-fixes).\n\n - dmaengine: xilinx_dma: check dma_async_device_register\n return value (git-fixes).\n\n - dmaengine: xilinx_dma: fix mixed_enum_type coverity\n warning (git-fixes).\n\n - docs: Fix reST markup when linking to sections\n (git-fixes).\n\n - drivers: base: Fix NULL pointer exception in\n __platform_driver_probe() if a driver developer is\n foolish (git-fixes).\n\n - drivers: soc: ti: knav_qmss_queue: Fix error return code\n in knav_queue_probe (git-fixes).\n\n - drm/amd/display: remove useless if/else (git-fixes).\n\n - drm/amdgpu: fix build_coefficients() argument\n (git-fixes).\n\n - drm/dp_aux_dev: check aux_dev before use in\n drm_dp_aux_dev_get_by_minor() (git-fixes).\n\n - drm/gma500: Fix out-of-bounds access to struct\n drm_device.vblank[] (bsc#1129770)\n\n - drm/gma500: fix double free of gma_connector\n (git-fixes).\n\n - drm/meson: dw-hdmi: Register a callback to disable the\n regulator (git-fixes).\n\n - drm/msm/dpu: Add newline to printks (git-fixes).\n\n - drm/msm/dsi_phy_10nm: implement PHY disabling\n (git-fixes).\n\n - drm/omap: dmm_tiler: fix return error code in\n omap_dmm_probe() (git-fixes).\n\n - drm/rockchip: Avoid uninitialized use of endpoint id in\n LVDS (git-fixes).\n\n - epoll: Keep a reference on files added to the check list\n (bsc#1180031).\n\n - ethernet: ucc_geth: fix use-after-free in\n ucc_geth_remove() (git-fixes).\n\n - ext4: correctly report 'not supported' for\n (usr,grp)jquota when !CONFIG_QUOTA (bsc#1179672).\n\n - ext4: fix bogus warning in ext4_update_dx_flag()\n (bsc#1179716).\n\n - ext4: fix error handling code in add_new_gdb\n (bsc#1179722).\n\n - ext4: fix invalid inode checksum (bsc#1179723).\n\n - ext4: fix leaking sysfs kobject after failed mount\n (bsc#1179670).\n\n - ext4: limit entries returned when counting fsmap records\n (bsc#1179671).\n\n - ext4: unlock xattr_sem properly in\n ext4_inline_data_truncate() (bsc#1179673).\n\n - extcon: max77693: Fix modalias string (git-fixes).\n\n - fbcon: Fix user font detection test at fbcon_resize().\n (bsc#1112178)\n\n - fbcon: Remove the superfluous break (bsc#1129770)\n\n - firmware: qcom: scm: Ensure 'a0' status code is treated\n as signed (git-fixes).\n\n - fix regression in 'epoll: Keep a reference on files\n added to the check list' (bsc#1180031, git-fixes).\n\n - forcedeth: use per cpu to collect xmit/recv statistics\n (git-fixes).\n\n - fs: Do not invalidate page buffers in\n block_write_full_page() (bsc#1179711).\n\n - geneve: change from tx_error to tx_dropped on missing\n metadata (git-fixes).\n\n - genirq/irqdomain: Add an irq_create_mapping_affinity()\n function (bsc#1065729).\n\n - gpio: arizona: handle pm_runtime_get_sync failure case\n (git-fixes).\n\n - gpio: gpio-grgpio: fix possible sleep-in-atomic-context\n bugs in grgpio_irq_map/unmap() (git-fixes).\n\n - gpio: max77620: Add missing dependency on\n GPIOLIB_IRQCHIP (git-fixes).\n\n - gpio: max77620: Fixup debounce delays (git-fixes).\n\n - gpio: max77620: Use correct unit for debounce times\n (git-fixes).\n\n - gpio: mpc8xxx: Add platform device to gpiochip->parent\n (git-fixes).\n\n - gpio: mvebu: fix potential user-after-free on probe\n (git-fixes).\n\n - gpiolib: acpi: Add honor_wakeup module-option + quirk\n mechanism (git-fixes).\n\n - gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2\n 10 BYT + AXP288 model (git-fixes).\n\n - gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2\n 10 CHT + AXP288 model (git-fixes).\n\n - gpiolib: acpi: Correct comment for HP x2 10 honor_wakeup\n quirk (git-fixes).\n\n - gpiolib: acpi: Rework honor_wakeup option into an\n ignore_wake option (git-fixes).\n\n - gpiolib: acpi: Turn dmi_system_id table into a generic\n quirk table (git-fixes).\n\n - gpiolib: fix up emulated open drain outputs (git-fixes).\n\n - hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow\n (git-fixes).\n\n - hwmon: (jc42) Fix name to have no illegal characters\n (git-fixes).\n\n - i2c: algo: pca: Reapply i2c bus settings after reset\n (git-fixes).\n\n - i2c: i801: Fix resume bug (git-fixes).\n\n - i2c: piix4: Detect secondary SMBus controller on AMD AM4\n chipsets (git-fixes).\n\n - i2c: pxa: clear all master action bits in\n i2c_pxa_stop_message() (git-fixes).\n\n - i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output\n (git-fixes).\n\n - i2c: qup: Fix error return code in\n qup_i2c_bam_schedule_desc() (git-fixes).\n\n - ibmvnic: add some debugs (bsc#1179896 ltc#190255).\n\n - ibmvnic: avoid memset null scrq msgs (bsc#1044767\n ltc#155231 git-fixes).