{"nessus": [{"lastseen": "2022-06-15T16:54:38", "description": "The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-68b0dd2373 advisory.\n\n - An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25. (CVE-2021-28951)\n\n - An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This has been fixed in 5.12-rc4.) (CVE-2021-28952)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8. (CVE-2021-28972)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-26T00:00:00", "type": "nessus", "title": "Fedora 33 : kernel (2021-68b0dd2373)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28951", "CVE-2021-28952", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "p-cpe:/a:fedoraproject:fedora:kernel"], "id": "FEDORA_2021-68B0DD2373.NASL", "href": "https://www.tenable.com/plugins/nessus/148156", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2021-68b0dd2373\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148156);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2021-28951\",\n \"CVE-2021-28952\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-28972\"\n );\n script_xref(name:\"FEDORA\", value:\"2021-68b0dd2373\");\n\n script_name(english:\"Fedora 33 : kernel (2021-68b0dd2373)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2021-68b0dd2373 advisory.\n\n - An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause\n a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that\n SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25. (CVE-2021-28951)\n\n - An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device\n driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This\n has been fixed in 5.12-rc4.) (CVE-2021-28952)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It\n allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer\n before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some\n Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS\n status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has\n a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing\n userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and\n remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8. (CVE-2021-28972)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2021-68b0dd2373\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28972\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-28952\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:33\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Fedora' >!< release) audit(AUDIT_OS_NOT, 'Fedora');\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^33([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 33', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2021-28951', 'CVE-2021-28952', 'CVE-2021-28964', 'CVE-2021-28971', 'CVE-2021-28972');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for FEDORA-2021-68b0dd2373');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'reference':'kernel-5.11.9-200.fc33', 'release':'FC33', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:57:19", "description": "The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-9503fffad9 advisory.\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out- of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit. (CVE-2020-27170)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d. (CVE-2020-27171)\n\n - An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25. (CVE-2021-28951)\n\n - An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This has been fixed in 5.12-rc4.) (CVE-2021-28952)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8. (CVE-2021-28972)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-29T00:00:00", "type": "nessus", "title": "Fedora 32 : kernel (2021-9503fffad9)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27170", "CVE-2020-27171", "CVE-2021-28951", "CVE-2021-28952", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:32", "p-cpe:/a:fedoraproject:fedora:kernel"], "id": "FEDORA_2021-9503FFFAD9.NASL", "href": "https://www.tenable.com/plugins/nessus/148205", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2021-9503fffad9\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148205);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-27170\",\n \"CVE-2020-27171\",\n \"CVE-2021-28951\",\n \"CVE-2021-28952\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-28972\"\n );\n script_xref(name:\"FEDORA\", value:\"2021-9503fffad9\");\n\n script_name(english:\"Fedora 32 : kernel (2021-9503fffad9)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2021-9503fffad9 advisory.\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-\n of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects\n pointer types that do not define a ptr_limit. (CVE-2020-27170)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error\n (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to\n side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory,\n aka CID-10d2bb2e6b1d. (CVE-2020-27171)\n\n - An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause\n a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that\n SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25. (CVE-2021-28951)\n\n - An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device\n driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This\n has been fixed in 5.12-rc4.) (CVE-2021-28952)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It\n allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer\n before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some\n Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS\n status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has\n a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing\n userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and\n remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8. (CVE-2021-28972)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2021-9503fffad9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28972\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-28952\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Fedora' >!< release) audit(AUDIT_OS_NOT, 'Fedora');\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 32', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-27170', 'CVE-2020-27171', 'CVE-2021-28951', 'CVE-2021-28952', 'CVE-2021-28964', 'CVE-2021-28971', 'CVE-2021-28972');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for FEDORA-2021-9503fffad9');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'reference':'kernel-5.11.10-100.fc32', 'release':'FC32', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-10T03:12:04", "description": "The remote Ubuntu 20.04 LTS / 20.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4984-1 advisory.\n\n - A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions before kernel 5.12-rc6 are affected (CVE-2021-3483)\n\n - An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.\n (CVE-2021-28038)\n\n - rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base. (CVE-2021-28660)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)\n\n - An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This has been fixed in 5.12-rc4.) (CVE-2021-28952)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8. (CVE-2021-28972)\n\n - An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624. (CVE-2021-29647)\n\n - An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.\n (CVE-2021-30002)\n\n - An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi- device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. (CVE-2021-31916)\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. (CVE-2021-33033)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-06-04T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS / 20.10 : Linux kernel vulnerabilities (USN-4984-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26931", "CVE-2021-28038", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28952", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972", "CVE-2021-29647", "CVE-2021-30002", "CVE-2021-31916", "CVE-2021-33033", "CVE-2021-3483"], "modified": "2022-05-09T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.10", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1028-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1031-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1032-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1033-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1035-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-55-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-55-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-55-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-55-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04-edge"], "id": "UBUNTU_USN-4984-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150292", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4984-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150292);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2021-3483\",\n \"CVE-2021-28038\",\n \"CVE-2021-28660\",\n \"CVE-2021-28688\",\n \"CVE-2021-28950\",\n \"CVE-2021-28952\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-28972\",\n \"CVE-2021-29647\",\n \"CVE-2021-30002\",\n \"CVE-2021-31916\",\n \"CVE-2021-33033\"\n );\n script_xref(name:\"USN\", value:\"4984-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS / 20.10 : Linux kernel vulnerabilities (USN-4984-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 20.10 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-4984-1 advisory.\n\n - A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice\n into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest\n threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions\n before kernel 5.12-rc6 are affected (CVE-2021-3483)\n\n - An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the\n netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of\n changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior\n of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.\n (CVE-2021-28038)\n\n - rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6\n allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases,\n CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may\n have situations in which a drivers/staging issue is relevant to their own customer base. (CVE-2021-28660)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use\n uninitialized or stale values. This initialization went too far and may under certain conditions also\n overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking\n persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died,\n leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur\n because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)\n\n - An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device\n driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This\n has been fixed in 5.12-rc4.) (CVE-2021-28952)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It\n allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer\n before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some\n Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS\n status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has\n a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing\n userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and\n remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8. (CVE-2021-28972)\n\n - An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows\n attackers to obtain sensitive information from kernel memory because of a partially uninitialized data\n structure, aka CID-50535249f624. (CVE-2021-29647)\n\n - An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in\n drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.\n (CVE-2021-30002)\n\n - An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-\n device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with\n special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or\n a leak of internal kernel information. The highest threat from this vulnerability is to system\n availability. (CVE-2021-31916)\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because\n the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads\n to writing an arbitrary value. (CVE-2021-33033)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4984-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28972\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3483\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1028-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1031-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1032-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1033-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1035-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-55-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-55-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-55-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-55-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04-edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2022 Canonical, Inc. / NASL script (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(20\\.04|20\\.10)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 20.10', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2021-3483', 'CVE-2021-28038', 'CVE-2021-28660', 'CVE-2021-28688', 'CVE-2021-28950', 'CVE-2021-28952', 'CVE-2021-28964', 'CVE-2021-28971', 'CVE-2021-28972', 'CVE-2021-29647', 'CVE-2021-30002', 'CVE-2021-31916', 'CVE-2021-33033');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4984-1');\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'osver': '20.04', 'pkgname': 'linux-image-5.8.0-55-generic', 'pkgver': '5.8.0-55.62~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.8.0-55-generic-64k', 'pkgver': '5.8.0-55.62~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.8.0-55-generic-lpae', 'pkgver': '5.8.0-55.62~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.8.0-55-lowlatency', 'pkgver': '5.8.0-55.62~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-64k-hwe-20.04', 'pkgver': '5.8.0.55.62~20.04.39'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-64k-hwe-20.04-edge', 'pkgver': '5.8.0.55.62~20.04.39'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-hwe-20.04', 'pkgver': '5.8.0.55.62~20.04.39'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-hwe-20.04-edge', 'pkgver': '5.8.0.55.62~20.04.39'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae-hwe-20.04', 'pkgver': '5.8.0.55.62~20.04.39'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae-hwe-20.04-edge', 'pkgver': '5.8.0.55.62~20.04.39'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency-hwe-20.04', 'pkgver': '5.8.0.55.62~20.04.39'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency-hwe-20.04-edge', 'pkgver': '5.8.0.55.62~20.04.39'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual-hwe-20.04', 'pkgver': '5.8.0.55.62~20.04.39'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual-hwe-20.04-edge', 'pkgver': '5.8.0.55.62~20.04.39'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-1028-kvm', 'pkgver': '5.8.0-1028.30'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-1031-oracle', 'pkgver': '5.8.0-1031.32'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-1032-gcp', 'pkgver': '5.8.0-1032.34'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-1033-azure', 'pkgver': '5.8.0-1033.35'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-1035-aws', 'pkgver': '5.8.0-1035.37'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-55-generic', 'pkgver': '5.8.0-55.62'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-55-generic-64k', 'pkgver': '5.8.0-55.62'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-55-generic-lpae', 'pkgver': '5.8.0-55.62'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-55-lowlatency', 'pkgver': '5.8.0-55.62'},\n {'osver': '20.10', 'pkgname': 'linux-image-aws', 'pkgver': '5.8.0.1035.37'},\n {'osver': '20.10', 'pkgname': 'linux-image-azure', 'pkgver': '5.8.0.1033.33'},\n {'osver': '20.10', 'pkgname': 'linux-image-gcp', 'pkgver': '5.8.0.1032.32'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic', 'pkgver': '5.8.0.55.60'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-64k', 'pkgver': '5.8.0.55.60'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-64k-hwe-20.04', 'pkgver': '5.8.0.55.60'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-64k-hwe-20.04-edge', 'pkgver': '5.8.0.55.60'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-hwe-20.04', 'pkgver': '5.8.0.55.60'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-hwe-20.04-edge', 'pkgver': '5.8.0.55.60'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-lpae', 'pkgver': '5.8.0.55.60'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-lpae-hwe-20.04', 'pkgver': '5.8.0.55.60'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-lpae-hwe-20.04-edge', 'pkgver': '5.8.0.55.60'},\n {'osver': '20.10', 'pkgname': 'linux-image-gke', 'pkgver': '5.8.0.1032.32'},\n {'osver': '20.10', 'pkgname': 'linux-image-kvm', 'pkgver': '5.8.0.1028.30'},\n {'osver': '20.10', 'pkgname': 'linux-image-lowlatency', 'pkgver': '5.8.0.55.60'},\n {'osver': '20.10', 'pkgname': 'linux-image-lowlatency-hwe-20.04', 'pkgver': '5.8.0.55.60'},\n {'osver': '20.10', 'pkgname': 'linux-image-lowlatency-hwe-20.04-edge', 'pkgver': '5.8.0.55.60'},\n {'osver': '20.10', 'pkgname': 'linux-image-oem-20.04', 'pkgver': '5.8.0.55.60'},\n {'osver': '20.10', 'pkgname': 'linux-image-oracle', 'pkgver': '5.8.0.1031.30'},\n {'osver': '20.10', 'pkgname': 'linux-image-virtual', 'pkgver': '5.8.0.55.60'},\n {'osver': '20.10', 'pkgname': 'linux-image-virtual-hwe-20.04', 'pkgver': '5.8.0.55.60'},\n {'osver': '20.10', 'pkgname': 'linux-image-virtual-hwe-20.04-edge', 'pkgver': '5.8.0.55.60'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-image-5.8.0-1028-kvm / linux-image-5.8.0-1031-oracle / etc');\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T15:01:41", "description": "The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4948-1 advisory.\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25. (CVE-2021-28951)\n\n - An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This has been fixed in 5.12-rc4.) (CVE-2021-28952)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8. (CVE-2021-28972)\n\n - An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6. (CVE-2021-29264)\n\n - An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free because v->config_ctx has an invalid value upon re-opening a character device, aka CID-f6bbf0010ba0.