\n\n - ibmvnic: continue fatal error reset after passive init\n (bsc#1171078 ltc#184239 git-fixes).\n\n - ibmvnic: delay next reset if hard reset fails\n (bsc#1094840 ltc#167098 git-fixes).\n\n - ibmvnic: enhance resetting status check during module\n exit (bsc#1065729).\n\n - ibmvnic: fix NULL pointer dereference in\n reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes).\n\n - ibmvnic: fix call_netdevice_notifiers in do_reset\n (bsc#1115431 ltc#171853 git-fixes).\n\n - ibmvnic: fix: NULL pointer dereference (bsc#1044767\n ltc#155231 git-fixes).\n\n - ibmvnic: notify peers when failover and migration happen\n (bsc#1044120 ltc#155423 git-fixes).\n\n - ibmvnic: restore adapter state on failed reset\n (bsc#1152457 ltc#174432 git-fixes).\n\n - iio: adc: max1027: Reset the device at probe time\n (git-fixes).\n\n - iio: adc: rockchip_saradc: fix missing\n clk_disable_unprepare() on error in\n rockchip_saradc_resume (git-fixes).\n\n - iio: bmp280: fix compensation of humidity (git-fixes).\n\n - iio: buffer: Fix demux update (git-fixes).\n\n - iio: dac: ad5592r: fix unbalanced mutex unlocks in\n ad5592r_read_raw() (git-fixes).\n\n - iio: fix center temperature of bmc150-accel-core\n (git-fixes).\n\n - iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel\n reporting (git-fixes).\n\n - iio: light: bh1750: Resolve compiler warning and make\n code more readable (git-fixes).\n\n - iio: srf04: fix wrong limitation in distance measuring\n (git-fixes).\n\n - iio:imu:bmi160: Fix too large a buffer (git-fixes).\n\n - iio:pressure:mpl3115: Force alignment of buffer\n (git-fixes).\n\n - inet_ecn: Fix endianness of checksum update when setting\n ECT(1) (git-fixes).\n\n - ipw2x00: Fix -Wcast-function-type (git-fixes).\n\n - irqchip/alpine-msi: Fix freeing of interrupts on\n allocation error path (git-fixes).\n\n - iwlwifi: mvm: fix kernel panic in case of assert during\n CSA (git-fixes).\n\n - iwlwifi: mvm: fix unaligned read of rx_pkt_status\n (git-fixes).\n\n - iwlwifi: pcie: limit memory read spin time (git-fixes).\n\n - kABI fix for g2d (git-fixes).\n\n - kABI workaround for HD-audio generic parser (git-fixes).\n\n - kABI workaround for dsa/b53 changes (git-fixes).\n\n - kABI workaround for net/ipvlan changes (git-fixes).\n\n - kABI: ath10k: move a new structure member to the end\n (git-fixes).\n\n - kABI: genirq: add back irq_create_mapping (bsc#1065729).\n\n - kernel-source.spec: Fix build with rpm 4.16\n (boo#1179015).\n\n - kernel-(binary,source).spec.in: do not create loop\n symlinks (bsc#1179082)\n\n - kgdb: Fix spurious true from in_dbg_master()\n (git-fixes).\n\n - mac80211: Check port authorization in the\n ieee80211_tx_dequeue() case (git-fixes).\n\n - mac80211: allow rx of mesh eapol frames with default rx\n key (git-fixes).\n\n - mac80211: do not set set TDLS STA bandwidth wider than\n possible (git-fixes).\n\n - mac80211: fix authentication with iwlwifi/mvm\n (git-fixes).\n\n - mac80211: fix use of skb payload instead of header\n (git-fixes).\n\n - mac80211: mesh: fix mesh_pathtbl_init() error path\n (git-fixes).\n\n - matroxfb: avoid -Warray-bounds warning (git-fixes).\n\n - md-cluster: fix rmmod issue when md_cluster convert\n bitmap to none (bsc#1163727).\n\n - md-cluster: fix safemode_delay value when converting to\n clustered bitmap (bsc#1163727).\n\n - md-cluster: fix wild pointer of unlock_all_bitmaps()\n (bsc#1163727).\n\n - md/bitmap: fix memory leak of temporary bitmap\n (bsc#1163727).\n\n - md/bitmap: md_bitmap_get_counter returns wrong blocks\n (bsc#1163727).\n\n - md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks\n (bsc#1163727).\n\n - md/cluster: block reshape with remote resync job\n (bsc#1163727).\n\n - md/cluster: fix deadlock when node is doing resync job\n (bsc#1163727).\n\n - md/raid5: fix oops during stripe resizing (git-fixes).\n\n - media: am437x-vpfe: Setting STD to current value is not\n an error (git-fixes).\n\n - media: cec-funcs.h: add status_req checks (git-fixes).\n\n - media: cx88: Fix some error handling path in\n 'cx8800_initdev()' (git-fixes).\n\n - media: gp8psk: initialize stats at power control logic\n (git-fixes).\n\n - media: gspca: Fix memory leak in probe (git-fixes).\n\n - media: i2c: mt9v032: fix enum mbus codes and frame sizes\n (git-fixes).\n\n - media: i2c: ov2659: Fix missing 720p register config\n (git-fixes).\n\n - media: i2c: ov2659: fix s_stream return value\n (git-fixes).\n\n - media: msi2500: assign SPI bus number dynamically\n (git-fixes).\n\n - media: mtk-mdp: Fix a refcounting bug on error in init\n (git-fixes).\n\n - media: mtk-vcodec: add missing put_device() call in\n mtk_vcodec_release_dec_pm() (git-fixes).\n\n - media: platform: add missing put_device() call in\n mtk_jpeg_probe() and mtk_jpeg_remove() (git-patches).\n\n - media: pvrusb2: Fix oops on tear-down when radio support\n is not present (git-fixes).\n\n - media: s5p-g2d: Fix a memory leak in an error handling\n path in 'g2d_probe()' (git-fixes).\n\n - media: saa7146: fix array overflow in vidioc_s_audio()\n (git-fixes).\n\n - media: si470x-i2c: add missed operations in remove\n (git-fixes).\n\n - media: siano: fix memory leak of debugfs members in\n smsdvb_hotplug (git-fixes).\n\n - media: solo6x10: fix missing snd_card_free in error\n handling case (git-fixes).\n\n - media: sti: bdisp: fix a possible\n sleep-in-atomic-context bug in bdisp_device_run()\n (git-fixes).\n\n - media: sunxi-cir: ensure IR is handled when it is\n continuous (git-fixes).\n\n - media: ti-vpe: vpe: Make sure YUYV is set as default\n format (git-fixes).\n\n - media: ti-vpe: vpe: ensure buffers are cleaned up\n properly in abort cases (git-fixes).\n\n - media: ti-vpe: vpe: fix a v4l2-compliance failure about\n frame sequence number (git-fixes).\n\n - media: ti-vpe: vpe: fix a v4l2-compliance failure about\n invalid sizeimage (git-fixes).\n\n - media: ti-vpe: vpe: fix a v4l2-compliance failure\n causing a kernel panic (git-fixes).\n\n - media: ti-vpe: vpe: fix a v4l2-compliance warning about\n invalid pixel format (git-fixes).\n\n - media: uvcvideo: Set media controller entity functions\n (git-fixes).\n\n - media: uvcvideo: Silence shift-out-of-bounds warning\n (git-fixes).\n\n - media: v4l2-async: Fix trivial documentation typo\n (git-fixes).\n\n - media: v4l2-core: fix touch support in v4l_g_fmt\n (git-fixes).\n\n - media: v4l2-device.h: Explicitly compare grp(id,mask) to\n zero in v4l2_device macros (git-fixes).\n\n - mei: bus: do not clean driver pointer (git-fixes).\n\n - mei: protect mei_cl_mtu from null dereference\n (git-fixes).\n\n - memstick: fix a double-free bug in memstick_check\n (git-fixes).\n\n - memstick: r592: Fix error return in r592_probe()\n (git-fixes).\n\n - mfd: rt5033: Fix errorneous defines (git-fixes).\n\n - mfd: wm8994: Fix driver operation if loaded as modules\n (git-fixes).\n\n - misc: vmw_vmci: fix kernel info-leak by initializing\n dbells in vmci_ctx_get_chkpt_doorbells() (git-fixes).\n\n - mm,memory_failure: always pin the page in\n madvise_inject_error (bsc#1180258).\n\n - mm/userfaultfd: do not access vma->vm_mm after calling\n handle_userfault() (bsc#1179204).\n\n - mm: do not wake kswapd prematurely when watermark\n boosting is disabled (git fixes (mm/vmscan)).\n\n - mwifiex: fix mwifiex_shutdown_sw() causing sw reset\n failure (git-fixes).\n\n - net/smc: fix valid DMBE buffer sizes (git-fixes).\n\n - net/x25: prevent a couple of overflows (bsc#1178590).\n\n - net: aquantia: Fix aq_vec_isr_legacy() return value\n (git-fixes).\n\n - net: aquantia: fix LRO with FCS error (git-fixes).\n\n - net: bcmgenet: reapply manual settings to the PHY\n (git-fixes).\n\n - net: broadcom/bcmsysport: Fix signedness in\n bcm_sysport_probe() (git-fixes).\n\n - net: dsa: b53: Always use dev->vlan_enabled in\n b53_configure_vlan() (git-fixes).\n\n - net: dsa: b53: Ensure the default VID is untagged\n (git-fixes).\n\n - net: dsa: b53: Fix default VLAN ID (git-fixes).\n\n - net: dsa: b53: Properly account for VLAN filtering\n (git-fixes).\n\n - net: dsa: bcm_sf2: Do not assume DSA master supports WoL\n (git-fixes).\n\n - net: dsa: bcm_sf2: potential array overflow in\n bcm_sf2_sw_suspend() (git-fixes).\n\n - net: dsa: qca8k: remove leftover phy accessors\n (git-fixes).\n\n - net: ethernet: stmmac: Fix signedness bug in\n ipq806x_gmac_of_parse() (git-fixes).\n\n - net: ethernet: ti: cpsw: clear all entries when delete\n vid (git-fixes).\n\n - net: ethernet: ti: cpsw: fix runtime_pm while add/kill\n vlan (git-fixes).\n\n - net: hisilicon: Fix signedness bug in\n hix5hd2_dev_probe() (git-fixes).\n\n - net: macb: add missing barriers when reading descriptors\n (git-fixes).\n\n - net: macb: fix dropped RX frames due to a race\n (git-fixes).\n\n - net: macb: fix error format in dev_err() (git-fixes).\n\n - net: macb: fix random memory corruption on RX with\n 64-bit DMA (git-fixes). - blacklist.conf :\n\n - net: pasemi: fix an use-after-free in\n pasemi_mac_phy_init() (git-fixes).