\n (CVE-2021-29266)\n\n - An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8. (CVE-2021-29646)\n\n - An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624. (CVE-2021-29647)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677. (CVE-2021-29649)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\n - An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi- device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. (CVE-2021-31916)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2021-05-12T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-4948-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2021-28688", "CVE-2021-28951", "CVE-2021-28952", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972", "CVE-2021-29264", "CVE-2021-29266", "CVE-2021-29646", "CVE-2021-29647", "CVE-2021-29649", "CVE-2021-29650", "CVE-2021-29657", "CVE-2021-31916", "CVE-2021-3483", "CVE-2021-3489", "CVE-2021-3490", "CVE-2021-3491"], "modified": "2021-09-03T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.10.0-1026-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04b"], "id": "UBUNTU_USN-4948-1.NASL", "href": "https://www.tenable.com/plugins/nessus/149407", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4948-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149407);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/03\");\n\n script_cve_id(\n \"CVE-2020-25670\",\n \"CVE-2020-25671\",\n \"CVE-2020-25672\",\n \"CVE-2021-3483\",\n \"CVE-2021-3489\",\n \"CVE-2021-3490\",\n \"CVE-2021-3491\",\n \"CVE-2021-28688\",\n \"CVE-2021-28951\",\n \"CVE-2021-28952\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-28972\",\n \"CVE-2021-29264\",\n \"CVE-2021-29266\",\n \"CVE-2021-29646\",\n \"CVE-2021-29647\",\n \"CVE-2021-29649\",\n \"CVE-2021-29650\",\n \"CVE-2021-29657\",\n \"CVE-2021-31916\"\n );\n script_xref(name:\"USN\", value:\"4948-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-4948-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-4948-1 advisory.\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use\n uninitialized or stale values. This initialization went too far and may under certain conditions also\n overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking\n persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died,\n leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause\n a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that\n SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25. (CVE-2021-28951)\n\n - An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device\n driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This\n has been fixed in 5.12-rc4.) (CVE-2021-28952)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It\n allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer\n before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some\n Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS\n status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has\n a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing\n userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and\n remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8. (CVE-2021-28972)\n\n - An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in\n the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment\n size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is\n enabled, aka CID-d8861bab48b6. (CVE-2021-29264)\n\n - An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free\n because v->config_ctx has an invalid value upon re-opening a character device, aka CID-f6bbf0010ba0.\n (CVE-2021-29266)\n\n - An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does\n not properly validate certain data sizes, aka CID-0217ed2848e8. (CVE-2021-29646)\n\n - An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows\n attackers to obtain sensitive information from kernel memory because of a partially uninitialized data\n structure, aka CID-50535249f624. (CVE-2021-29647)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a\n copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and\n kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677. (CVE-2021-29649)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to\n cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h\n lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\n - An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-\n device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with\n special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or\n a leak of internal kernel information. The highest threat from this vulnerability is to system\n availability. (CVE-2021-31916)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4948-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected linux-image-5.10.0-1026-oem, linux-image-oem-20.04-edge and / or linux-image-oem-20.04b packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3491\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux eBPF ALU32 32-bit Invalid Bounds Tracking LPE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.10.0-1026-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04b\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021 Canonical, Inc. / NASL script (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-25670', 'CVE-2020-25671', 'CVE-2020-25672', 'CVE-2021-3483', 'CVE-2021-3489', 'CVE-2021-3490', 'CVE-2021-3491', 'CVE-2021-28688', 'CVE-2021-28951', 'CVE-2021-28952', 'CVE-2021-28964', 'CVE-2021-28971', 'CVE-2021-28972', 'CVE-2021-29264', 'CVE-2021-29266', 'CVE-2021-29646', 'CVE-2021-29647', 'CVE-2021-29649', 'CVE-2021-29650', 'CVE-2021-29657', 'CVE-2021-31916');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4948-1');\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'osver': '20.04', 'pkgname': 'linux-image-5.10.0-1026-oem', 'pkgver': '5.10.0-1026.27'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem-20.04-edge', 'pkgver': '5.10.0.1026.27'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem-20.04b', 'pkgver': '5.10.0.1026.27'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-image-5.10.0-1026-oem / linux-image-oem-20.04-edge / etc');\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-07T19:44:14", "description": "The version of kernel installed on the remote host is prior to 5.4.110-54.182. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-002 advisory.\n\n - User application could potentially make RPC call to the fastrpc driver and the driver will allow the message to go through to the remote subsystem in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 (CVE-2019-2308)\n\n - An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308. (CVE-2021-28375)\n\n - rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base. (CVE-2021-28660)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-05-02T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-002)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2308", "CVE-2021-28375", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-29650"], "modified": "2022-06-07T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:bpftool", "p-cpe:/a:amazon:linux:bpftool-debuginfo", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALASKERNEL-5_4-2022-002.NASL", "href": "https://www.tenable.com/plugins/nessus/160445", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASKERNEL-5.4-2022-002.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160445);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/07\");\n\n script_cve_id(\n \"CVE-2019-2308\",\n \"CVE-2021-28375\",\n \"CVE-2021-28660\",\n \"CVE-2021-28688\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-29650\"\n );\n\n script_name(english:\"Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-002)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 5.4.110-54.182. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-002 advisory.\n\n - User application could potentially make RPC call to the fastrpc driver and the driver will allow the\n message to go through to the remote subsystem in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon\n Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607,\n MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 427, SD 430, SD 435, SD 439 / SD\n 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD\n 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 (CVE-2019-2308)\n\n - An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in\n drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka\n CID-20c40794eb85. This is a related issue to CVE-2019-2308. (CVE-2021-28375)\n\n - rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6\n allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases,\n CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may\n have situations in which a drivers/staging issue is relevant to their own customer base. (CVE-2021-28660)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use\n uninitialized or stale values. This initialization went too far and may under certain conditions also\n overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking\n persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died,\n leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It\n allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer\n before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some\n Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS\n status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to\n cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h\n lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2022-002.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-28375.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-28660.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-28688.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-28964.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-28971.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-29650.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28660\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2019-2308\", \"CVE-2021-28375\", \"CVE-2021-28660\", \"CVE-2021-28688\", \"CVE-2021-28964\", \"CVE-2021-28971\", \"CVE-2021-29650\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALASKERNEL-5.4-2022-002\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-5.4.110-54.182.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-5.4.110-54.182.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-debuginfo-5.4.110-54.182.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-debuginfo-5.4.110-54.182.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-5.4.110-54.182.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-5.4.110-54.182.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-5.4.110-54.182.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-5.4.110-54.182.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-common-aarch64-5.4.110-54.182.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-common-x86_64-5.4.110-54.182.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-devel-5.4.110-54.182.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-devel-5.4.110-54.182.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.110-54.182.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.110-54.182.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.110-54.182.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-5.4.110-54.182.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-5.4.110-54.182.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-debuginfo-5.4.110-54.182.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-debuginfo-5.4.110-54.182.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-devel-5.4.110-54.182.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-devel-5.4.110-54.182.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-5.4.110-54.182.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-5.4.110-54.182.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-debuginfo-5.4.110-54.182.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-debuginfo-5.4.110-54.182.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-5.4.110-54.182.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-5.4.110-54.182.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-debuginfo-5.4.110-54.182.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-debuginfo-5.4.110-54.182.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / etc\");\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-18T14:45:39", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4979-1 advisory.\n\n - A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. (CVE-2020-25670)\n\n - A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after- free which might lead to privilege escalations. (CVE-2020-25671)\n\n - A memory leak vulnerability was found in Linux kernel in llcp_sock_connect (CVE-2020-25672)\n\n - A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system. (CVE-2020-25673)\n\n - A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions before kernel 5.12-rc6 are affected (CVE-2021-3483)\n\n - rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base. (CVE-2021-28660)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8. (CVE-2021-28972)\n\n - An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624. (CVE-2021-29647)\n\n - An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi- device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. (CVE-2021-31916)\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. (CVE-2021-33033)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-06-03T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4979-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-25673", "CVE-2021-28660", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972", "CVE-2021-29647", "CVE-2021-31916", "CVE-2021-33033", "CVE-2021-3428", "CVE-2021-3483"], "modified": "2022-05-09T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1072-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1092-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1100-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1103-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1103-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1115-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-144-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-144-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-144-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04-edge"], "id": "UBUNTU_USN-4979-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150155", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4979-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150155);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2020-25670\",\n \"CVE-2020-25671\",\n \"CVE-2020-25672\",\n \"CVE-2020-25673\",\n \"CVE-2021-3428\",\n \"CVE-2021-3483\",\n \"CVE-2021-28660\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-28972\",\n \"CVE-2021-29647\",\n \"CVE-2021-31916\",\n \"CVE-2021-33033\"\n );\n script_xref(name:\"USN\", value:\"4979-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4979-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-4979-1 advisory.\n\n - A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free\n which might lead to privilege escalations. (CVE-2020-25670)\n\n - A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-\n free which might lead to privilege escalations. (CVE-2020-25671)\n\n - A memory leak vulnerability was found in Linux kernel in llcp_sock_connect (CVE-2020-25672)\n\n - A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak\n and eventually hanging-up the system. (CVE-2020-25673)\n\n - A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice\n into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest\n threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions\n before kernel 5.12-rc6 are affected (CVE-2021-3483)\n\n - rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6\n allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases,\n CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may\n have situations in which a drivers/staging issue is relevant to their own customer base. (CVE-2021-28660)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It\n allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer\n before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some\n Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS\n status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has\n a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing\n userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and\n remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8. (CVE-2021-28972)\n\n - An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows\n attackers to obtain sensitive information from kernel memory because of a partially uninitialized data\n structure, aka CID-50535249f624. (CVE-2021-29647)\n\n - An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-\n device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with\n special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or\n a leak of internal kernel information. The highest threat from this vulnerability is to system\n availability. (CVE-2021-31916)\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because\n the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads\n to writing an arbitrary value. (CVE-2021-33033)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4979-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28972\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3483\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1072-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1092-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1100-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1103-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1103-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1115-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-144-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-144-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-144-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04-edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2022 Canonical, Inc. / NASL script (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-25670', 'CVE-2020-25671', 'CVE-2020-25672', 'CVE-2020-25673', 'CVE-2021-3428', 'CVE-2021-3483', 'CVE-2021-28660', 'CVE-2021-28964', 'CVE-2021-28971', 'CVE-2021-28972', 'CVE-2021-29647', 'CVE-2021-31916', 'CVE-2021-33033');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4979-1');\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-1072-oracle', 'pkgver': '4.15.0-1072.80~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-1100-gcp', 'pkgver': '4.15.0-1100.113~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-1103-aws', 'pkgver': '4.15.0-1103.110~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-1115-azure', 'pkgver': '4.15.0-1115.128~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-144-generic', 'pkgver': '4.15.0-144.148~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-144-lowlatency', 'pkgver': '4.15.0-144.148~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-aws-hwe', 'pkgver': '4.15.0.1103.94'},\n {'osver': '16.04', 'pkgname': 'linux-image-azure', 'pkgver': '4.15.0.1115.106'},\n {'osver': '16.04', 'pkgname': 'linux-image-azure-edge', 'pkgver': '4.15.0.1115.106'},\n {'osver': '16.04', 'pkgname': 'linux-image-gcp', 'pkgver': '4.15.0.1100.101'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-hwe-16.04', 'pkgver': '4.15.0.144.140'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-hwe-16.04-edge', 'pkgver': '4.15.0.144.140'},\n {'osver': '16.04', 'pkgname': 'linux-image-gke', 