\n\n - net: phy: Avoid multiple suspends (git-fixes).\n\n - net: phy: micrel: Discern KSZ8051 and KSZ8795 PHYs\n (git-fixes).\n\n - net: phy: micrel: make sure the factory test bit is\n cleared (git-fixes).\n\n - net: qca_spi: Move reset_count to struct qcaspi\n (git-fixes).\n\n - net: seeq: Fix the function used to release some memory\n in an error handling path (git-fixes).\n\n - net: sh_eth: fix a missing check of of_get_phy_mode\n (git-fixes).\n\n - net: sonic: replace dev_kfree_skb in sonic_send_packet\n (git-fixes).\n\n - net: sonic: return NETDEV_TX_OK if failed to map buffer\n (git-fixes).\n\n - net: stmmac: Fix reception of Broadcom switches tags\n (git-fixes).\n\n - net: stmmac: dwmac-meson8b: Fix signedness bug in probe\n (git-fixes).\n\n - net: stmmac: fix csr_clk can't be zero issue\n (git-fixes).\n\n - net: stmmac: fix length of PTP clock's name string\n (git-fixes).\n\n - net: stmmac: gmac4+: Not all Unicast addresses may be\n available (git-fixes).\n\n - net: usb: sr9800: fix uninitialized local variable\n (git-fixes).\n\n - net:ethernet:aquantia: Extra spinlocks removed\n (git-fixes).\n\n - nfc: s3fwrn5: Release the nfc firmware (git-fixes).\n\n - nfc: s3fwrn5: add missing release on skb in\n s3fwrn5_recv_frame (git-fixes).\n\n - ocfs2: fix unbalanced locking (bsc#1180506).\n\n - ocfs2: initialize ip_next_orphan (bsc#1179724).\n\n - orinoco: Move context allocation after processing the\n skb (git-fixes).\n\n - pNFS/flexfiles: Fix list corruption if the mirror count\n changes (git-fixes).\n\n - parport: load lowlevel driver if ports not found\n (git-fixes).\n\n - phy: Revert toggling reset changes (git-fixes).\n\n - pinctrl: amd: fix __iomem annotation in\n amd_gpio_irq_handler() (git-fixes).\n\n - pinctrl: amd: fix npins for uart0 in kerncz_groups\n (git-fixes).\n\n - pinctrl: amd: remove debounce filter setting in IRQ type\n setting (git-fixes).\n\n - pinctrl: baytrail: Avoid clearing debounce value when\n turning it off (git-fixes).\n\n - pinctrl: falcon: add missing put_device() call in\n pinctrl_falcon_probe() (git-fixes).\n\n - pinctrl: merrifield: Set default bias in case no\n particular value given (git-fixes).\n\n - pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B\n (git-fixes).\n\n - platform/x86: acer-wmi: add automatic keyboard\n background light toggle key as KEY_LIGHTS_TOGGLE\n (git-fixes).\n\n - platform/x86: dell-smbios-base: Fix error return code in\n dell_smbios_init (git-fixes).\n\n - platform/x86: mlx-platform: Fix item counter assignment\n for MSN2700, MSN24xx systems (git-fixes).\n\n - platform/x86: mlx-platform: Remove PSU EEPROM from\n MSN274x platform configuration (git-fixes).\n\n - platform/x86: mlx-platform: Remove PSU EEPROM from\n default platform configuration (git-fixes).\n\n - platform/x86: mlx-platform: remove an unused variable\n (git-fixes).\n\n - power: supply: bq24190_charger: fix reference leak\n (git-fixes).\n\n - power: supply: bq27xxx_battery: Silence deferred-probe\n error (git-fixes).\n\n - powerpc/64: Set up a kernel stack for secondaries before\n cpu_restore() (bsc#1065729).\n\n - powerpc/64s/pseries: Fix hash tlbiel_all_isa300 for\n guest kernels (bsc#1179888 ltc#190253).\n\n - powerpc/64s: Fix hash ISA v3.0 TLBIEL instruction\n generation (bsc#1055117 ltc#159753 git-fixes bsc#1179888\n ltc#190253).\n\n - powerpc/pci: Fix broken INTx configuration via OF\n (bsc#1172145 ltc#184630).\n\n - powerpc/pci: Remove LSI mappings on device teardown\n (bsc#1172145 ltc#184630).\n\n - powerpc/pci: Remove legacy debug code (bsc#1172145\n ltc#184630 git-fixes).\n\n - powerpc/pci: Use of_irq_parse_and_map_pci() helper\n (bsc#1172145 ltc#184630).\n\n - powerpc/perf: Add generic compat mode pmu driver\n (bsc#1178900 ltc#189284).\n\n - powerpc/perf: Fix crash with is_sier_available when pmu\n is not set (bsc#1179578 ltc#189313).\n\n - powerpc/perf: Fix crashes with generic_compat_pmu & BHRB\n (bsc#1178900 ltc#189284 git-fixes).\n\n - powerpc/perf: init pmu from core-book3s (bsc#1178900\n ltc#189284).\n\n - powerpc/pseries/hibernation: remove redundant cacheinfo\n update (bsc#1138374 ltc#178199 git-fixes).\n\n - powerpc/pseries: Pass MSI affinity to\n irq_create_mapping() (bsc#1065729).\n\n - powerpc/smp: Add __init to init_big_cores() (bsc#1109695\n ltc#171067 git-fixes).\n\n - powerpc/xmon: Change printk() to pr_cont()\n (bsc#1065729).\n\n - powerpc: Convert to using %pOF instead of full_name\n (bsc#1172145 ltc#184630).