'pkgver': '4.15.0.1100.101'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency-hwe-16.04', 'pkgver': '4.15.0.144.140'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency-hwe-16.04-edge', 'pkgver': '4.15.0.144.140'},\n {'osver': '16.04', 'pkgname': 'linux-image-oem', 'pkgver': '4.15.0.144.140'},\n {'osver': '16.04', 'pkgname': 'linux-image-oracle', 'pkgver': '4.15.0.1072.60'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual-hwe-16.04', 'pkgver': '4.15.0.144.140'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual-hwe-16.04-edge', 'pkgver': '4.15.0.144.140'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1072-oracle', 'pkgver': '4.15.0-1072.80'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1092-kvm', 'pkgver': '4.15.0-1092.94'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1100-gcp', 'pkgver': '4.15.0-1100.113'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1103-aws', 'pkgver': '4.15.0-1103.110'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1103-snapdragon', 'pkgver': '4.15.0-1103.112'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1115-azure', 'pkgver': '4.15.0-1115.128'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-144-generic', 'pkgver': '4.15.0-144.148'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-144-generic-lpae', 'pkgver': '4.15.0-144.148'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-144-lowlatency', 'pkgver': '4.15.0-144.148'},\n {'osver': '18.04', 'pkgname': 'linux-image-aws-lts-18.04', 'pkgver': '4.15.0.1103.106'},\n {'osver': '18.04', 'pkgname': 'linux-image-azure-lts-18.04', 'pkgver': '4.15.0.1115.88'},\n {'osver': '18.04', 'pkgname': 'linux-image-gcp-lts-18.04', 'pkgver': '4.15.0.1100.118'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic', 'pkgver': '4.15.0.144.131'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-hwe-16.04', 'pkgver': '4.15.0.144.131'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-hwe-16.04-edge', 'pkgver': '4.15.0.144.131'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae', 'pkgver': '4.15.0.144.131'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae-hwe-16.04', 'pkgver': '4.15.0.144.131'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae-hwe-16.04-edge', 'pkgver': '4.15.0.144.131'},\n {'osver': '18.04', 'pkgname': 'linux-image-kvm', 'pkgver': '4.15.0.1092.88'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency', 'pkgver': '4.15.0.144.131'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency-hwe-16.04', 'pkgver': '4.15.0.144.131'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency-hwe-16.04-edge', 'pkgver': '4.15.0.144.131'},\n {'osver': '18.04', 'pkgname': 'linux-image-oracle-lts-18.04', 'pkgver': '4.15.0.1072.82'},\n {'osver': '18.04', 'pkgname': 'linux-image-snapdragon', 'pkgver': '4.15.0.1103.106'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual', 'pkgver': '4.15.0.144.131'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual-hwe-16.04', 'pkgver': '4.15.0.144.131'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual-hwe-16.04-edge', 'pkgver': '4.15.0.144.131'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-image-4.15.0-1072-oracle / linux-image-4.15.0-1092-kvm / etc');\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-18T14:45:11", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4982-1 advisory.\n\n - A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. (CVE-2020-25670)\n\n - A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after- free which might lead to privilege escalations. (CVE-2020-25671)\n\n - A memory leak vulnerability was found in Linux kernel in llcp_sock_connect (CVE-2020-25672)\n\n - A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system. (CVE-2020-25673)\n\n - A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions before kernel 5.12-rc6 are affected (CVE-2021-3483)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8. (CVE-2021-28972)\n\n - An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6. (CVE-2021-29264)\n\n - An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624. (CVE-2021-29647)\n\n - An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi- device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. (CVE-2021-31916)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-06-03T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4982-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-25673", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972", "CVE-2021-29264", "CVE-2021-29647", "CVE-2021-31916", "CVE-2021-3483"], "modified": "2022-05-09T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1016-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1040-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1044-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1044-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1046-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1048-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1049-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-74-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-74-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-74-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-osp1", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04-edge"], "id": "UBUNTU_USN-4982-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150233", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4982-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150233);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2020-25670\",\n \"CVE-2020-25671\",\n \"CVE-2020-25672\",\n \"CVE-2020-25673\",\n \"CVE-2021-3483\",\n \"CVE-2021-28688\",\n \"CVE-2021-28950\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-28972\",\n \"CVE-2021-29264\",\n \"CVE-2021-29647\",\n \"CVE-2021-31916\"\n );\n script_xref(name:\"USN\", value:\"4982-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4982-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-4982-1 advisory.\n\n - A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free\n which might lead to privilege escalations. (CVE-2020-25670)\n\n - A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-\n free which might lead to privilege escalations. (CVE-2020-25671)\n\n - A memory leak vulnerability was found in Linux kernel in llcp_sock_connect (CVE-2020-25672)\n\n - A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak\n and eventually hanging-up the system. (CVE-2020-25673)\n\n - A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice\n into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest\n threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions\n before kernel 5.12-rc6 are affected (CVE-2021-3483)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use\n uninitialized or stale values. This initialization went too far and may under certain conditions also\n overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking\n persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died,\n leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur\n because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It\n allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer\n before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some\n Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS\n status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has\n a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing\n userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and\n remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8. (CVE-2021-28972)\n\n - An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in\n the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment\n size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is\n enabled, aka CID-d8861bab48b6. (CVE-2021-29264)\n\n - An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows\n attackers to obtain sensitive information from kernel memory because of a partially uninitialized data\n structure, aka CID-50535249f624. (CVE-2021-29647)\n\n - An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-\n device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with\n special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or\n a leak of internal kernel information. The highest threat from this vulnerability is to system\n availability. (CVE-2021-31916)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4982-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28972\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3483\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1016-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1040-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1044-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1044-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1046-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1048-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1049-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-74-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-74-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-74-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-osp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04-edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2022 Canonical, Inc. / NASL script (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04|20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-25670', 'CVE-2020-25671', 'CVE-2020-25672', 'CVE-2020-25673', 'CVE-2021-3483', 'CVE-2021-28688', 'CVE-2021-28950', 'CVE-2021-28964', 'CVE-2021-28971', 'CVE-2021-28972', 'CVE-2021-29264', 'CVE-2021-29647', 'CVE-2021-31916');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4982-1');\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1016-gkeop', 'pkgver': '5.4.0-1016.17~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1044-gcp', 'pkgver': '5.4.0-1044.47~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1044-gke', 'pkgver': '5.4.0-1044.46~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1046-oracle', 'pkgver': '5.4.0-1046.50~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1048-azure', 'pkgver': '5.4.0-1048.50~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1049-aws', 'pkgver': '5.4.0-1049.51~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-74-generic', 'pkgver': '5.4.0-74.83~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-74-generic-lpae', 'pkgver': '5.4.0-74.83~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-74-lowlatency', 'pkgver': '5.4.0-74.83~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-aws', 'pkgver': '5.4.0.1049.31'},\n {'osver': '18.04', 'pkgname': 'linux-image-aws-edge', 'pkgver': '5.4.0.1049.31'},\n {'osver': '18.04', 'pkgname': 'linux-image-azure', 'pkgver': '5.4.0.1048.27'},\n {'osver': '18.04', 'pkgname': 'linux-image-azure-edge', 'pkgver': '5.4.0.1048.27'},\n {'osver': '18.04', 'pkgname': 'linux-image-gcp', 'pkgver': '5.4.0.1044.31'},\n {'osver': '18.04', 'pkgname': 'linux-image-gcp-edge', 'pkgver': '5.4.0.1044.31'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-hwe-18.04', 'pkgver': '5.4.0.74.83~18.04.67'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-hwe-18.04-edge', 'pkgver': '5.4.0.74.83~18.04.67'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.74.83~18.04.67'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.74.83~18.04.67'},\n {'osver': '18.04', 'pkgname': 'linux-image-gke-5.4', 'pkgver': '5.4.0.1044.46~18.04.10'},\n {'osver': '18.04', 'pkgname': 'linux-image-gkeop-5.4', 'pkgver': '5.4.0.1016.17~18.04.17'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04', 'pkgver': '5.4.0.74.83~18.04.67'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.74.83~18.04.67'},\n {'osver': '18.04', 'pkgname': 'linux-image-oem', 'pkgver': '5.4.0.74.83~18.04.67'},\n {'osver': '18.04', 'pkgname': 'linux-image-oem-osp1', 'pkgver': '5.4.0.74.83~18.04.67'},\n {'osver': '18.04', 'pkgname': 'linux-image-oracle', 'pkgver': '5.4.0.1046.50~18.04.28'},\n {'osver': '18.04', 'pkgname': 'linux-image-oracle-edge', 'pkgver': '5.4.0.1046.50~18.04.28'},\n {'osver': '18.04', 'pkgname': 'linux-image-snapdragon-hwe-18.04', 'pkgver': '5.4.0.74.83~18.04.67'},\n {'osver': '18.04', 'pkgname': 'linux-image-snapdragon-hwe-18.04-edge', 'pkgver': '5.4.0.74.83~18.04.67'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual-hwe-18.04', 'pkgver': '5.4.0.74.83~18.04.67'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.74.83~18.04.67'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1016-gkeop', 'pkgver': '5.4.0-1016.17'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1040-kvm', 'pkgver': '5.4.0-1040.41'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1044-gcp', 'pkgver': '5.4.0-1044.47'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1044-gke', 'pkgver': '5.4.0-1044.46'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1046-oracle', 'pkgver': '5.4.0-1046.50'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1048-azure', 'pkgver': '5.4.0-1048.50'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1049-aws', 'pkgver': '5.4.0-1049.51'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-74-generic', 'pkgver': '5.4.0-74.83'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-74-generic-lpae', 'pkgver': '5.4.0-74.83'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-74-lowlatency', 'pkgver': '5.4.0-74.83'},\n {'osver': '20.04', 'pkgname': 'linux-image-aws', 'pkgver': '5.4.0.1049.50'},\n {'osver': '20.04', 'pkgname': 'linux-image-azure', 'pkgver': '5.4.0.1048.46'},\n {'osver': '20.04', 'pkgname': 'linux-image-gcp', 'pkgver': '5.4.0.1044.53'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic', 'pkgver': '5.4.0.74.77'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-hwe-18.04', 'pkgver': '5.4.0.74.77'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-hwe-18.04-edge', 'pkgver': '5.4.0.74.77'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae', 'pkgver': '5.4.0.74.77'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.74.77'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.74.77'},\n {'osver': '20.04', 'pkgname': 'linux-image-gke', 'pkgver': '5.4.0.1044.53'},\n {'osver': '20.04', 'pkgname': 'linux-image-gke-5.4', 'pkgver': '5.4.0.1044.53'},\n {'osver': '20.04', 'pkgname': 'linux-image-gkeop', 'pkgver': '5.4.0.1016.19'},\n {'osver': '20.04', 'pkgname': 'linux-image-gkeop-5.4', 'pkgver': '5.4.0.1016.19'},\n {'osver': '20.04', 'pkgname': 'linux-image-kvm', 'pkgver': '5.4.0.1040.38'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency', 'pkgver': '5.4.0.74.77'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04', 'pkgver': '5.4.0.74.77'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.74.77'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem', 'pkgver': '5.4.0.74.77'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem-osp1', 'pkgver': '5.4.0.74.77'},\n {'osver': '20.04', 'pkgname': 'linux-image-oracle', 'pkgver': '5.4.0.1046.45'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual', 'pkgver': '5.4.0.74.77'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual-hwe-18.04', 'pkgver': '5.4.0.74.77'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.74.77'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-image-5.4.0-1016-gkeop / linux-image-5.4.0-1040-kvm / etc');\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T15:00:13", "description": "The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-9223 advisory.\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out- of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit. (CVE-2020-27170)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d. (CVE-2020-27171)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-05-12T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9223)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27170", "CVE-2020-27171", "CVE-2021-28688", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-29154", "CVE-2021-29650", "CVE-2021-3428"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-container"], "id": "ORACLELINUX_ELSA-2021-9223.NASL", "href": "https://www.tenable.com/plugins/nessus/149420", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9223.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149420);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2020-27170\",\n \"CVE-2020-27171\",\n \"CVE-2021-3428\",\n \"CVE-2021-28688\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-29154\",\n \"CVE-2021-29650\"\n );\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9223)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2021-9223 advisory.\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-\n of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects\n pointer types that do not define a ptr_limit. (CVE-2020-27170)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error\n (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to\n side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory,\n aka CID-10d2bb2e6b1d. (CVE-2020-27171)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use\n uninitialized or stale values. This initialization went too far and may under certain conditions also\n overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking\n persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died,\n leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It\n allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer\n before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to\n cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h\n lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some\n Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS\n status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements,\n allowing them to execute arbitrary code within the kernel context. This affects\n arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9223.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-29154\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-4.14.35-2047.503.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-4.14.35'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T15:01:18", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9222 advisory.\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out- of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit. (CVE-2020-27170)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d. (CVE-2020-27171)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-05-12T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9222)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27170", "CVE-2020-27171", "CVE-2021-28688", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-29154", "CVE-2021-29650", "CVE-2021-3428"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2021-9222.NASL", "href": "https://www.tenable.com/plugins/nessus/149421", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9222.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149421);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2020-27170\",\n \"CVE-2020-27171\",\n \"CVE-2021-3428\",\n \"CVE-2021-28688\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-29154\",\n \"CVE-2021-29650\"\n );\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9222)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-9222 advisory.\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-\n of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects\n pointer types that do not define a ptr_limit. (CVE-2020-27170)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error\n (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to\n side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory,\n aka CID-10d2bb2e6b1d. (CVE-2020-27171)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use\n uninitialized or stale values. This initialization went too far and may under certain conditions also\n overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking\n persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died,\n leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It\n allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer\n before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to\n cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h\n lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some\n Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS\n status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements,\n allowing them to execute arbitrary code within the kernel context. This affects\n arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9222.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-29154\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.14.35-2047.503.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-9222');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.14.35-2047.503.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-4.14.35-2047.503.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2047.503.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2047.503.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2047.503.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2047.503.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2047.503.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2047.503.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-doc-4.14.35-2047.503.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.14.35'},\n {'reference':'kernel-uek-headers-4.14.35-2047.503.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2047.503.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2047.503.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-libs-4.14.35-2047.503.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-4.14.35'},\n {'reference':'kernel-uek-tools-libs-devel-4.14.35-2047.503.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-devel-4.14.35'},\n {'reference':'perf-4.14.35-2047.503.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.35-2047.503.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-17T18:03:39", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9220 advisory.\n\n - An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.\n (CVE-2021-28038)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)\n\n - A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3411)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free because v->config_ctx has an invalid value upon re-opening a character device, aka CID-f6bbf0010ba0.\n (CVE-2021-29266)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-05-10T00:00:00", "type": "nessus", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9220)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26931", "CVE-2021-28038", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-29266", "CVE-2021-29650", "CVE-2021-3411"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2021-9220.NASL", "href": "https://www.tenable.com/plugins/nessus/149357", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9220.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149357);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2021-3411\",\n \"CVE-2021-28038\",\n \"CVE-2021-28688\",\n \"CVE-2021-28950\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-29266\",\n \"CVE-2021-29650\"\n );\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9220)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2021-9220 advisory.\n\n - An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the\n netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of\n changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior\n of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.\n (CVE-2021-28038)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use\n uninitialized or stale values. This initialization went too far and may under certain conditions also\n overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking\n persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died,\n leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It\n allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer\n before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to\n cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h\n lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur\n because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)\n\n - A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found\n while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to\n data confidentiality and integrity as well as system availability. (CVE-2021-3411)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some\n Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS\n status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free\n because v->config_ctx has an invalid value upon re-opening a character device, aka CID-f6bbf0010ba0.\n (CVE-2021-29266)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9220.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-29266\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.4.17-2102.201.3.el7uek', '5.4.17-2102.201.3.el8uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-9220');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-5.4.17-2102.201.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2102.201.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2102.201.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2102.201.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2102.201.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2102.201.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2102.201.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2102.201.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2102.201.3.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2102.201.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2102.201.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-libs-5.4.17-2102.201.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-5.4.17'},\n {'reference':'perf-5.4.17-2102.201.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-5.4.17-2102.201.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-5.4.17-2102.201.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2102.201.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2102.201.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2102.201.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2102.201.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2102.201.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2102.201.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2102.201.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2102.201.3.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-17T18:02:45", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9221 advisory.\n\n - An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.\n (CVE-2021-28038)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)\n\n - A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3411)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free because v->config_ctx has an invalid value upon re-opening a character device, aka CID-f6bbf0010ba0.\n (CVE-2021-29266)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-05-10T00:00:00", "type": "nessus", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9221)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26931", "CVE-2021-28038", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-29266", "CVE-2021-29650", "CVE-2021-3411"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek-container", "p-cpe:/a:oracle:linux:kernel-uek-container-debug"], "id": "ORACLELINUX_ELSA-2021-9221.NASL", "href": "https://www.tenable.com/plugins/nessus/149356", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9221.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149356);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2021-3411\",\n \"CVE-2021-28038\",\n \"CVE-2021-28688\",\n \"CVE-2021-28950\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-29266\",\n \"CVE-2021-29650\"\n );\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9221)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2021-9221 advisory.\n\n - An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the\n netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of\n changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior\n of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.\n (CVE-2021-28038)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use\n uninitialized or stale values. This initialization went too far and may under certain conditions also\n overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking\n persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died,\n leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It\n allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer\n before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to\n cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h\n lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur\n because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)\n\n - A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found\n while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to\n data confidentiality and integrity as well as system availability. (CVE-2021-3411)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some\n Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS\n status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free\n because v->config_ctx has an invalid value upon re-opening a character device, aka CID-f6bbf0010ba0.\n (CVE-2021-29266)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9221.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container and / or kernel-uek-container-debug packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-29266\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container-debug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-5.4.17-2102.201.3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2102.201.3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.4.17'},\n {'reference':'kernel-uek-container-5.4.17-2102.201.3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2102.201.3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.4.17'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container / kernel-uek-container-debug');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-15T16:56:12", "description": "The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170).\n\n - CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485).\n\n - CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ).\n\n - CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167).\n\n - CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168).\n\n - CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198).\n\n - CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ).\n\n - CVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193).\n\n - CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).\n\n - CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ).\n\n - CVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not prevent user applications from sending kernel RPC messages (bsc#1183596).\n\n - CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022).\n\n - CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715).\n\n - CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717).\n\n - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716).\n\n - CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696).\n\n - CVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454).\n\n - CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775).\n\n - CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686).\n\n - CVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire function (bsc#1159280 ).\n\n - CVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in aa_audit_rule_init() (bsc#1156256).\n\nThe following non-security bugs were fixed :\n\n - 0007-block-add-docs-for-gendisk-request_queue-refcount-h e.patch: (bsc#1171295, git fixes (block drivers)).\n\n - 0008-block-revert-back-to-synchronous-request_queue-remo v.patch: (bsc#1171295, git fixes (block drivers)).\n\n - 0009-blktrace-fix-debugfs-use-after-free.patch:\n (bsc#1171295, git fixes (block drivers)). \n\n - ACPI: bus: Constify is_acpi_node() and friends (part 2) (git-fixes).\n\n - ACPICA: Always create namespace nodes using acpi_ns_create_node() (git-fixes).\n\n - ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383).\n\n - ACPICA: Fix race in generic_serial_bus (I2C) and GPIO op_region parameter handling (git-fixes).\n\n - ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes).\n\n - ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807 (git-fixes).\n\n - ACPI: video: Add missing callback back for Sony VPCEH3U1E (git-fixes).\n\n - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (git-fixes).\n\n - ALSA: hda: Avoid spurious unsol event handling during S3/S4 (git-fixes).\n\n - ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes).\n\n - ALSA: hda: generic: Fix the micmute led init state (git-fixes).\n\n - ALSA: hda/hdmi: Cancel pending works before suspend (git-fixes).\n\n - ALSA: hda/realtek: Add quirk for Clevo NH55RZQ (git-fixes).\n\n - ALSA: hda/realtek: Add quirk for Intel NUC 10 (git-fixes).\n\n - ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike X570 board (git-fixes).\n\n - ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air (git-fixes).\n\n - ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro (git-fixes).\n\n - ALSA: hda/realtek: Enable headset mic of Acer SWIFT with ALC256 (git-fixes).\n\n - ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO (git-fixes).\n\n - ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk (bsc#1182552).\n\n - ALSA: usb-audio: Allow modifying parameters with succeeding hw_params calls (bsc#1182552).\n\n - ALSA: usb-audio: Apply sample rate quirk to Logitech Connect (git-fixes).\n\n - ALSA: usb-audio: Apply the control quirk to Plantronics headsets (bsc#1182552).\n\n - ALSA: usb-audio: Disable USB autosuspend properly in setup_disable_autosuspend() (bsc#1182552).\n\n - ALSA: usb-audio: Do not abort even if the clock rate differs (bsc#1182552).\n\n - ALSA: usb-audio: Drop bogus dB range in too low level (bsc#1182552).\n\n - ALSA: usb-audio: Fix 'cannot get freq eq' errors on Dell AE515 sound bar (bsc#1182552).\n\n - ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe (bsc#1182552).\n\n - ALSA: usb-audio: Fix 'RANGE setting not yet supported' errors (git-fixes).\n\n - ALSA: usb-audio: fix use after free in usb_audio_disconnect (bsc#1182552).\n\n - ALSA: usb-audio: Skip the clock selector inquiry for single connections (git-fixes).\n\n - ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it (git-fixes).\n\n - amd/amdgpu: Disable VCN DPG mode for Picasso (git-fixes).\n\n - apparmor: check/put label on apparmor_sk_clone_security() (git-fixes).\n\n - arm64: make STACKPROTECTOR_PER_TASK configurable (bsc#1181862).\n\n - ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes).\n\n - ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes).\n\n - ASoC: cs42l42: Always wait at least 3ms after reset (git-fixes).\n\n - ASoC: cs42l42: Do not enable/disable regulator at Bias Level (git-fixes).\n\n - ASoC: cs42l42: Fix Bitclock polarity inversion (git-fixes).\n\n - ASoC: cs42l42: Fix channel width support (git-fixes).\n\n - ASoC: cs42l42: Fix mixer volume control (git-fixes).\n\n - ASoC: es8316: Simplify adc_pga_gain_tlv table (git-fixes).\n\n - ASoC: fsl_ssi: Fix TDM slot setup for I2S mode (git-fixes).\n\n - ASoC: Intel: Add DMI quirk table to soc_intel_is_byt_cr() (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140 (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID 7316R tablet (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX OVCD current threshold (git-fixes).\n\n - ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper EZpad 7 tablet (git-fixes).\n\n - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes).\n\n - ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes).\n\n - ASoC: rt5670: Add emulated 'DAC1 Playback Switch' control (git-fixes).\n\n - ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from Sto1 ADC mixer settings (git-fixes).\n\n - ASoC: rt5670: Remove 'HP Playback Switch' control (git-fixes).\n\n - ASoC: rt5670: Remove 'OUT Channel Switch' control (git-fixes).\n\n - ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe (git-fixes).\n\n - ASoC: simple-card-utils: Do not handle device clock (git-fixes).\n\n - ath10k: fix wmi mgmt tx queue full due to race condition (git-fixes).\n\n - ath9k: fix transmitting to stations in dynamic SMPS mode (git-fixes).\n\n - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes).\n\n - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes).\n\n - blktrace-annotate-required-lock-on-do_blk_trace_setu.pat ch: (bsc#1171295).\n\n - blktrace-Avoid-sparse-warnings-when-assigning-q-blk_.pat ch: (bsc#1171295).\n\n - blktrace-break-out-of-blktrace-setup-on-concurrent-c.pat ch: (bsc#1171295).\n\n - block-clarify-context-for-refcount-increment-helpers.pat ch: (bsc#1171295).\n\n - block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes).\n\n - Bluetooth: Fix NULL pointer dereference in amp_read_loc_assoc_final_data (git-fixes).\n\n - Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl (git-fixes).\n\n - bnxt_en: reliably allocate IRQ table on reset to avoid crash (jsc#SLE-8371 bsc#1153274).\n\n - bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775).\n\n - bpf: Avoid warning when re-casting __bpf_call_base into\n __bpf_call_base_args (bsc#1155518).\n\n - bpf: Declare __bpf_free_used_maps() unconditionally (bsc#1155518).\n\n - bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp programs (bsc#1155518).\n\n - bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170).\n\n - bpf_lru_list: Read double-checked variable once without lock (bsc#1155518).\n\n - bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775).\n\n - bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163).\n\n - brcmfmac: Add DMI nvram filename quirk for Predia Basic tablet (git-fixes).\n\n - brcmfmac: Add DMI nvram filename quirk for Voyo winpad A15 tablet (git-fixes).\n\n - btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root (bsc#1184217).\n\n - btrfs: always pin deleted leaves when there are active tree mod log users (bsc#1184224).