\n\n - powerpc: Fix incorrect stw(, ux, u, x) instructions in\n __set_pte_at (bsc#1065729).\n\n - ppp: remove the PPPIOCDETACH ioctl (git-fixes).\n\n - pwm: lp3943: Dynamically allocate PWM chip base\n (git-fixes).\n\n - quota: clear padding in v2r1_mem2diskdqb()\n (bsc#1179714).\n\n - radeon: insert 10ms sleep in dce5_crtc_load_lut\n (git-fixes).\n\n - ravb: Fix use-after-free ravb_tstamp_skb (git-fixes).\n\n - regmap: Remove duplicate `type` field from regmap\n `regcache_sync` trace event (git-fixes).\n\n - regmap: debugfs: check count when read regmap file\n (git-fixes).\n\n - regmap: dev_get_regmap_match(): fix string comparison\n (git-fixes).\n\n - regulator: max8907: Fix the usage of uninitialized\n variable in max8907_regulator_probe() (git-fixes).\n\n - regulator: pfuze100-regulator: Variable 'val' in\n pfuze100_regulator_probe() could be uninitialized\n (git-fixes).\n\n - regulator: ti-abb: Fix timeout in\n ti_abb_wait_txdone/ti_abb_clear_all_txdone (git-fixes).\n\n - reiserfs: Fix oops during mount (bsc#1179715).\n\n - reiserfs: Initialize inode keys properly (bsc#1179713).\n\n - remoteproc: Fix wrong rvring index computation\n (git-fixes).\n\n - rfkill: Fix incorrect check to avoid NULL pointer\n dereference (git-fixes).\n\n - rpm/kernel-binary.spec.in: avoid using barewords\n (bsc#1179014) \n\n - rpm/kernel-binary.spec.in: avoid using more barewords\n (bsc#1179014) \n\n - rpm/kernel-binary.spec.in: use grep -E instead of egrep\n (bsc#1179045) \n\n - rpm/kernel-obs-build.spec.in: Add -q option to modprobe\n calls (bsc#1178401)\n\n - rpm/kernel-(source,binary).spec: do not include ghost\n symlinks (boo#1179082).\n\n - rtc: 88pm860x: fix possible race condition (git-fixes).\n\n - rtc: hym8563: enable wakeup when applicable (git-fixes).\n\n - rtl8xxxu: fix RTL8723BU connection failure issue after\n warm reboot (git-fixes).\n\n - rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt()\n (git-fixes).\n\n - s390/bpf: Fix multiple tail calls (git-fixes).\n\n - s390/cpuinfo: show processor physical address\n (git-fixes).\n\n - s390/cpum_sf.c: fix file permission for cpum_sfb_size\n (git-fixes).\n\n - s390/dasd: fix hanging device offline processing\n (bsc#1144912).\n\n - s390/dasd: fix NULL pointer dereference for ERP requests\n (git-fixes).\n\n - s390/pci: fix CPU address in MSI for directed IRQ\n (git-fixes).\n\n - s390/qeth: fix af_iucv notification race (git-fixes).\n\n - s390/qeth: fix tear down of async TX buffers\n (git-fixes).\n\n - s390/qeth: make af_iucv TX notification call more robust\n (git-fixes).\n\n - s390/stp: add locking to sysfs functions (git-fixes).\n\n - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (git-fixes).\n\n - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros:\n section\n\n - scsi: Remove unneeded break statements (bsc#1164780).\n\n - scsi: core: Fix VPD LUN ID designator priorities\n (bsc#1178049, git-fixes).\n\n - scsi: lpfc: Add FDMI Vendor MIB support (bsc#1164780).\n\n - scsi: lpfc: Convert SCSI I/O completions to SLI-3 and\n SLI-4 handlers (bsc#1164780).\n\n - scsi: lpfc: Convert SCSI path to use common I/O\n submission path (bsc#1164780).\n\n - scsi: lpfc: Convert abort handling to SLI-3 and SLI-4\n handlers (bsc#1164780).\n\n - scsi: lpfc: Correct null ndlp reference on routine exit\n (bsc#1164780).\n\n - scsi: lpfc: Drop nodelist reference on error in\n lpfc_gen_req() (bsc#1164780).\n\n - scsi: lpfc: Enable common send_io interface for SCSI and\n NVMe (bsc#1164780).\n\n - scsi: lpfc: Enable common wqe_template support for both\n SCSI and NVMe (bsc#1164780).\n\n - scsi: lpfc: Enlarge max_sectors in scsi host templates\n (bsc#1164780).\n\n - scsi: lpfc: Extend the RDF FPIN Registration descriptor\n for additional events (bsc#1164780).\n\n - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in\n pt2pt discovery (bsc#1164780).\n\n - scsi: lpfc: Fix NPIV Fabric Node reference counting\n (bsc#1164780).\n\n - scsi: lpfc: Fix NPIV discovery and Fabric Node detection\n (bsc#1164780).\n\n - scsi: lpfc: Fix duplicate wq_create_version check\n (bsc#1164780).\n\n - scsi: lpfc: Fix fall-through warnings for Clang\n (bsc#1164780).\n\n - scsi: lpfc: Fix invalid sleeping context in\n lpfc_sli4_nvmet_alloc() (bsc#1164780).\n\n - scsi: lpfc: Fix memory leak on lcb_context\n (bsc#1164780).\n\n - scsi: lpfc: Fix missing prototype for\n lpfc_nvmet_prep_abort_wqe() (bsc#1164780).\n\n - scsi: lpfc: Fix missing prototype warning for\n lpfc_fdmi_vendor_attr_mi() (bsc#1164780).\n\n - scsi: lpfc: Fix pointer defereference before it is null\n checked issue (bsc#1164780).