\n\n - btrfs: fix exhaustion of the system chunk array due to concurrent allocations (bsc#1183386).\n\n - btrfs: fix extent buffer leak on failure to copy root (bsc#1184218).\n\n - btrfs: fix race when cloning extent buffer during rewind of an old root (bsc#1184193).\n\n - btrfs: fix stale data exposure after cloning a hole with NO_HOLES enabled (bsc#1184220).\n\n - btrfs: fix subvolume/snapshot deletion not triggered on mount (bsc#1184219).\n\n - bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes).\n\n - can: c_can: move runtime PM enable/disable to c_can_platform (git-fixes).\n\n - can: c_can_pci: c_can_pci_remove(): fix use-after-free (git-fixes).\n\n - can: flexcan: assert FRZ bit in flexcan_chip_freeze() (git-fixes).\n\n - can: flexcan: enable RX FIFO after FRZ/HALT valid (git-fixes).\n\n - can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate (git-fixes).\n\n - can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode (git-fixes).\n\n - can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning (git-fixes).\n\n - can: peak_usb: add forgotten supported devices (git-fixes).\n\n - can: peak_usb: Revert 'can: peak_usb: add forgotten supported devices' (git-fixes).\n\n - can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership (git-fixes).\n\n - cdc-acm: fix BREAK rx code path adding necessary calls (git-fixes).\n\n - certs: Fix blacklist flag type confusion (git-fixes).\n\n - cifs: check pointer before freeing (bsc#1183534).\n\n - completion: Drop init_completion define (git-fixes).\n\n - configfs: fix a use-after-free in __configfs_open_file (git-fixes).\n\n - config: net: freescale: change xgmac-mdio to built-in References: bsc#1183015,bsc#1182595\n\n - crypto: aesni - prevent misaligned buffers on the stack (git-fixes).\n\n - crypto: arm64/sha - add missing module aliases (git-fixes).\n\n - crypto: bcm - Rename struct device_private to bcm_device_private (git-fixes).\n\n - crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires the manager (git-fixes).\n\n - crypto: tcrypt - avoid signed overflow in byte count (git-fixes).\n\n - Delete patches.suse/sched-Reenable-interrupts-in-do_sched_yield .patch (bsc#1183530) \n\n - drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue (git-fixes).\n\n - drm/amd/display: Guard against NULL pointer deref when get_i2c_info fails (git-fixes).\n\n - drm/amdgpu: Add check to prevent IH overflow (git-fixes).\n\n - drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie (git-fixes).\n\n - drm/amdkfd: Put ACPI table after using it (bsc#1152489) Backporting notes: * context changes\n\n - drm/amd/powerplay: fix spelling mistake 'smu_state_memroy_block' -> (bsc#1152489) Backporting notes: * rename amd/pm to amd/powerplay * context changes\n\n - drm/compat: Clear bounce structures (git-fixes).\n\n - drm/hisilicon: Fix use-after-free (git-fixes).\n\n - drm/i915: Reject 446-480MHz HDMI clock on GLK (git-fixes).\n\n - drm/mediatek: Fix aal size config (bsc#1152489) Backporting notes: * replaced mtk_ddp_write() with writel()\n\n - drm: meson_drv add shutdown function (git-fixes).\n\n - drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register (git-fixes).\n\n - drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) (git-fixes).\n\n - drm/msm: Fix races managing the OOB state for timestamp vs (bsc#1152489) Backporting notes: * context changes\n\n - drm/msm: fix shutdown hook in case GPU components failed to bind (git-fixes).\n\n - drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1152489) Backporting notes: * context changes\n\n - drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1152489) Backporting notes: * context changes\n\n - drm/msm/gem: Add obj->lock wrappers (bsc#1152489) Backporting notes: * taken for 9b73bde39cf2 ('drm/msm:\n Fix use-after-free in msm_gem with carveout') * context changes\n\n - drm/nouveau: bail out of nouveau_channel_new if channel init fails (bsc#1152489) \n\n - drm/nouveau/kms: handle mDP connectors (git-fixes).\n\n - drm/panfrost: Do not corrupt the queue mutex on open/close (bsc#1152472) \n\n - drm/panfrost: Fix job timeout handling (bsc#1152472) Backporting notes :\n\n - drm/panfrost: Remove unused variables in panfrost_job_close() (bsc#1152472)\n\n - drm/radeon: fix AGP dependency (git-fixes).\n\n - drm: rcar-du: Fix crash when using LVDS1 clock for CRTC (bsc#1152489) Backporting notes: * context changes\n\n - drm/sched: Cancel and flush all outstanding jobs before finish (git-fixes).\n\n - drm/sun4i: tcon: fix inverted DCLK polarity (bsc#1152489) Backporting notes: * context changes\n\n - drm/tegra: sor: Grab runtime PM reference across reset (git-fixes).\n\n - drm/vc4: hdmi: Restore cec physical address on reconnect (bsc#1152472) Backporting notes: * context changes * change vc4_hdmi to vc4->hdmi * removed references to encoder->hdmi_monitor\n\n - efi: use 32-bit alignment for efi_guid_t literals (git-fixes).\n\n - epoll: check for events when removing a timed out thread from the wait queue (git-fixes).\n\n - ethernet: alx: fix order of calls on resume (git-fixes).\n\n - exec: Move would_dump into flush_old_exec (git-fixes).\n\n - exfat: add missing MODULE_ALIAS_FS() (bsc#1182989).\n\n - exfat: add the dummy mount options to be backward compatible with staging/exfat (bsc#1182989).\n\n - extcon: Add stubs for extcon_register_notifier_all() functions (git-fixes).\n\n - extcon: Fix error handling in extcon_dev_register (git-fixes).\n\n - fbdev: aty: SPARC64 requires FB_ATY_CT (git-fixes).\n\n - firmware/efi: Fix a use after bug in efi_mem_reserve_persistent (git-fixes).\n\n - flow_dissector: fix byteorder of dissected ICMP ID (bsc#1154353).\n\n - fsl/fman: check dereferencing NULL pointer (git-fixes).\n\n - fsl/fman: fix dereference null return value (git-fixes).\n\n - fsl/fman: fix eth hash table allocation (git-fixes).\n\n - fsl/fman: fix unreachable code (git-fixes).\n\n - fsl/fman: use 32-bit unsigned integer (git-fixes).\n\n - fuse: verify write return (git-fixes).\n\n - gcc-plugins: drop support for GCC <= 4.7 (bcs#1181862).\n\n - gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS again (bcs#1181862).\n\n - gcc-plugins: simplify GCC plugin-dev capability test (bsc#1181862).\n\n - gianfar: Account for Tx PTP timestamp in the skb headroom (git-fixes).\n\n - gianfar: Fix TX timestamping with a stacked DSA driver (git-fixes).\n\n - gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP (git-fixes).\n\n - Goodix Fingerprint device is not a modem (git-fixes).\n\n - gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes).\n\n - gpio: pca953x: Set IRQ type when handle Intel Galileo Gen 2 (git-fixes).\n\n - gpio: zynq: fix reference leak in zynq_gpio functions (git-fixes).\n\n - HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for ITE8568 EC on Voyo Winpad A15 (git-fixes).\n\n - HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube Adapter (git-fixes).\n\n - HSI: Fix PM usage counter unbalance in ssi_hw_init (git-fixes).\n\n - hwmon: (ina3221) Fix PM usage counter unbalance in ina3221_write_enable (git-fixes).\n\n - i2c: rcar: faster irq code to minimize HW race condition (git-fixes).\n\n - i2c: rcar: optimize cacheline to minimize HW race condition (git-fixes).\n\n - iavf: Fix incorrect adapter get in iavf_resume (git-fixes).\n\n - iavf: use generic power management (git-fixes).\n\n - ibmvnic: add comments for spinlock_t definitions (bsc#1183871 ltc#192139).\n\n - ibmvnic: always store valid MAC address (bsc#1182011 ltc#191844).\n\n - ibmvnic: avoid multiple line dereference (bsc#1183871 ltc#192139).\n\n - ibmvnic: fix block comments (bsc#1183871 ltc#192139).\n\n - ibmvnic: fix braces (bsc#1183871 ltc#192139).\n\n - ibmvnic: fix miscellaneous checks (bsc#1183871 ltc#192139).\n\n - ibmvnic: Fix possibly uninitialized old_num_tx_queues variable warning (jsc#SLE-17268).\n\n - ibmvnic: merge do_change_param_reset into do_reset (bsc#1183871 ltc#192139).\n\n - ibmvnic: prefer strscpy over strlcpy (bsc#1183871 ltc#192139).\n\n - ibmvnic: prefer 'unsigned long' over 'unsigned long int' (bsc#1183871 ltc#192139).\n\n - ibmvnic: remove excessive irqsave (bsc#1182485 ltc#191591).\n\n - ibmvnic: remove unnecessary rmb() inside ibmvnic_poll (bsc#1183871 ltc#192139).\n\n - ibmvnic: remove unused spinlock_t stats_lock definition (bsc#1183871 ltc#192139).\n\n - ibmvnic: rework to ensure SCRQ entry reads are properly ordered (bsc#1183871 ltc#192139).\n\n - ibmvnic: simplify reset_long_term_buff function (bsc#1183023 ltc#191791).\n\n - ibmvnic: substitute mb() with dma_wmb() for send_*crq* functions (bsc#1183023 ltc#191791).\n\n - ice: fix memory leak if register_netdev_fails (git-fixes).\n\n - ice: fix memory leak in ice_vsi_setup (git-fixes).\n\n - ice: Fix state bits on LLDP mode switch (jsc#SLE-7926).\n\n - ice: renegotiate link after FW DCB on (jsc#SLE-8464).\n\n - ice: report correct max number of TCs (jsc#SLE-7926).\n\n - ice: update the number of available RSS queues (jsc#SLE-7926).\n\n - igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634).\n\n - iio: adc: ad7949: fix wrong ADC result due to incorrect bit mask (git-fixes).\n\n - iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel (git-fixes).\n\n - iio: adis16400: Fix an error code in adis16400_initial_setup() (git-fixes).\n\n - iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler (git-fixes).\n\n - iio: hid-sensor-humidity: Fix alignment issue of timestamp channel (git-fixes).\n\n - iio: hid-sensor-prox: Fix scale not correct issue (git-fixes).\n\n - iio: hid-sensor-temperature: Fix issues of timestamp channel (git-fixes).\n\n - Input: applespi - do not wait for responses to commands indefinitely (git-fixes).\n\n - Input: elantech - fix protocol errors for some trackpoints in SMBus mode (git-fixes).\n\n - Input: i8042 - add ASUS Zenbook Flip to noselftest list (git-fixes).\n\n - Input: raydium_ts_i2c - do not send zero length (git-fixes).\n\n - Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S (git-fixes).\n\n - iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc#1183277).\n\n - iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183278).\n\n - iommu/qcom: add missing put_device() call in qcom_iommu_of_xlate() (bsc#1183637).\n\n - iommu/vt-d: Add get_domain_info() helper (bsc#1183279).\n\n - iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1183280).\n\n - iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid() (bsc#1183281).\n\n - iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183282).\n\n - iommu/vt-d: Fix general protection fault in aux_detach_device() (bsc#1183283).\n\n - iommu/vt-d: Fix ineffective devTLB invalidation for subdevices (bsc#1183284).\n\n - iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev() (bsc#1183285).\n\n - iommu/vt-d: Move intel_iommu info from struct intel_svm to struct intel_svm_dev (bsc#1183286).\n\n - ionic: linearize tso skb with too many frags (bsc#1167773).\n\n - kbuild: add dummy toolchains to enable all cc-option etc. in Kconfig (bcs#1181862).\n\n - kbuild: change *FLAGS_<basetarget>.o to take the path relative to $(obj) (bcs#1181862).\n\n - kbuild: dummy-tools, fix inverted tests for gcc (bcs#1181862).\n\n - kbuild: dummy-tools, support MPROFILE_KERNEL checks for ppc (bsc#1181862).\n\n - kbuild: Fail if gold linker is detected (bcs#1181862).\n\n - kbuild: improve cc-option to clean up all temporary files (bsc#1178330).\n\n - kbuild: include scripts/Makefile.* only when relevant CONFIG is enabled (bcs#1181862).\n\n - kbuild: simplify GCC_PLUGINS enablement in dummy-tools/gcc (bcs#1181862).\n\n - kbuild: stop filtering out $(GCC_PLUGINS_CFLAGS) from cc-option base (bcs#1181862).\n\n - kbuild: use -S instead of -E for precise cc-option test in Kconfig (bsc#1178330).\n\n - kconfig: introduce m32-flag and m64-flag (bcs#1181862).\n\n - KVM: nVMX: Properly handle userspace interrupt window request (bsc#1183427).\n\n - KVM: SVM: Clear the CR4 register on reset (bsc#1183252).\n\n - KVM: x86: Add helpers to perform CPUID-based guest vendor check (bsc#1183445). \n\n - KVM: x86: Add RIP to the kvm_entry, i.e. VM-Enter, tracepoint Needed as a dependency of 0b40723a827 ('kvm:\n tracing: Fix unmatched kvm_entry and kvm_exit events', bsc#1182770).\n\n - KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc#1183287).\n\n - KVM: x86: do not reset microcode version on INIT or RESET (bsc#1183412).\n\n - KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1183447).\n\n - KVM: x86: list MSR_IA32_UCODE_REV as an emulated MSR (bsc#1183369).\n\n - KVM: x86: Return -E2BIG when KVM_GET_SUPPORTED_CPUID hits max entries (bsc#1183428).\n\n - KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset (bsc#1183288).\n\n - libbpf: Clear map_info before each bpf_obj_get_info_by_fd (bsc#1155518).\n\n - libbpf: Fix BTF dump of pointer-to-array-of-struct (bsc#1155518).\n\n - libbpf: Use SOCK_CLOEXEC when opening the netlink socket (bsc#1155518).\n\n - lib/syscall: fix syscall registers retrieval on 32-bit platforms (git-fixes).\n\n - loop-be-paranoid-on-exit-and-prevent-new-additions-r.pat ch: (bsc#1171295).\n\n - mac80211: fix double free in ibss_leave (git-fixes).\n\n - mac80211: fix rate mask reset (git-fixes).\n\n - mdio: fix mdio-thunder.c dependency & build error (git-fixes).\n\n - media: cros-ec-cec: do not bail on device_init_wakeup failure (git-fixes).\n\n - media: cx23885: add more quirks for reset DMA on some AMD IOMMU (git-fixes).\n\n - media: mceusb: Fix potential out-of-bounds shift (git-fixes).\n\n - media: mceusb: sanity check for prescaler value (git-fixes).\n\n - media: rc: compile rc-cec.c into rc-core (git-fixes).\n\n - media: usbtv: Fix deadlock on suspend (git-fixes).\n\n - media: uvcvideo: Allow entities with no pads (git-fixes).\n\n - media: v4l2-ctrls.c: fix shift-out-of-bounds in std_validate (git-fixes).\n\n - media: v4l: vsp1: Fix bru NULL pointer access (git-fixes).\n\n - media: v4l: vsp1: Fix uif NULL pointer access (git-fixes).\n\n - media: vicodec: add missing v4l2_ctrl_request_hdl_put() (git-fixes).\n\n - misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom (git-fixes).\n\n - misc: fastrpc: restrict user apps from sending kernel RPC messages (git-fixes).\n\n - misc/pvpanic: Export module FDT device table (git-fixes).\n\n - misc: rtsx: init of rts522a add OCP power off when no card is present (git-fixes).\n\n - mmc: core: Fix partition switch time for eMMC (git-fixes).\n\n - mmc: cqhci: Fix random crash when remove mmc module/card (git-fixes).\n\n - mmc: mxs-mmc: Fix a resource leak in an error handling path in 'mxs_mmc_probe()' (git-fixes).\n\n - mmc: sdhci-esdhc-imx: fix kernel panic when remove module (git-fixes).\n\n - mmc: sdhci-of-dwcmshc: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes).\n\n - mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page (git-fixes).\n\n - mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (bsc#1168777).\n\n - mount: fix mounting of detached mounts onto targets that reside on shared mounts (git-fixes).\n\n - net: bonding: fix error return code of bond_neigh_init() (bsc#1154353).\n\n - net: cdc-phonet: fix data-interface release on probe failure (git-fixes).\n\n - net: core: introduce __netdev_notify_peers (bsc#1183871 ltc#192139).\n\n - netdevsim: init u64 stats for 32bit hardware (git-fixes).\n\n - net: dsa: rtl8366: Fix VLAN semantics (git-fixes).\n\n - net: dsa: rtl8366: Fix VLAN set-up (git-fixes).\n\n - net: dsa: rtl8366rb: Support all 4096 VLANs (git-fixes).\n\n - net: enic: Cure the enic api locking trainwreck (git-fixes).\n\n - net: ethernet: aquantia: Fix wrong return value (git-fixes).\n\n - net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop (git-fixes).\n\n - net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours (bsc#1183871 ltc#192139).\n\n - net: ethernet: ti: cpsw: fix clean up of vlan mc entries for host port (git-fixes).\n\n - net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() (git-fixes).\n\n - net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes).\n\n - net: fec: Fix reference count leak in fec series ops (git-fixes).\n\n - net: gemini: Fix another missing clk_disable_unprepare() in probe (git-fixes).\n\n - net: gemini: Fix missing free_netdev() in error path of gemini_ethernet_port_probe() (git-fixes).\n\n - net: gianfar: Add of_node_put() before goto statement (git-fixes).\n\n - net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device (git-fixes).\n\n - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup (git-fixes).\n\n - net: korina: cast KSEG0 address to pointer in kfree (git-fixes).\n\n - net: korina: fix kfree of rx/tx descriptor array (git-fixes).\n\n - net/mlx5: Disable devlink reload for lag devices (jsc#SLE-8464).\n\n - net/mlx5: Disable devlink reload for multi port slave device (jsc#SLE-8464).\n\n - net/mlx5: Disallow RoCE on lag device (jsc#SLE-8464).\n\n - net/mlx5: Disallow RoCE on multi port slave device (jsc#SLE-8464).\n\n - net/mlx5e: E-switch, Fix rate calculation division (jsc#SLE-8464).\n\n - net/mlx5e: E-switch, Fix rate calculation for overflow (jsc#SLE-8464).\n\n - net: mvneta: fix double free of txq->buf (git-fixes).\n\n - net: mvneta: make tx buffer array agnostic (git-fixes).\n\n - net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes).\n\n - netsec: restore phy power state after controller reset (bsc#1183757).\n\n - net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes).\n\n - net: stmmac: Fix incorrect location to set real_num_rx|tx_queues (git-fixes).\n\n - net: stmmac: removed enabling eee in EEE set callback (git-fixes).\n\n - net: stmmac: use netif_tx_start|stop_all_queues() function (git-fixes).\n\n - net: stmmac: Use rtnl_lock/unlock on netif_set_real_num_rx_queues() call (git-fixes).\n\n - net: usb: ax88179_178a: fix missing stop entry in driver_info (git-fixes).\n\n - net: usb: qmi_wwan: allow qmimux add/del with master up (git-fixes).\n\n - net: usb: qmi_wwan: support ZTE P685M modem (git-fixes).\n\n - nfp: flower: fix pre_tun mask id allocation (bsc#1154353).\n\n - nvme: allocate the keep alive request using BLK_MQ_REQ_NOWAIT (bsc#1182077).\n\n - nvme-fabrics: fix kato initialization (bsc#1182591).\n\n - nvme-fabrics: only reserve a single tag (bsc#1182077).\n\n - nvme-fc: fix racing controller reset and create association (bsc#1183048).\n\n - nvme-hwmon: Return error code when registration fails (bsc#1177326).\n\n - nvme: merge nvme_keep_alive into nvme_keep_alive_work (bsc#1182077).\n\n - nvme: return an error if nvme_set_queue_count() fails (bsc#1180197).\n\n - nvmet-rdma: Fix list_del corruption on queue establishment failure (bsc#1183501).\n\n - objtool: Fix '.cold' section suffix check for newer versions of GCC (bsc#1169514).\n\n - objtool: Fix error handling for STD/CLD warnings (bsc#1169514).\n\n - objtool: Fix retpoline detection in asm code (bsc#1169514).\n\n - ovl: fix dentry leak in ovl_get_redirect (bsc#1184176).\n\n - ovl: fix out of date comment and unreachable code (bsc#1184176).\n\n - ovl: fix regression with re-formatted lower squashfs (bsc#1184176).\n\n - ovl: fix unneeded call to ovl_change_flags() (bsc#1184176).\n\n - ovl: fix value of i_ino for lower hardlink corner case (bsc#1184176).\n\n - ovl: initialize error in ovl_copy_xattr (bsc#1184176).\n\n - ovl: relax WARN_ON() when decoding lower directory file handle (bsc#1184176).\n\n - PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse (git-fixes).\n\n - PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller (git-fixes).\n\n - PCI: Align checking of syscall user config accessors (git-fixes).\n\n - PCI: Decline to resize resources if boot config must be preserved (git-fixes).\n\n - PCI: Fix pci_register_io_range() memory leak (git-fixes).\n\n - PCI: mediatek: Add missing of_node_put() to fix reference leak (git-fixes).\n\n - PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes).\n\n - PCI: xgene-msi: Fix race in installing chained irq handler (git-fixes).\n\n - pinctrl: rockchip: fix restore error in resume (git-fixes).\n\n - Platform: OLPC: Fix probe error handling (git-fixes).\n\n - platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch 10E SW3-016 (git-fixes).\n\n - platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag (git-fixes).\n\n - platform/x86: acer-wmi: Add new force_caps module parameter (git-fixes).\n\n - platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices (git-fixes).\n\n - platform/x86: acer-wmi: Cleanup accelerometer device handling (git-fixes).\n\n - platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines (git-fixes).\n\n - platform/x86: intel-vbtn: Stop reporting SW_DOCK events (git-fixes).\n\n - PM: EM: postpone creating the debugfs dir till fs_initcall (git-fixes).\n\n - PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter (bsc#1183366).\n\n - PM: runtime: Fix race getting/putting suppliers at probe (git-fixes).\n\n - powerpc/book3s64/radix: Remove WARN_ON in destroy_context() (bsc#1183692 ltc#191963).\n\n - powerpc/pseries/mobility: handle premature return from H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922).\n\n - powerpc/pseries/mobility: use struct for shared state (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922).\n\n - printk: fix deadlock when kernel panic (bsc#1183018).\n\n - proc: fix lookup in /proc/net subdirectories after setns(2) (git-fixes).\n\n - pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() (git-fixes).\n\n - qxl: Fix uninitialised struct field head.surface_id (git-fixes).\n\n - random: fix the RNDRESEEDCRNG ioctl (git-fixes).\n\n - RDMA/hns: Disable RQ inline by default (jsc#SLE-8449).\n\n - RDMA/hns: Fix type of sq_signal_bits (jsc#SLE-8449).\n\n - RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc#1169709)\n\n - Revert 'net: bonding: fix error return code of bond_neigh_init()' (bsc#1154353).\n\n - rpadlpar: fix potential drc_name corruption in store functions (bsc#1183416 ltc#191079).\n\n - rpm/check-for-config-changes: add -mrecord-mcount ignore Added by 3b15cdc15956 (tracing: move function tracer options to Kconfig) upstream.\n\n - rpm/check-for-config-changes: comment on the list To explain what it actually is.\n\n - rpm/check-for-config-changes: declare sed args as an array So that we can reuse it in both seds. This also introduces IGNORED_CONFIGS_RE array which can be easily extended.\n\n - rpm/check-for-config-changes: define ignores more strictly * search for whole words, so make wildcards explicit * use ' for quoting * prepend CONFIG_ dynamically, so it need not be in the list\n\n - rpm/check-for-config-changes: ignore more configs Specifially, these: * CONFIG_CC_HAS_* * CONFIG_CC_HAVE_*\n * CONFIG_CC_CAN_* * CONFIG_HAVE_[A-Z]*_COMPILER * CONFIG_TOOLS_SUPPORT_* are compiler specific too. This will allow us to use super configs using kernel's dummy-tools.\n\n - rpm/check-for-config-changes: sort the ignores They are growing so to make them searchable by humans.\n\n - rsi: Fix TX EAPOL packet handling against iwlwifi AP (git-fixes).\n\n - rsi: Move card interrupt handling to RX thread (git-fixes).\n\n - rsxx: Return -EFAULT if copy_to_user() fails (git-fixes).\n\n - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes).\n\n - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes).\n\n - s390/crypto: return -EFAULT if copy_to_user() fails (git-fixes).\n\n - s390/dasd: fix hanging IO request during DASD driver unbind (git-fixes).\n\n - s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes).\n\n - s390/qeth: fix notification for pending buffers during teardown (git-fixes).\n\n - s390/qeth: improve completion of pending TX buffers (git-fixes).\n\n - s390/qeth: schedule TX NAPI on QAOB completion (git-fixes).\n\n - s390/vtime: fix increased steal time accounting (bsc#1183859).\n\n - samples, bpf: Add missing munmap in xdpsock (bsc#1155518).\n\n - scsi: lpfc: Change wording of invalid pci reset log message (bsc#1182574).\n\n - scsi: lpfc: Correct function header comments related to ndlp reference counting (bsc#1182574).\n\n - scsi: lpfc: Fix ADISC handling that never frees nodes (bsc#1182574).\n\n - scsi: lpfc: Fix crash caused by switch reboot (bsc#1182574).\n\n - scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (bsc#1182574).\n\n - scsi: lpfc: Fix FLOGI failure due to accessing a freed node (bsc#1182574).\n\n - scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe (bsc#1182574).\n\n - scsi: lpfc: Fix lpfc_els_retry() possible NULL pointer dereference (bsc#1182574).\n\n - scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574).\n\n - scsi: lpfc: Fix NULL pointer dereference in lpfc_prep_els_iocb() (bsc#1182574).\n\n - scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN (bsc#1182574).\n\n - scsi: lpfc: Fix pt2pt connection does not recover after LOGO (bsc#1182574).\n\n - scsi: lpfc: Fix pt2pt state transition causing rmmod hang (bsc#1182574).\n\n - scsi: lpfc: Fix reftag generation sizing errors (bsc#1182574).\n\n - scsi: lpfc: Fix stale node accesses on stale RRQ request (bsc#1182574).\n\n - scsi: lpfc: Fix status returned in lpfc_els_retry() error exit path (bsc#1182574).\n\n - scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf (bsc#1182574).\n\n - scsi: lpfc: Fix use after free in lpfc_els_free_iocb (bsc#1182574).\n\n - scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid() (bsc#1182574).\n\n - scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports (bsc#1182574).\n\n - scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8 changes (bsc#1182574).\n\n - scsi: lpfc: Update lpfc version to 12.8.0.8 (bsc#1182574).\n\n - scsi: target: pscsi: Avoid OOM in pscsi_map_sg() (bsc#1183843).\n\n - scsi: target: pscsi: Clean up after failure in pscsi_map_sg() (bsc#1183843).\n\n - selftests/bpf: Mask bpf_csum_diff() return value to 16 bits in test_verifier (bsc#1155518).\n\n - selftests/bpf: No need to drop the packet when there is no geneve opt (bsc#1155518).\n\n - selftests/bpf: Set gopt opt_class to 0 if get tunnel opt failed (bsc#1155518).\n\n - selinux: fix error initialization in inode_doinit_with_dentry() (git-fixes).\n\n - selinux: Fix error return code in sel_ib_pkey_sid_slow() (git-fixes).\n\n - selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling (git-fixes).\n\n - smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540).\n\n - software node: Fix node registration (git-fixes).\n\n - spi: stm32: make spurious and overrun interrupts visible (git-fixes).\n\n - squashfs: fix inode lookup sanity checks (bsc#1183750).\n\n - squashfs: fix xattr id and id lookup sanity checks (bsc#1183750).\n\n - staging: bcm2835-audio: Replace unsafe strcpy() with strscpy() (git-fixes).\n\n - staging: comedi: addi_apci_1032: Fix endian problem for COS sample (git-fixes).\n\n - staging: comedi: addi_apci_1500: Fix endian problem for command sample (git-fixes).\n\n - staging: comedi: adv_pci1710: Fix endian problem for AI command data (git-fixes).\n\n - staging: comedi: das6402: Fix endian problem for AI command data (git-fixes).\n\n - staging: comedi: das800: Fix endian problem for AI command data (git-fixes).\n\n - staging: comedi: dmm32at: Fix endian problem for AI command data (git-fixes).\n\n - staging: comedi: me4000: Fix endian problem for AI command data (git-fixes).\n\n - staging: comedi: pcl711: Fix endian problem for AI command data (git-fixes).\n\n - staging: comedi: pcl818: Fix endian problem for AI command data (git-fixes).\n\n - staging: fwserial: Fix error handling in fwserial_create (git-fixes).\n\n - staging: gdm724x: Fix DMA from stack (git-fixes).\n\n - staging: ks7010: prevent buffer overflow in ks_wlan_set_scan() (git-fixes).\n\n - staging: most: sound: add sanity check for function argument (git-fixes).\n\n - staging: rtl8188eu: Add Edimax EW-7811UN V2 to device table (git-fixes).\n\n - staging: rtl8188eu: fix potential memory corruption in rtw_check_beacon_data() (git-fixes).\n\n - staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan() (git-fixes).\n\n - staging: rtl8192e: Change state information from u16 to u8 (git-fixes).\n\n - staging: rtl8192e: Fix incorrect source in memcpy() (git-fixes).\n\n - staging: rtl8192e: Fix possible buffer overflow in\n _rtl92e_wx_set_scan (git-fixes).\n\n - staging: rtl8192u: fix ->ssid overflow in r8192_wx_set_scan() (git-fixes).\n\n - staging: rtl8712: Fix possible buffer overflow in r8712_sitesurvey_cmd (git-fixes).\n\n - staging: rtl8712: unterminated string leads to read overflow (git-fixes).\n\n - stop_machine: mark helpers __always_inline (git-fixes).\n\n - udlfb: Fix memory leak in dlfb_usb_probe (git-fixes).\n\n - Update bug reference for USB-audio fixes (bsc#1182552 bsc#1183598)\n\n - USB: cdc-acm: fix double free on probe failure (git-fixes).\n\n - USB: cdc-acm: fix use-after-free after probe failure (git-fixes).\n\n - USB: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board (git-fixes).\n\n - USB: dwc2: Prevent core suspend when port connection flag is 0 (git-fixes).\n\n - USB: dwc3: gadget: Fix dep->interval for fullspeed interrupt (git-fixes).\n\n - USB: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1 (git-fixes).\n\n - USB: dwc3: qcom: Add missing DWC3 OF node refcount decrement (git-fixes).\n\n - USB: dwc3: qcom: Honor wakeup enabled/disabled state (git-fixes).\n\n - USB: gadget: configfs: Fix KASAN use-after-free (git-fixes).\n\n - USB: gadget: f_uac1: stop playback on function disable (git-fixes).\n\n - USB: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot (git-fixes).\n\n - USB: gadget: udc: amd5536udc_pci fix null-ptr-dereference (git-fixes).\n\n - USB: gadget: u_ether: Fix a configfs return code (git-fixes).\n\n - USBip: Fix incorrect double assignment to udc->ud.tcp_rx (git-fixes).\n\n - USBip: fix stub_dev to check for stream socket (git-fixes).\n\n - USBip: fix stub_dev USBip_sockfd_store() races leading to gpf (git-fixes).\n\n - USBip: fix vhci_hcd attach_store() races leading to gpf (git-fixes).\n\n - USBip: fix vhci_hcd to check for stream socket (git-fixes).\n\n - USBip: fix vudc to check for stream socket (git-fixes).\n\n - USBip: fix vudc usbip_sockfd_store races leading to gpf (git-fixes).\n\n - USBip: tools: fix build error for multiple definition (git-fixes).\n\n - USB: musb: Fix suspend with devices connected for a64 (git-fixes).\n\n - USB: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM (git-fixes).\n\n - USB: replace hardcode maximum usb string length by definition (git-fixes).\n\n - USB: serial: ch341: add new Product ID (git-fixes).\n\n - USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter (git-fixes).\n\n - USB: serial: cp210x: add some more GE USB IDs (git-fixes).\n\n - USB: serial: ftdi_sio: fix FTX sub-integer prescaler (git-fixes).\n\n - USB: serial: io_edgeport: fix memory leak in edge_startup (git-fixes).\n\n - USB-storage: Add quirk to defeat Kindle's automatic unload (git-fixes).\n\n - USB: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy- (git-fixes).\n\n - USB: usblp: fix a hang in poll() if disconnected (git-fixes).\n\n - USB: xhci: do not perform Soft Retry for some xHCI hosts (git-fixes).\n\n - USB: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing (git-fixes).\n\n - USB: xhci-mtk: fix broken streams issue on 0.96 xHCI (git-fixes).\n\n - use __netdev_notify_peers in ibmvnic (bsc#1183871 ltc#192139).\n\n - video: fbdev: acornfb: remove free_unused_pages() (bsc#1152489)\n\n - video: hyperv_fb: Fix a double free in hvfb_probe (git-fixes).\n\n - VMCI: Use set_page_dirty_lock() when unregistering guest memory (git-fixes).\n\n - vt/consolemap: do font sum unsigned (git-fixes).\n\n - watchdog: mei_wdt: request stop on unregister (git-fixes).\n\n - wireguard: device: do not generate ICMP for non-IP packets (git-fixes).\n\n - wireguard: kconfig: use arm chacha even with no neon (git-fixes).\n\n - wireguard: selftests: test multiple parallel streams (git-fixes).\n\n - wlcore: Fix command execute failure 19 for wl12xx (git-fixes).\n\n - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1152489).\n\n - xen/events: avoid handling the same event on two cpus at the same time (git-fixes).\n\n - xen/events: do not unmask an event channel when an eoi is pending (git-fixes).\n\n - xen/events: reset affinity of 2-level event when tearing it down (git-fixes).\n\n - xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367).\n\n - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367).\n\n - xfs: group quota should return EDQUOT when prj quota enabled (bsc#1180980).\n\n - xhci: Fix repeated xhci wake after suspend due to uncleared internal wake state (git-fixes).\n\n - xhci: Improve detection of device initiated wake signal (git-fixes).", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-04-12T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2021-532)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18814", "CVE-2019-19769", "CVE-2020-27170", "CVE-2020-27171", "CVE-2020-27815", "CVE-2020-35519", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-28038", "CVE-2021-28375", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972", "CVE-2021-29264", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-3428", "CVE-2021-3444"], "modified": "2021-04-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-rebuild", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-preempt", "p-cpe:/a:novell:opensuse:kernel-preempt-debuginfo", "p-cpe:/a:novell:opensuse:kernel-preempt-debugsource", "p-cpe:/a:novell:opensuse:kernel-preempt-devel", "p-cpe:/a:novell:opensuse:kernel-preempt-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-532.NASL", "href": "https://www.tenable.com/plugins/nessus/148438", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-532.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(148438);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/14\");\n\n script_cve_id(\"CVE-2019-18814\", \"CVE-2019-19769\", \"CVE-2020-27170\", \"CVE-2020-27171\", \"CVE-2020-27815\", \"CVE-2020-35519\", \"CVE-2021-27363\", \"CVE-2021-27364\", \"CVE-2021-27365\", \"CVE-2021-28038\", \"CVE-2021-28375\", \"CVE-2021-28660\", \"CVE-2021-28688\", \"CVE-2021-28964\", \"CVE-2021-28971\", \"CVE-2021-28972\", \"CVE-2021-29264\", \"CVE-2021-29265\", \"CVE-2021-29647\", \"CVE-2021-3428\", \"CVE-2021-3444\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2021-532)\");\n script_summary(english:\"Check for the openSUSE-2021-532 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The openSUSE Leap 15.2 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2021-3444: Fixed an issue with the bpf verifier\n which did not properly handle mod32 destination register\n truncation when the source register was known to be 0\n leading to out of bounds read (bsc#1184170).\n\n - CVE-2021-3428: Fixed an integer overflow in\n ext4_es_cache_extent (bsc#1173485).\n\n - CVE-2021-29647: Fixed an issue in qrtr_recvmsg which\n could have allowed attackers to obtain sensitive\n information from kernel memory because of a partially\n uninitialized data structure (bsc#1184192 ).\n\n - CVE-2021-29265: Fixed an issue in usbip_sockfd_store\n which could have allowed attackers to cause a denial of\n service due to race conditions during an update of the\n local and shared status (bsc#1184167).\n\n - CVE-2021-29264: Fixed an issue in the Freescale Gianfar\n Ethernet driver which could have allowed attackers to\n cause a system crash due to a calculation of negative\n fragment size (bsc#1184168).\n\n - CVE-2021-28972: Fixed a user-tolerable buffer overflow\n when writing a new device name to the driver from\n userspace, allowing userspace to write data to the\n kernel stack frame directly (bsc#1184198).\n\n - CVE-2021-28971: Fixed an issue in\n intel_pmu_drain_pebs_nhm which could have caused a\n system crash because the PEBS status in a PEBS record\n was mishandled (bsc#1184196 ).\n\n - CVE-2021-28964: Fixed a race condition in get_old_root\n which could have allowed attackers to cause a denial of\n service (bsc#1184193).\n\n - CVE-2021-28688: Fixed an issue introduced by XSA-365\n (bsc#1183646).\n\n - CVE-2021-28660: Fixed an out of bounds write in\n rtw_wx_set_scan (bsc#1183593 ).\n\n - CVE-2021-28375: Fixed an issue in\n fastrpc_internal_invoke which did not prevent user\n applications from sending kernel RPC messages\n (bsc#1183596).\n\n - CVE-2021-28038: Fixed an issue with the netback driver\n which was lacking necessary treatment of errors such as\n failed memory allocations (bsc#1183022).\n\n - CVE-2021-27365: Fixed an issue where an unprivileged\n user can send a Netlink message that is associated with\n iSCSI, and has a length up to the maximum length of a\n Netlink message (bsc#1182715).\n\n - CVE-2021-27364: Fixed an issue where an attacker could\n craft Netlink messages (bsc#1182717).\n\n - CVE-2021-27363: Fixed a kernel pointer leak which could\n have been used to determine the address of the\n iscsi_transport structure (bsc#1182716).\n\n - CVE-2020-35519: Fixed an out-of-bounds memory access was\n found in x25_bind (bsc#1183696).\n\n - CVE-2020-27815: Fixed an issue in JFS filesystem where\n could have allowed an attacker to execute code\n (bsc#1179454).\n\n - CVE-2020-27171: Fixed an off-by-one error affecting\n out-of-bounds speculation on pointer arithmetic, leading\n to side-channel attacks that defeat Spectre mitigations\n and obtain sensitive information from kernel memory\n (bsc#1183775).\n\n - CVE-2020-27170: Fixed potential side-channel attacks\n that defeat Spectre mitigations and obtain sensitive\n information from kernel memory (bsc#1183686).\n\n - CVE-2019-19769: Fixed a use-after-free in the\n perf_trace_lock_acquire function (bsc#1159280 ).\n\n - CVE-2019-18814: Fixed a use-after-free when\n aa_label_parse() fails in aa_audit_rule_init()\n (bsc#1156256).\n\nThe following non-security bugs were fixed :\n\n -\n 0007-block-add-docs-for-gendisk-request_queue-refcount-h\n e.patch: (bsc#1171295, git fixes (block drivers)).\n\n -\n 0008-block-revert-back-to-synchronous-request_queue-remo\n v.patch: (bsc#1171295, git fixes (block drivers)).\n\n - 0009-blktrace-fix-debugfs-use-after-free.patch:\n (bsc#1171295, git fixes (block drivers)). \n\n - ACPI: bus: Constify is_acpi_node() and friends (part 2)\n (git-fixes).\n\n - ACPICA: Always create namespace nodes using\n acpi_ns_create_node() (git-fixes).\n\n - ACPICA: Enable sleep button on ACPI legacy wake\n (bsc#1181383).\n\n - ACPICA: Fix race in generic_serial_bus (I2C) and GPIO\n op_region parameter handling (git-fixes).