\n\n - scsi: lpfc: Fix refcounting around SCSI and NVMe\n transport APIs (bsc#1164780).\n\n - scsi: lpfc: Fix removal of SCSI transport device get and\n put on dev structure (bsc#1164780).\n\n - scsi: lpfc: Fix scheduling call while in softirq context\n in lpfc_unreg_rpi (bsc#1164780).\n\n - scsi: lpfc: Fix set but not used warnings from Rework\n remote port lock handling (bsc#1164780).\n\n - scsi: lpfc: Fix set but unused variables in\n lpfc_dev_loss_tmo_handler() (bsc#1164780).\n\n - scsi: lpfc: Fix spelling mistake 'Cant' -> 'Can't'\n (bsc#1164780).\n\n - scsi: lpfc: Fix variable 'vport' set but not used in\n lpfc_sli4_abts_err_handler() (bsc#1164780).\n\n - scsi: lpfc: Refactor WQE structure definitions for\n common use (bsc#1164780).\n\n - scsi: lpfc: Reject CT request for MIB commands\n (bsc#1164780).\n\n - scsi: lpfc: Remove dead code on second !ndlp check\n (bsc#1164780).\n\n - scsi: lpfc: Remove ndlp when a PLOGI/ADISC/PRLI/REG_RPI\n ultimately fails (bsc#1164780).\n\n - scsi: lpfc: Remove set but not used 'qp' (bsc#1164780).\n\n - scsi: lpfc: Remove unneeded variable 'status' in\n lpfc_fcp_cpu_map_store() (bsc#1164780).\n\n - scsi: lpfc: Removed unused macros in lpfc_attr.c\n (bsc#1164780).\n\n - scsi: lpfc: Rework locations of ndlp reference taking\n (bsc#1164780).\n\n - scsi: lpfc: Rework remote port lock handling\n (bsc#1164780).\n\n - scsi: lpfc: Rework remote port ref counting and node\n freeing (bsc#1164780).\n\n - scsi: lpfc: Unsolicited ELS leaves node in incorrect\n state while dropping it (bsc#1164780).\n\n - scsi: lpfc: Update changed file copyrights for 2020\n (bsc#1164780).\n\n - scsi: lpfc: Update lpfc version to 12.8.0.4\n (bsc#1164780).\n\n - scsi: lpfc: Update lpfc version to 12.8.0.5\n (bsc#1164780).\n\n - scsi: lpfc: Update lpfc version to 12.8.0.6\n (bsc#1164780).\n\n - scsi: lpfc: Use generic power management (bsc#1164780).\n\n - scsi: lpfc: lpfc_attr: Demote kernel-doc format for\n redefined functions (bsc#1164780).\n\n - scsi: lpfc: lpfc_attr: Fix-up a bunch of kernel-doc\n misdemeanours (bsc#1164780).\n\n - scsi: lpfc: lpfc_debugfs: Fix a couple of function\n documentation issues (bsc#1164780).\n\n - scsi: lpfc: lpfc_scsi: Fix a whole host of kernel-doc\n issues (bsc#1164780).\n\n - scsi: qla2xxx: Change post del message from debug level\n to log level (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Convert to DEFINE_SHOW_ATTRIBUTE\n (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Do not check for fw_started while posting\n NVMe command (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Do not consume srb greedily (bsc#1172538\n bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG\n (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Fix FW initialization error on big endian\n machines (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Fix N2N and NVMe connect retry failure\n (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Fix compilation issue in PPC systems\n (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Fix crash during driver load on big\n endian machines (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Fix device loss on 4G and older HBAs\n (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Fix flash update in 28XX adapters on big\n endian machines (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Fix return of uninitialized value in rval\n (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Fix the call trace for flush workqueue\n (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Handle aborts correctly for port\n undergoing deletion (bsc#1172538 bsc#1179142\n bsc#1179810).\n\n - scsi: qla2xxx: Handle incorrect entry_type entries\n (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: If fcport is undergoing deletion complete\n I/O with retry (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Initialize variable in qla8044_poll_reg()\n (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Limit interrupt vectors to number of CPUs\n (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Move sess cmd list/lock to driver\n (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Remove in_interrupt() from\n qla82xx-specific code (bsc#1172538 bsc#1179142\n bsc#1179810).\n\n - scsi: qla2xxx: Remove in_interrupt() from\n qla83xx-specific code (bsc#1172538 bsc#1179142\n bsc#1179810).