\n\n - ACPI: scan: Rearrange memory allocation in\n acpi_device_add() (git-fixes).\n\n - ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807\n (git-fixes).\n\n - ACPI: video: Add missing callback back for Sony\n VPCEH3U1E (git-fixes).\n\n - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits\n (git-fixes).\n\n - ALSA: hda: Avoid spurious unsol event handling during\n S3/S4 (git-fixes).\n\n - ALSA: hda: Drop the BATCH workaround for AMD controllers\n (git-fixes).\n\n - ALSA: hda: generic: Fix the micmute led init state\n (git-fixes).\n\n - ALSA: hda/hdmi: Cancel pending works before suspend\n (git-fixes).\n\n - ALSA: hda/realtek: Add quirk for Clevo NH55RZQ\n (git-fixes).\n\n - ALSA: hda/realtek: Add quirk for Intel NUC 10\n (git-fixes).\n\n - ALSA: hda/realtek: Apply dual codec quirks for MSI\n Godlike X570 board (git-fixes).\n\n - ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi\n Redmibook Air (git-fixes).\n\n - ALSA: hda/realtek: apply pin quirk for XiaomiNotebook\n Pro (git-fixes).\n\n - ALSA: hda/realtek: Enable headset mic of Acer SWIFT with\n ALC256 (git-fixes).\n\n - ALSA: hda/realtek: fix a determine_headset_type issue\n for a Dell AIO (git-fixes).\n\n - ALSA: usb: Add Plantronics C320-M USB ctrl msg delay\n quirk (bsc#1182552).\n\n - ALSA: usb-audio: Allow modifying parameters with\n succeeding hw_params calls (bsc#1182552).\n\n - ALSA: usb-audio: Apply sample rate quirk to Logitech\n Connect (git-fixes).\n\n - ALSA: usb-audio: Apply the control quirk to Plantronics\n headsets (bsc#1182552).\n\n - ALSA: usb-audio: Disable USB autosuspend properly in\n setup_disable_autosuspend() (bsc#1182552).\n\n - ALSA: usb-audio: Do not abort even if the clock rate\n differs (bsc#1182552).\n\n - ALSA: usb-audio: Drop bogus dB range in too low level\n (bsc#1182552).\n\n - ALSA: usb-audio: Fix 'cannot get freq eq' errors on Dell\n AE515 sound bar (bsc#1182552).\n\n - ALSA: usb-audio: fix NULL ptr dereference in\n usb_audio_probe (bsc#1182552).\n\n - ALSA: usb-audio: Fix 'RANGE setting not yet supported'\n errors (git-fixes).\n\n - ALSA: usb-audio: fix use after free in\n usb_audio_disconnect (bsc#1182552).\n\n - ALSA: usb-audio: Skip the clock selector inquiry for\n single connections (git-fixes).\n\n - ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it\n (git-fixes).\n\n - amd/amdgpu: Disable VCN DPG mode for Picasso\n (git-fixes).\n\n - apparmor: check/put label on\n apparmor_sk_clone_security() (git-fixes).\n\n - arm64: make STACKPROTECTOR_PER_TASK configurable\n (bsc#1181862).\n\n - ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes).\n\n - ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes).\n\n - ASoC: cs42l42: Always wait at least 3ms after reset\n (git-fixes).\n\n - ASoC: cs42l42: Do not enable/disable regulator at Bias\n Level (git-fixes).\n\n - ASoC: cs42l42: Fix Bitclock polarity inversion\n (git-fixes).\n\n - ASoC: cs42l42: Fix channel width support (git-fixes).\n\n - ASoC: cs42l42: Fix mixer volume control (git-fixes).\n\n - ASoC: es8316: Simplify adc_pga_gain_tlv table\n (git-fixes).\n\n - ASoC: fsl_ssi: Fix TDM slot setup for I2S mode\n (git-fixes).\n\n - ASoC: Intel: Add DMI quirk table to\n soc_intel_is_byt_cr() (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium\n 140 (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One\n S1002 tablet (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for the Estar\n Beauty HD MID 7316R tablet (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad\n A15 tablet (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX\n OVCD current threshold (git-fixes).\n\n - ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper\n EZpad 7 tablet (git-fixes).\n\n - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off\n by a factor of 10 (git-fixes).\n\n - ASoC: rt5651: Fix dac- and adc- vol-tlv values being off\n by a factor of 10 (git-fixes).\n\n - ASoC: rt5670: Add emulated 'DAC1 Playback Switch'\n control (git-fixes).\n\n - ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from\n Sto1 ADC mixer settings (git-fixes).\n\n - ASoC: rt5670: Remove 'HP Playback Switch' control\n (git-fixes).\n\n - ASoC: rt5670: Remove 'OUT Channel Switch' control\n (git-fixes).\n\n - ASoC: sgtl5000: set DAP_AVC_CTRL register to correct\n default value on probe (git-fixes).\n\n - ASoC: simple-card-utils: Do not handle device clock\n (git-fixes).\n\n - ath10k: fix wmi mgmt tx queue full due to race condition\n (git-fixes).\n\n - ath9k: fix transmitting to stations in dynamic SMPS mode\n (git-fixes).\n\n - binfmt_misc: fix possible deadlock in bm_register_write\n (git-fixes).\n\n - binfmt_misc: fix possible deadlock in bm_register_write\n (git-fixes).\n\n -\n blktrace-annotate-required-lock-on-do_blk_trace_setu.pat\n ch: (bsc#1171295).\n\n -\n blktrace-Avoid-sparse-warnings-when-assigning-q-blk_.pat\n ch: (bsc#1171295).\n\n -\n blktrace-break-out-of-blktrace-setup-on-concurrent-c.pat\n ch: (bsc#1171295).\n\n -\n block-clarify-context-for-refcount-increment-helpers.pat\n ch: (bsc#1171295).\n\n - block: rsxx: fix error return code of rsxx_pci_probe()\n (git-fixes).\n\n - Bluetooth: Fix NULL pointer dereference in\n amp_read_loc_assoc_final_data (git-fixes).\n\n - Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY\n for btrtl (git-fixes).\n\n - bnxt_en: reliably allocate IRQ table on reset to avoid\n crash (jsc#SLE-8371 bsc#1153274).\n\n - bpf: Add sanity check for upper ptr_limit (bsc#1183686\n bsc#1183775).\n\n - bpf: Avoid warning when re-casting __bpf_call_base into\n __bpf_call_base_args (bsc#1155518).\n\n - bpf: Declare __bpf_free_used_maps() unconditionally\n (bsc#1155518).\n\n - bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp\n programs (bsc#1155518).\n\n - bpf: Fix 32 bit src register truncation on div/mod\n (bsc#1184170).\n\n - bpf_lru_list: Read double-checked variable once without\n lock (bsc#1155518).\n\n - bpf: Simplify alu_limit masking for pointer arithmetic\n (bsc#1183686 bsc#1183775).\n\n - bpf,x64: Pad NOPs to make images converge more easily\n (bsc#1178163).\n\n - brcmfmac: Add DMI nvram filename quirk for Predia Basic\n tablet (git-fixes).\n\n - brcmfmac: Add DMI nvram filename quirk for Voyo winpad\n A15 tablet (git-fixes).\n\n - btrfs: abort the transaction if we fail to inc ref in\n btrfs_copy_root (bsc#1184217).\n\n - btrfs: always pin deleted leaves when there are active\n tree mod log users (bsc#1184224).\n\n - btrfs: fix exhaustion of the system chunk array due to\n concurrent allocations (bsc#1183386).\n\n - btrfs: fix extent buffer leak on failure to copy root\n (bsc#1184218).\n\n - btrfs: fix race when cloning extent buffer during rewind\n of an old root (bsc#1184193).\n\n - btrfs: fix stale data exposure after cloning a hole with\n NO_HOLES enabled (bsc#1184220).\n\n - btrfs: fix subvolume/snapshot deletion not triggered on\n mount (bsc#1184219).\n\n - bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD\n (git-fixes).\n\n - can: c_can: move runtime PM enable/disable to\n c_can_platform (git-fixes).\n\n - can: c_can_pci: c_can_pci_remove(): fix use-after-free\n (git-fixes).\n\n - can: flexcan: assert FRZ bit in flexcan_chip_freeze()\n (git-fixes).\n\n - can: flexcan: enable RX FIFO after FRZ/HALT valid\n (git-fixes).\n\n - can: flexcan: flexcan_chip_freeze(): fix chip freeze for\n missing bitrate (git-fixes).\n\n - can: flexcan: invoke flexcan_chip_freeze() to enter\n freeze mode (git-fixes).\n\n - can: m_can: m_can_do_rx_poll(): fix extraneous msg loss\n warning (git-fixes).\n\n - can: peak_usb: add forgotten supported devices\n (git-fixes).\n\n - can: peak_usb: Revert 'can: peak_usb: add forgotten\n supported devices' (git-fixes).\n\n - can: skb: can_skb_set_owner(): fix ref counting if\n socket was closed before setting skb ownership\n (git-fixes).\n\n - cdc-acm: fix BREAK rx code path adding necessary calls\n (git-fixes).\n\n - certs: Fix blacklist flag type confusion (git-fixes).\n\n - cifs: check pointer before freeing (bsc#1183534).\n\n - completion: Drop init_completion define (git-fixes).\n\n - configfs: fix a use-after-free in __configfs_open_file\n (git-fixes).\n\n - config: net: freescale: change xgmac-mdio to built-in\n References: bsc#1183015,bsc#1182595\n\n - crypto: aesni - prevent misaligned buffers on the stack\n (git-fixes).\n\n - crypto: arm64/sha - add missing module aliases\n (git-fixes).\n\n - crypto: bcm - Rename struct device_private to\n bcm_device_private (git-fixes).\n\n - crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires\n the manager (git-fixes).\n\n - crypto: tcrypt - avoid signed overflow in byte count\n (git-fixes).\n\n - Delete\n patches.suse/sched-Reenable-interrupts-in-do_sched_yield\n .patch (bsc#1183530) \n\n - drivers/misc/vmw_vmci: restrict too big queue size in\n qp_host_alloc_queue (git-fixes).\n\n - drm/amd/display: Guard against NULL pointer deref when\n get_i2c_info fails (git-fixes).\n\n - drm/amdgpu: Add check to prevent IH overflow\n (git-fixes).\n\n - drm/amdgpu: fix parameter error of RREG32_PCIE() in\n amdgpu_regs_pcie (git-fixes).\n\n - drm/amdkfd: Put ACPI table after using it (bsc#1152489)\n Backporting notes: * context changes\n\n - drm/amd/powerplay: fix spelling mistake\n 'smu_state_memroy_block' -> (bsc#1152489) Backporting\n notes: * rename amd/pm to amd/powerplay * context\n changes\n\n - drm/compat: Clear bounce structures (git-fixes).\n\n - drm/hisilicon: Fix use-after-free (git-fixes).\n\n - drm/i915: Reject 446-480MHz HDMI clock on GLK\n (git-fixes).\n\n - drm/mediatek: Fix aal size config (bsc#1152489)\n Backporting notes: * replaced mtk_ddp_write() with\n writel()\n\n - drm: meson_drv add shutdown function (git-fixes).\n\n - drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL\n register (git-fixes).\n\n - drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY)\n (git-fixes).\n\n - drm/msm: Fix races managing the OOB state for timestamp\n vs (bsc#1152489) Backporting notes: * context changes\n\n - drm/msm: fix shutdown hook in case GPU components failed\n to bind (git-fixes).\n\n - drm/msm: Fix use-after-free in msm_gem with carveout\n (bsc#1152489) Backporting notes: * context changes\n\n - drm/msm: Fix WARN_ON() splat in _free_object()\n (bsc#1152489) Backporting notes: * context changes\n\n - drm/msm/gem: Add obj->lock wrappers (bsc#1152489)\n Backporting notes: * taken for 9b73bde39cf2 ('drm/msm:\n Fix use-after-free in msm_gem with carveout') * context\n changes\n\n - drm/nouveau: bail out of nouveau_channel_new if channel\n init fails (bsc#1152489) \n\n - drm/nouveau/kms: handle mDP connectors (git-fixes).\n\n - drm/panfrost: Do not corrupt the queue mutex on\n open/close (bsc#1152472) \n\n - drm/panfrost: Fix job timeout handling (bsc#1152472)\n Backporting notes :\n\n - drm/panfrost: Remove unused variables in\n panfrost_job_close() (bsc#1152472)\n\n - drm/radeon: fix AGP dependency (git-fixes).\n\n - drm: rcar-du: Fix crash when using LVDS1 clock for CRTC\n (bsc#1152489) Backporting notes: * context changes\n\n - drm/sched: Cancel and flush all outstanding jobs before\n finish (git-fixes).\n\n - drm/sun4i: tcon: fix inverted DCLK polarity\n (bsc#1152489) Backporting notes: * context changes\n\n - drm/tegra: sor: Grab runtime PM reference across reset\n (git-fixes).\n\n - drm/vc4: hdmi: Restore cec physical address on reconnect\n (bsc#1152472) Backporting notes: * context changes *\n change vc4_hdmi to vc4->hdmi * removed references to\n encoder->hdmi_monitor\n\n - efi: use 32-bit alignment for efi_guid_t literals\n (git-fixes).\n\n - epoll: check for events when removing a timed out thread\n from the wait queue (git-fixes).\n\n - ethernet: alx: fix order of calls on resume (git-fixes).\n\n - exec: Move would_dump into flush_old_exec (git-fixes).\n\n - exfat: add missing MODULE_ALIAS_FS() (bsc#1182989).\n\n - exfat: add the dummy mount options to be backward\n compatible with staging/exfat (bsc#1182989).\n\n - extcon: Add stubs for extcon_register_notifier_all()\n functions (git-fixes).\n\n - extcon: Fix error handling in extcon_dev_register\n (git-fixes).\n\n - fbdev: aty: SPARC64 requires FB_ATY_CT (git-fixes).\n\n - firmware/efi: Fix a use after bug in\n efi_mem_reserve_persistent (git-fixes).\n\n - flow_dissector: fix byteorder of dissected ICMP ID\n (bsc#1154353).\n\n - fsl/fman: check dereferencing NULL pointer (git-fixes).\n\n - fsl/fman: fix dereference null return value (git-fixes).\n\n - fsl/fman: fix eth hash table allocation (git-fixes).\n\n - fsl/fman: fix unreachable code (git-fixes).\n\n - fsl/fman: use 32-bit unsigned integer (git-fixes).\n\n - fuse: verify write return (git-fixes).\n\n - gcc-plugins: drop support for GCC <= 4.7 (bcs#1181862).\n\n - gcc-plugins: make it possible to disable\n CONFIG_GCC_PLUGINS again (bcs#1181862).\n\n - gcc-plugins: simplify GCC plugin-dev capability test\n (bsc#1181862).\n\n - gianfar: Account for Tx PTP timestamp in the skb\n headroom (git-fixes).\n\n - gianfar: Fix TX timestamping with a stacked DSA driver\n (git-fixes).\n\n - gianfar: Replace skb_realloc_headroom with skb_cow_head\n for PTP (git-fixes).\n\n - Goodix Fingerprint device is not a modem (git-fixes).\n\n - gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes).\n\n - gpio: pca953x: Set IRQ type when handle Intel Galileo\n Gen 2 (git-fixes).\n\n - gpio: zynq: fix reference leak in zynq_gpio functions\n (git-fixes).\n\n - HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for\n ITE8568 EC on Voyo Winpad A15 (git-fixes).\n\n - HID: mf: add support for 0079:1846 Mayflash/Dragonrise\n USB Gamecube Adapter (git-fixes).\n\n - HSI: Fix PM usage counter unbalance in ssi_hw_init\n (git-fixes).\n\n - hwmon: (ina3221) Fix PM usage counter unbalance in\n ina3221_write_enable (git-fixes).\n\n - i2c: rcar: faster irq code to minimize HW race condition\n (git-fixes).\n\n - i2c: rcar: optimize cacheline to minimize HW race\n condition (git-fixes).\n\n - iavf: Fix incorrect adapter get in iavf_resume\n (git-fixes).\n\n - iavf: use generic power management (git-fixes).\n\n - ibmvnic: add comments for spinlock_t definitions\n (bsc#1183871 ltc#192139).\n\n - ibmvnic: always store valid MAC address (bsc#1182011\n ltc#191844).\n\n - ibmvnic: avoid multiple line dereference (bsc#1183871\n ltc#192139).\n\n - ibmvnic: fix block comments (bsc#1183871 ltc#192139).\n\n - ibmvnic: fix braces (bsc#1183871 ltc#192139).\n\n - ibmvnic: fix miscellaneous checks (bsc#1183871\n ltc#192139).\n\n - ibmvnic: Fix possibly uninitialized old_num_tx_queues\n variable warning (jsc#SLE-17268).\n\n - ibmvnic: merge do_change_param_reset into do_reset\n (bsc#1183871 ltc#192139).\n\n - ibmvnic: prefer strscpy over strlcpy (bsc#1183871\n ltc#192139).\n\n - ibmvnic: prefer 'unsigned long' over 'unsigned long int'\n (bsc#1183871 ltc#192139).\n\n - ibmvnic: remove excessive irqsave (bsc#1182485\n ltc#191591).\n\n - ibmvnic: remove unnecessary rmb() inside ibmvnic_poll\n (bsc#1183871 ltc#192139).\n\n - ibmvnic: remove unused spinlock_t stats_lock definition\n (bsc#1183871 ltc#192139).\n\n - ibmvnic: rework to ensure SCRQ entry reads are properly\n ordered (bsc#1183871 ltc#192139).\n\n - ibmvnic: simplify reset_long_term_buff function\n (bsc#1183023 ltc#191791).\n\n - ibmvnic: substitute mb() with dma_wmb() for send_*crq*\n functions (bsc#1183023 ltc#191791).\n\n - ice: fix memory leak if register_netdev_fails\n (git-fixes).\n\n - ice: fix memory leak in ice_vsi_setup (git-fixes).\n\n - ice: Fix state bits on LLDP mode switch (jsc#SLE-7926).\n\n - ice: renegotiate link after FW DCB on (jsc#SLE-8464).\n\n - ice: report correct max number of TCs (jsc#SLE-7926).\n\n - ice: update the number of available RSS queues\n (jsc#SLE-7926).\n\n - igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634).\n\n - iio: adc: ad7949: fix wrong ADC result due to incorrect\n bit mask (git-fixes).\n\n - iio:adc:qcom-spmi-vadc: add default scale to\n LR_MUX2_BAT_ID channel (git-fixes).\n\n - iio: adis16400: Fix an error code in\n adis16400_initial_setup() (git-fixes).\n\n - iio: gyro: mpu3050: Fix error handling in\n mpu3050_trigger_handler (git-fixes).\n\n - iio: hid-sensor-humidity: Fix alignment issue of\n timestamp channel (git-fixes).\n\n - iio: hid-sensor-prox: Fix scale not correct issue\n (git-fixes).\n\n - iio: hid-sensor-temperature: Fix issues of timestamp\n channel (git-fixes).\n\n - Input: applespi - do not wait for responses to commands\n indefinitely (git-fixes).\n\n - Input: elantech - fix protocol errors for some\n trackpoints in SMBus mode (git-fixes).\n\n - Input: i8042 - add ASUS Zenbook Flip to noselftest list\n (git-fixes).\n\n - Input: raydium_ts_i2c - do not send zero length\n (git-fixes).\n\n - Input: xpad - add support for PowerA Enhanced Wired\n Controller for Xbox Series X|S (git-fixes).\n\n - iommu/amd: Fix sleeping in atomic in\n increase_address_space() (bsc#1183277).\n\n - iommu/intel: Fix memleak in intel_irq_remapping_alloc\n (bsc#1183278).\n\n - iommu/qcom: add missing put_device() call in\n qcom_iommu_of_xlate() (bsc#1183637).\n\n - iommu/vt-d: Add get_domain_info() helper (bsc#1183279).\n\n - iommu/vt-d: Avoid panic if iommu init fails in tboot\n system (bsc#1183280).\n\n - iommu/vt-d: Correctly check addr alignment in\n qi_flush_dev_iotlb_pasid() (bsc#1183281).\n\n - iommu/vt-d: Do not use flush-queue when caching-mode is\n on (bsc#1183282).\n\n - iommu/vt-d: Fix general protection fault in\n aux_detach_device() (bsc#1183283).\n\n - iommu/vt-d: Fix ineffective devTLB invalidation for\n subdevices (bsc#1183284).\n\n - iommu/vt-d: Fix unaligned addresses for\n intel_flush_svm_range_dev() (bsc#1183285).\n\n - iommu/vt-d: Move intel_iommu info from struct intel_svm\n to struct intel_svm_dev (bsc#1183286).\n\n - ionic: linearize tso skb with too many frags\n (bsc#1167773).\n\n - kbuild: add dummy toolchains to enable all cc-option\n etc. in Kconfig (bcs#1181862).\n\n - kbuild: change *FLAGS_<basetarget>.o to take the path\n relative to $(obj) (bcs#1181862).\n\n - kbuild: dummy-tools, fix inverted tests for gcc\n (bcs#1181862).\n\n - kbuild: dummy-tools, support MPROFILE_KERNEL checks for\n ppc (bsc#1181862).\n\n - kbuild: Fail if gold linker is detected (bcs#1181862).\n\n - kbuild: improve cc-option to clean up all temporary\n files (bsc#1178330).\n\n - kbuild: include scripts/Makefile.* only when relevant\n CONFIG is enabled (bcs#1181862).\n\n - kbuild: simplify GCC_PLUGINS enablement in\n dummy-tools/gcc (bcs#1181862).\n\n - kbuild: stop filtering out $(GCC_PLUGINS_CFLAGS) from\n cc-option base (bcs#1181862).\n\n - kbuild: use -S instead of -E for precise cc-option test\n in Kconfig (bsc#1178330).\n\n - kconfig: introduce m32-flag and m64-flag (bcs#1181862).\n\n - KVM: nVMX: Properly handle userspace interrupt window\n request (bsc#1183427).\n\n - KVM: SVM: Clear the CR4 register on reset (bsc#1183252).\n\n - KVM: x86: Add helpers to perform CPUID-based guest\n vendor check (bsc#1183445). \n\n - KVM: x86: Add RIP to the kvm_entry, i.e. VM-Enter,\n tracepoint Needed as a dependency of 0b40723a827 ('kvm:\n tracing: Fix unmatched kvm_entry and kvm_exit events',\n bsc#1182770).\n\n - KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if\n tsx=off (bsc#1183287).