\n\n - scsi: qla2xxx: Remove trailing semicolon in macro\n definition (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Return EBUSY on fcport deletion\n (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Tear down session if FW say it is down\n (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Update version to 10.02.00.104-k\n (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Use constant when it is known\n (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: remove incorrect sparse #ifdef\n (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: storvsc: Fix error return in storvsc_probe()\n (git-fixes).\n\n - scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt())\n (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - serial: 8250_omap: Avoid FIFO corruption caused by MDR1\n access (git-fixes).\n\n - serial: 8250_pci: Add Realtek 816a and 816b (git-fixes).\n\n - serial: amba-pl011: Make sure we initialize the\n port.lock spinlock (git-fixes).\n\n - serial: ar933x_uart: set UART_CS_(RX,TX)_READY_ORIDE\n (git-fixes).\n\n - serial: txx9: add missing platform_driver_unregister()\n on error in serial_txx9_init (git-fixes).\n\n - serial_core: Check for port state when tty is in error\n state (git-fixes).\n\n - soc/tegra: fuse: Fix index bug in get_process_id\n (git-fixes).\n\n - soc: imx: gpc: fix power up sequencing (git-fixes).\n\n - soc: mediatek: Check if power domains can be powered on\n at boot time (git-fixes).\n\n - soc: qcom: smp2p: Safely acquire spinlock without IRQs\n (git-fixes).\n\n - soc: ti: Fix reference imbalance in knav_dma_probe\n (git-fixes).\n\n - soc: ti: knav_qmss: fix reference leak in\n knav_queue_probe (git-fixes).\n\n - spi: Add call to spi_slave_abort() function when spidev\n driver is released (git-fixes).\n\n - spi: Fix memory leak on splited transfers (git-fixes).\n\n - spi: bcm63xx-hsspi: fix missing clk_disable_unprepare()\n on error in bcm63xx_hsspi_resume (git-fixes).\n\n - spi: davinci: Fix use-after-free on unbind (git-fixes).\n\n - spi: dw: Enable interrupts in accordance with DMA xfer\n mode (git-fixes).\n\n - spi: dw: Fix Rx-only DMA transfers (git-fixes).\n\n - spi: dw: Return any value retrieved from the\n dma_transfer callback (git-fixes).\n\n - spi: img-spfi: fix potential double release (git-fixes).\n\n - spi: img-spfi: fix reference leak in img_spfi_resume\n (git-fixes).\n\n - spi: pic32: Do not leak DMA channels in probe error path\n (git-fixes).\n\n - spi: pxa2xx: Add missed security checks (git-fixes).\n\n - spi: spi-cavium-thunderx: Add missing\n pci_release_regions() (git-fixes).\n\n - spi: spi-loopback-test: Fix out-of-bounds read\n (git-fixes).\n\n - spi: spi-mem: Fix passing zero to 'PTR_ERR' warning\n (git-fixes).\n\n - spi: spi-mem: fix reference leak in spi_mem_access_start\n (git-fixes).\n\n - spi: spi-ti-qspi: fix reference leak in ti_qspi_setup\n (git-fixes).\n\n - spi: spidev: fix a potential use-after-free in\n spidev_release() (git-fixes).\n\n - spi: st-ssc4: Fix unbalanced pm_runtime_disable() in\n probe error path (git-fixes).\n\n - spi: st-ssc4: add missed pm_runtime_disable (git-fixes).\n\n - spi: tegra114: fix reference leak in tegra spi ops\n (git-fixes).\n\n - spi: tegra20-sflash: fix reference leak in\n tegra_sflash_resume (git-fixes).\n\n - spi: tegra20-slink: add missed clk_unprepare\n (git-fixes).\n\n - spi: tegra20-slink: fix reference leak in slink ops of\n tegra20 (git-fixes).\n\n - splice: only read in as much information as there is\n pipe buffer space (bsc#1179520).\n\n - staging: comedi: check validity of wMaxPacketSize of usb\n endpoints found (git-fixes).\n\n - staging: comedi: gsc_hpdi: check dma_alloc_coherent()\n return value (git-fixes).\n\n - staging: comedi: mf6x4: Fix AI end-of-conversion\n detection (git-fixes).\n\n - staging: olpc_dcon: Do not call\n platform_device_unregister() in dcon_probe()\n (git-fixes).\n\n - staging: olpc_dcon: add a missing dependency\n (git-fixes).\n\n - staging: rtl8188eu: Add device code for TP-Link\n TL-WN727N v5.21 (git-fixes).\n\n - staging: rtl8188eu: Add device id for MERCUSYS MW150US\n v2 (git-fixes).\n\n - staging: rtl8188eu: fix possible null dereference\n (git-fixes).\n\n - staging: rtl8192u: fix multiple memory leaks on error\n path (git-fixes).\n\n - staging: vt6656: set usb_set_intfdata on driver fail\n (git-fixes).\n\n - staging: wlan-ng: fix out of bounds read in\n prism2sta_probe_usb() (git-fixes).\n\n - staging: wlan-ng: properly check endpoint types\n (git-fixes).\n\n - sunrpc: fixed rollback in rpc_gssd_dummy_populate()\n (git-fixes).\n\n - thunderbolt: Use 32-bit writes when writing ring\n producer/consumer (git-fixes).\n\n - timer: Fix wheel index calculation on last level (git\n fixes)\n\n - timer: Prevent base->clk from moving backward\n (git-fixes)\n\n - tty: Fix ->pgrp locking in tiocspgrp() (git-fixes).\n\n - tty: always relink the port (git-fixes).\n\n - tty: link tty and port before configuring it as console\n (git-fixes).\n\n - tty: synclink_gt: Adjust indentation in several\n functions (git-fixes).\n\n - tty: synclinkmp: Adjust indentation in several functions\n (git-fixes).\n\n - tty:serial:mvebu-uart:fix a wrong return (git-fixes).\n\n - uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define\n (git-fixes).\n\n - uapi/if_ether.h: prevent redefinition of struct ethhdr\n (git-fixes).\n\n - usb: chipidea: ci_hdrc_imx: Pass\n DISABLE_DEVICE_STREAMING flag to imx6ul (git-fixes).\n\n - usb: chipidea: ci_hdrc_imx: add missing put_device()\n call in usbmisc_get_init_data() (git-fixes).\n\n - usb: dwc2: Fix IN FIFO allocation (git-fixes).\n\n - usb: dwc3: remove the call trace of USBx_GFLADJ\n (git-fixes).\n\n - usb: dwc3: ulpi: Use VStsDone to detect PHY regs access\n completion (git-fixes).\n\n - usb: ehci-omap: Fix PM disable depth umbalance in\n ehci_hcd_omap_probe (git-fixes).\n\n - usb: fsl: Check memory resource before releasing it\n (git-fixes).\n\n - usb: gadget: composite: Fix possible double free memory\n bug (git-fixes).\n\n - usb: gadget: configfs: Fix missing spin_lock_init()\n (git-fixes).\n\n - usb: gadget: configfs: Preserve function ordering after\n bind failure (git-fixes).\n\n - usb: gadget: configfs: fix concurrent issue between\n composite APIs (git-fixes).\n\n - usb: gadget: f_fs: Use local copy of descriptors for\n userspace copy (git-fixes).\n\n - usb: gadget: f_uac2: reset wMaxPacketSize (git-fixes).\n\n - usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ\n flags (git-fixes).\n\n - usb: gadget: fix wrong endpoint desc (git-fixes).\n\n - usb: gadget: goku_udc: fix potential crashes in probe\n (git-fixes).\n\n - usb: gadget: net2280: fix memory leak on probe error\n handling paths (git-fixes).\n\n - usb: gadget: select CONFIG_CRC32 (git-fixes).\n\n - usb: gadget: serial: fix Tx stall after buffer overflow\n (git-fixes).\n\n - usb: gadget: udc: fix possible sleep-in-atomic-context\n bugs in gr_probe() (git-fixes).\n\n - usb: gadget: udc: gr_udc: fix memleak on error handling\n path in gr_ep_init() (git-fixes).\n\n - usb: hso: Fix debug compile warning on sparc32\n (git-fixes).\n\n - usb: musb: omap2430: Get rid of musb .set_vbus for\n omap2430 glue (git-fixes).\n\n - usb: oxu210hp-hcd: Fix memory leak in oxu_create\n (git-fixes).\n\n - usb: usbfs: Suppress problematic bind and unbind uevents\n (git-fixes).\n\n - usblp: poison URBs upon disconnect (git-fixes).\n\n - usbnet: ipheth: fix connectivity with iOS 14\n (git-fixes).\n\n - video: fbdev: neofb: fix memory leak in\n neo_scan_monitor() (git-fixes).\n\n - vt: Reject zero-sized screen buffer size (git-fixes).\n\n - vt: do not hardcode the mem allocation upper bound\n (git-fixes).\n\n - wan: ds26522: select CONFIG_BITREVERSE (git-fixes).\n\n - watchdog: coh901327: add COMMON_CLK dependency\n (git-fixes).\n\n - watchdog: da9062: No need to ping manually before\n setting timeout (git-fixes).\n\n - watchdog: da9062: do not ping the hw during stop()\n (git-fixes).\n\n - watchdog: qcom: Avoid context switch in restart handler\n (git-fixes).\n\n - watchdog: sirfsoc: Add missing dependency on HAS_IOMEM\n (git-fixes).\n\n - wil6210: select CONFIG_CRC32 (git-fixes).\n\n - wimax: fix duplicate initializer warning (git-fixes).\n\n - wireless: Use linux/stddef.h instead of stddef.h\n (git-fixes).\n\n - wireless: Use offsetof instead of custom macro\n (git-fixes).\n\n - x86/apic: Fix integer overflow on 10 bit left shift of\n cpu_khz (bsc#1112178).\n\n - x86/i8259: Use printk_deferred() to prevent deadlock\n (bsc#1112178).\n\n - x86/insn-eval: Use new for_each_insn_prefix() macro to\n loop over prefixes bytes (bsc#1112178).\n\n - x86/mm/ident_map: Check for errors from ident_pud_init()\n (bsc#1112178).\n\n - x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP\n (bsc#1112178).\n\n - x86/mm/numa: Remove uninitialized_var() usage\n (bsc#1112178).\n\n - x86/mm: Fix leak of pmd ptlock (bsc#1112178).\n\n - x86/mtrr: Correct the range check before performing MTRR\n type lookups (bsc#1112178).\n\n - x86/resctrl: Add necessary kernfs_put()
[SECURITY] Fedora 33 Update: kernel-headers-5.10.6-200.fc33