\n\n - KVM: x86: do not reset microcode version on INIT or\n RESET (bsc#1183412).\n\n - KVM x86: Extend AMD specific guest behavior to Hygon\n virtual CPUs (bsc#1183447).\n\n - KVM: x86: list MSR_IA32_UCODE_REV as an emulated MSR\n (bsc#1183369).\n\n - KVM: x86: Return -E2BIG when KVM_GET_SUPPORTED_CPUID\n hits max entries (bsc#1183428).\n\n - KVM: x86: Set so called 'reserved CR3 bits in LM mask'\n at vCPU reset (bsc#1183288).\n\n - libbpf: Clear map_info before each\n bpf_obj_get_info_by_fd (bsc#1155518).\n\n - libbpf: Fix BTF dump of pointer-to-array-of-struct\n (bsc#1155518).\n\n - libbpf: Use SOCK_CLOEXEC when opening the netlink socket\n (bsc#1155518).\n\n - lib/syscall: fix syscall registers retrieval on 32-bit\n platforms (git-fixes).\n\n -\n loop-be-paranoid-on-exit-and-prevent-new-additions-r.pat\n ch: (bsc#1171295).\n\n - mac80211: fix double free in ibss_leave (git-fixes).\n\n - mac80211: fix rate mask reset (git-fixes).\n\n - mdio: fix mdio-thunder.c dependency & build error\n (git-fixes).\n\n - media: cros-ec-cec: do not bail on device_init_wakeup\n failure (git-fixes).\n\n - media: cx23885: add more quirks for reset DMA on some\n AMD IOMMU (git-fixes).\n\n - media: mceusb: Fix potential out-of-bounds shift\n (git-fixes).\n\n - media: mceusb: sanity check for prescaler value\n (git-fixes).\n\n - media: rc: compile rc-cec.c into rc-core (git-fixes).\n\n - media: usbtv: Fix deadlock on suspend (git-fixes).\n\n - media: uvcvideo: Allow entities with no pads\n (git-fixes).\n\n - media: v4l2-ctrls.c: fix shift-out-of-bounds in\n std_validate (git-fixes).\n\n - media: v4l: vsp1: Fix bru NULL pointer access\n (git-fixes).\n\n - media: v4l: vsp1: Fix uif NULL pointer access\n (git-fixes).\n\n - media: vicodec: add missing v4l2_ctrl_request_hdl_put()\n (git-fixes).\n\n - misc: eeprom_93xx46: Add quirk to support Microchip\n 93LC46B eeprom (git-fixes).\n\n - misc: fastrpc: restrict user apps from sending kernel\n RPC messages (git-fixes).\n\n - misc/pvpanic: Export module FDT device table\n (git-fixes).\n\n - misc: rtsx: init of rts522a add OCP power off when no\n card is present (git-fixes).\n\n - mmc: core: Fix partition switch time for eMMC\n (git-fixes).\n\n - mmc: cqhci: Fix random crash when remove mmc module/card\n (git-fixes).\n\n - mmc: mxs-mmc: Fix a resource leak in an error handling\n path in 'mxs_mmc_probe()' (git-fixes).\n\n - mmc: sdhci-esdhc-imx: fix kernel panic when remove\n module (git-fixes).\n\n - mmc: sdhci-of-dwcmshc: set\n SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes).\n\n - mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB\n page (git-fixes).\n\n - mm, numa: fix bad pmd by atomically check for\n pmd_trans_huge when marking page tables prot_numa\n (bsc#1168777).\n\n - mount: fix mounting of detached mounts onto targets that\n reside on shared mounts (git-fixes).\n\n - net: bonding: fix error return code of bond_neigh_init()\n (bsc#1154353).\n\n - net: cdc-phonet: fix data-interface release on probe\n failure (git-fixes).\n\n - net: core: introduce __netdev_notify_peers (bsc#1183871\n ltc#192139).\n\n - netdevsim: init u64 stats for 32bit hardware\n (git-fixes).\n\n - net: dsa: rtl8366: Fix VLAN semantics (git-fixes).\n\n - net: dsa: rtl8366: Fix VLAN set-up (git-fixes).\n\n - net: dsa: rtl8366rb: Support all 4096 VLANs (git-fixes).\n\n - net: enic: Cure the enic api locking trainwreck\n (git-fixes).\n\n - net: ethernet: aquantia: Fix wrong return value\n (git-fixes).\n\n - net: ethernet: cavium: octeon_mgmt: use phy_start and\n phy_stop (git-fixes).\n\n - net: ethernet: ibm: ibmvnic: Fix some kernel-doc\n misdemeanours (bsc#1183871 ltc#192139).\n\n - net: ethernet: ti: cpsw: fix clean up of vlan mc entries\n for host port (git-fixes).\n\n - net: fec: Fix phy_device lookup for\n phy_reset_after_clk_enable() (git-fixes).\n\n - net: fec: Fix PHY init after\n phy_reset_after_clk_enable() (git-fixes).\n\n - net: fec: Fix reference count leak in fec series ops\n (git-fixes).\n\n - net: gemini: Fix another missing clk_disable_unprepare()\n in probe (git-fixes).\n\n - net: gemini: Fix missing free_netdev() in error path of\n gemini_ethernet_port_probe() (git-fixes).\n\n - net: gianfar: Add of_node_put() before goto statement\n (git-fixes).\n\n - net: hdlc: In hdlc_rcv, check to make sure dev is an\n HDLC device (git-fixes).\n\n - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag\n after calling ether_setup (git-fixes).\n\n - net: korina: cast KSEG0 address to pointer in kfree\n (git-fixes).\n\n - net: korina: fix kfree of rx/tx descriptor array\n (git-fixes).\n\n - net/mlx5: Disable devlink reload for lag devices\n (jsc#SLE-8464).\n\n - net/mlx5: Disable devlink reload for multi port slave\n device (jsc#SLE-8464).\n\n - net/mlx5: Disallow RoCE on lag device (jsc#SLE-8464).\n\n - net/mlx5: Disallow RoCE on multi port slave device\n (jsc#SLE-8464).\n\n - net/mlx5e: E-switch, Fix rate calculation division\n (jsc#SLE-8464).\n\n - net/mlx5e: E-switch, Fix rate calculation for overflow\n (jsc#SLE-8464).\n\n - net: mvneta: fix double free of txq->buf (git-fixes).\n\n - net: mvneta: make tx buffer array agnostic (git-fixes).\n\n - net: qcom/emac: add missed clk_disable_unprepare in\n error path of emac_clks_phase1_init (git-fixes).\n\n - netsec: restore phy power state after controller reset\n (bsc#1183757).\n\n - net: spider_net: Fix the size used in a\n 'dma_free_coherent()' call (git-fixes).\n\n - net: stmmac: Fix incorrect location to set\n real_num_rx|tx_queues (git-fixes).\n\n - net: stmmac: removed enabling eee in EEE set callback\n (git-fixes).\n\n - net: stmmac: use netif_tx_start|stop_all_queues()\n function (git-fixes).\n\n - net: stmmac: Use rtnl_lock/unlock on\n netif_set_real_num_rx_queues() call (git-fixes).\n\n - net: usb: ax88179_178a: fix missing stop entry in\n driver_info (git-fixes).\n\n - net: usb: qmi_wwan: allow qmimux add/del with master up\n (git-fixes).\n\n - net: usb: qmi_wwan: support ZTE P685M modem (git-fixes).\n\n - nfp: flower: fix pre_tun mask id allocation\n (bsc#1154353).\n\n - nvme: allocate the keep alive request using\n BLK_MQ_REQ_NOWAIT (bsc#1182077).\n\n - nvme-fabrics: fix kato initialization (bsc#1182591).\n\n - nvme-fabrics: only reserve a single tag (bsc#1182077).\n\n - nvme-fc: fix racing controller reset and create\n association (bsc#1183048).\n\n - nvme-hwmon: Return error code when registration fails\n (bsc#1177326).\n\n - nvme: merge nvme_keep_alive into nvme_keep_alive_work\n (bsc#1182077).\n\n - nvme: return an error if nvme_set_queue_count() fails\n (bsc#1180197).\n\n - nvmet-rdma: Fix list_del corruption on queue\n establishment failure (bsc#1183501).\n\n - objtool: Fix '.cold' section suffix check for newer\n versions of GCC (bsc#1169514).\n\n - objtool: Fix error handling for STD/CLD warnings\n (bsc#1169514).\n\n - objtool: Fix retpoline detection in asm code\n (bsc#1169514).\n\n - ovl: fix dentry leak in ovl_get_redirect (bsc#1184176).\n\n - ovl: fix out of date comment and unreachable code\n (bsc#1184176).\n\n - ovl: fix regression with re-formatted lower squashfs\n (bsc#1184176).\n\n - ovl: fix unneeded call to ovl_change_flags()\n (bsc#1184176).\n\n - ovl: fix value of i_ino for lower hardlink corner case\n (bsc#1184176).\n\n - ovl: initialize error in ovl_copy_xattr (bsc#1184176).\n\n - ovl: relax WARN_ON() when decoding lower directory file\n handle (bsc#1184176).\n\n - PCI: Add a REBAR size quirk for Sapphire RX 5600 XT\n Pulse (git-fixes).\n\n - PCI: Add function 1 DMA alias quirk for Marvell 9215\n SATA controller (git-fixes).\n\n - PCI: Align checking of syscall user config accessors\n (git-fixes).\n\n - PCI: Decline to resize resources if boot config must be\n preserved (git-fixes).\n\n - PCI: Fix pci_register_io_range() memory leak\n (git-fixes).\n\n - PCI: mediatek: Add missing of_node_put() to fix\n reference leak (git-fixes).\n\n - PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064\n (git-fixes).\n\n - PCI: xgene-msi: Fix race in installing chained irq\n handler (git-fixes).\n\n - pinctrl: rockchip: fix restore error in resume\n (git-fixes).\n\n - Platform: OLPC: Fix probe error handling (git-fixes).\n\n - platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for\n the Aspire Switch 10E SW3-016 (git-fixes).\n\n - platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE\n capability flag (git-fixes).\n\n - platform/x86: acer-wmi: Add new force_caps module\n parameter (git-fixes).\n\n - platform/x86: acer-wmi: Add support for SW_TABLET_MODE\n on Switch devices (git-fixes).\n\n - platform/x86: acer-wmi: Cleanup accelerometer device\n handling (git-fixes).\n\n - platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines\n (git-fixes).\n\n - platform/x86: intel-vbtn: Stop reporting SW_DOCK events\n (git-fixes).\n\n - PM: EM: postpone creating the debugfs dir till\n fs_initcall (git-fixes).\n\n - PM: runtime: Add pm_runtime_resume_and_get to deal with\n usage counter (bsc#1183366).\n\n - PM: runtime: Fix race getting/putting suppliers at probe\n (git-fixes).\n\n - powerpc/book3s64/radix: Remove WARN_ON in\n destroy_context() (bsc#1183692 ltc#191963).\n\n - powerpc/pseries/mobility: handle premature return from\n H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662\n ltc#191922).\n\n - powerpc/pseries/mobility: use struct for shared state\n (bsc#1181674 ltc#189159 git-fixes bsc#1183662\n ltc#191922).\n\n - printk: fix deadlock when kernel panic (bsc#1183018).\n\n - proc: fix lookup in /proc/net subdirectories after\n setns(2) (git-fixes).\n\n - pwm: rockchip: rockchip_pwm_probe(): Remove superfluous\n clk_unprepare() (git-fixes).\n\n - qxl: Fix uninitialised struct field head.surface_id\n (git-fixes).\n\n - random: fix the RNDRESEEDCRNG ioctl (git-fixes).\n\n - RDMA/hns: Disable RQ inline by default (jsc#SLE-8449).\n\n - RDMA/hns: Fix type of sq_signal_bits (jsc#SLE-8449).\n\n - RDMA/srp: Fix support for unpopulated and unbalanced\n NUMA nodes (bsc#1169709)\n\n - Revert 'net: bonding: fix error return code of\n bond_neigh_init()' (bsc#1154353).\n\n - rpadlpar: fix potential drc_name corruption in store\n functions (bsc#1183416 ltc#191079).\n\n - rpm/check-for-config-changes: add -mrecord-mcount ignore\n Added by 3b15cdc15956 (tracing: move function tracer\n options to Kconfig) upstream.\n\n - rpm/check-for-config-changes: comment on the list To\n explain what it actually is.\n\n - rpm/check-for-config-changes: declare sed args as an\n array So that we can reuse it in both seds. This also\n introduces IGNORED_CONFIGS_RE array which can be easily\n extended.\n\n - rpm/check-for-config-changes: define ignores more\n strictly * search for whole words, so make wildcards\n explicit * use ' for quoting * prepend CONFIG_\n dynamically, so it need not be in the list\n\n - rpm/check-for-config-changes: ignore more configs\n Specifially, these: * CONFIG_CC_HAS_* * CONFIG_CC_HAVE_*\n * CONFIG_CC_CAN_* * CONFIG_HAVE_[A-Z]*_COMPILER *\n CONFIG_TOOLS_SUPPORT_* are compiler specific too. This\n will allow us to use super configs using kernel's\n dummy-tools.\n\n - rpm/check-for-config-changes: sort the ignores They are\n growing so to make them searchable by humans.\n\n - rsi: Fix TX EAPOL packet handling against iwlwifi AP\n (git-fixes).\n\n - rsi: Move card interrupt handling to RX thread\n (git-fixes).\n\n - rsxx: Return -EFAULT if copy_to_user() fails\n (git-fixes).\n\n - s390/cio: return -EFAULT if copy_to_user() fails\n (git-fixes).\n\n - s390/cio: return -EFAULT if copy_to_user() fails\n (git-fixes).\n\n - s390/crypto: return -EFAULT if copy_to_user() fails\n (git-fixes).\n\n - s390/dasd: fix hanging IO request during DASD driver\n unbind (git-fixes).\n\n - s390/qeth: fix memory leak after failed TX Buffer\n allocation (git-fixes).\n\n - s390/qeth: fix notification for pending buffers during\n teardown (git-fixes).\n\n - s390/qeth: improve completion of pending TX buffers\n (git-fixes).\n\n - s390/qeth: schedule TX NAPI on QAOB completion\n (git-fixes).\n\n - s390/vtime: fix increased steal time accounting\n (bsc#1183859).\n\n - samples, bpf: Add missing munmap in xdpsock\n (bsc#1155518).\n\n - scsi: lpfc: Change wording of invalid pci reset log\n message (bsc#1182574).\n\n - scsi: lpfc: Correct function header comments related to\n ndlp reference counting (bsc#1182574).\n\n - scsi: lpfc: Fix ADISC handling that never frees nodes\n (bsc#1182574).\n\n - scsi: lpfc: Fix crash caused by switch reboot\n (bsc#1182574).\n\n - scsi: lpfc: Fix dropped FLOGI during pt2pt discovery\n recovery (bsc#1182574).\n\n - scsi: lpfc: Fix FLOGI failure due to accessing a freed\n node (bsc#1182574).\n\n - scsi: lpfc: Fix incorrect dbde assignment when building\n target abts wqe (bsc#1182574).\n\n - scsi: lpfc: Fix lpfc_els_retry() possible NULL pointer\n dereference (bsc#1182574).\n\n - scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574).\n\n - scsi: lpfc: Fix NULL pointer dereference in\n lpfc_prep_els_iocb() (bsc#1182574).\n\n - scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN\n (bsc#1182574).\n\n - scsi: lpfc: Fix pt2pt connection does not recover after\n LOGO (bsc#1182574).\n\n - scsi: lpfc: Fix pt2pt state transition causing rmmod\n hang (bsc#1182574).\n\n - scsi: lpfc: Fix reftag generation sizing errors\n (bsc#1182574).\n\n - scsi: lpfc: Fix stale node accesses on stale RRQ request\n (bsc#1182574).\n\n - scsi: lpfc: Fix status returned in lpfc_els_retry()\n error exit path (bsc#1182574).\n\n - scsi: lpfc: Fix unnecessary null check in\n lpfc_release_scsi_buf (bsc#1182574).\n\n - scsi: lpfc: Fix use after free in lpfc_els_free_iocb\n (bsc#1182574).\n\n - scsi: lpfc: Fix vport indices in\n lpfc_find_vport_by_vpid() (bsc#1182574).\n\n - scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports\n (bsc#1182574).\n\n - scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8\n changes (bsc#1182574).\n\n - scsi: lpfc: Update lpfc version to 12.8.0.8\n (bsc#1182574).\n\n - scsi: target: pscsi: Avoid OOM in pscsi_map_sg()\n (bsc#1183843).\n\n - scsi: target: pscsi: Clean up after failure in\n pscsi_map_sg() (bsc#1183843).\n\n - selftests/bpf: Mask bpf_csum_diff() return value to 16\n bits in test_verifier (bsc#1155518).\n\n - selftests/bpf: No need to drop the packet when there is\n no geneve opt (bsc#1155518).\n\n - selftests/bpf: Set gopt opt_class to 0 if get tunnel opt\n failed (bsc#1155518).\n\n - selinux: fix error initialization in\n inode_doinit_with_dentry() (git-fixes).\n\n - selinux: Fix error return code in sel_ib_pkey_sid_slow()\n (git-fixes).\n\n - selinux: fix inode_doinit_with_dentry() LABEL_INVALID\n error handling (git-fixes).\n\n - smb3: Fix out-of-bounds bug in SMB2_negotiate()\n (bsc#1183540).\n\n - software node: Fix node registration (git-fixes).\n\n - spi: stm32: make spurious and overrun interrupts visible\n (git-fixes).\n\n - squashfs: fix inode lookup sanity checks (bsc#1183750).\n\n - squashfs: fix xattr id and id lookup sanity checks\n (bsc#1183750).\n\n - staging: bcm2835-audio: Replace unsafe strcpy() with\n strscpy() (git-fixes).\n\n - staging: comedi: addi_apci_1032: Fix endian problem for\n COS sample (git-fixes).\n\n - staging: comedi: addi_apci_1500: Fix endian problem for\n command sample (git-fixes).\n\n - staging: comedi: adv_pci1710: Fix endian problem for AI\n command data (git-fixes).\n\n - staging: comedi: das6402: Fix endian problem for AI\n command data (git-fixes).\n\n - staging: comedi: das800: Fix endian problem for AI\n command data (git-fixes).\n\n - staging: comedi: dmm32at: Fix endian problem for AI\n command data (git-fixes).\n\n - staging: comedi: me4000: Fix endian problem for AI\n command data (git-fixes).\n\n - staging: comedi: pcl711: Fix endian problem for AI\n command data (git-fixes).\n\n - staging: comedi: pcl818: Fix endian problem for AI\n command data (git-fixes).\n\n - staging: fwserial: Fix error handling in fwserial_create\n (git-fixes).\n\n - staging: gdm724x: Fix DMA from stack (git-fixes).\n\n - staging: ks7010: prevent buffer overflow in\n ks_wlan_set_scan() (git-fixes).\n\n - staging: most: sound: add sanity check for function\n argument (git-fixes).\n\n - staging: rtl8188eu: Add Edimax EW-7811UN V2 to device\n table (git-fixes).\n\n - staging: rtl8188eu: fix potential memory corruption in\n rtw_check_beacon_data() (git-fixes).\n\n - staging: rtl8188eu: prevent ->ssid overflow in\n rtw_wx_set_scan() (git-fixes).\n\n - staging: rtl8192e: Change state information from u16 to\n u8 (git-fixes).\n\n - staging: rtl8192e: Fix incorrect source in memcpy()\n (git-fixes).\n\n - staging: rtl8192e: Fix possible buffer overflow in\n _rtl92e_wx_set_scan (git-fixes).\n\n - staging: rtl8192u: fix ->ssid overflow in\n r8192_wx_set_scan() (git-fixes).\n\n - staging: rtl8712: Fix possible buffer overflow in\n r8712_sitesurvey_cmd (git-fixes).\n\n - staging: rtl8712: unterminated string leads to read\n overflow (git-fixes).\n\n - stop_machine: mark helpers __always_inline (git-fixes).\n\n - udlfb: Fix memory leak in dlfb_usb_probe (git-fixes).\n\n - Update bug reference for USB-audio fixes (bsc#1182552\n bsc#1183598)\n\n - USB: cdc-acm: fix double free on probe failure\n (git-fixes).\n\n - USB: cdc-acm: fix use-after-free after probe failure\n (git-fixes).\n\n - USB: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960\n board (git-fixes).\n\n - USB: dwc2: Prevent core suspend when port connection\n flag is 0 (git-fixes).\n\n - USB: dwc3: gadget: Fix dep->interval for fullspeed\n interrupt (git-fixes).\n\n - USB: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1\n (git-fixes).\n\n - USB: dwc3: qcom: Add missing DWC3 OF node refcount\n decrement (git-fixes).\n\n - USB: dwc3: qcom: Honor wakeup enabled/disabled state\n (git-fixes).\n\n - USB: gadget: configfs: Fix KASAN use-after-free\n (git-fixes).\n\n - USB: gadget: f_uac1: stop playback on function disable\n (git-fixes).\n\n - USB: gadget: f_uac2: always increase endpoint\n max_packet_size by one audio slot (git-fixes).\n\n - USB: gadget: udc: amd5536udc_pci fix\n null-ptr-dereference (git-fixes).\n\n - USB: gadget: u_ether: Fix a configfs return code\n (git-fixes).\n\n - USBip: Fix incorrect double assignment to udc->ud.tcp_rx\n (git-fixes).\n\n - USBip: fix stub_dev to check for stream socket\n (git-fixes).\n\n - USBip: fix stub_dev USBip_sockfd_store() races leading\n to gpf (git-fixes).\n\n - USBip: fix vhci_hcd attach_store() races leading to gpf\n (git-fixes).\n\n - USBip: fix vhci_hcd to check for stream socket\n (git-fixes).\n\n - USBip: fix vudc to check for stream socket (git-fixes).\n\n - USBip: fix vudc usbip_sockfd_store races leading to gpf\n (git-fixes).\n\n - USBip: tools: fix build error for multiple definition\n (git-fixes).\n\n - USB: musb: Fix suspend with devices connected for a64\n (git-fixes).\n\n - USB: renesas_usbhs: Clear PIPECFG for re-enabling pipe\n with other EPNUM (git-fixes).\n\n - USB: replace hardcode maximum usb string length by\n definition (git-fixes).\n\n - USB: serial: ch341: add new Product ID (git-fixes).\n\n - USB: serial: cp210x: add ID for Acuity Brands nLight Air\n Adapter (git-fixes).\n\n - USB: serial: cp210x: add some more GE USB IDs\n (git-fixes).\n\n - USB: serial: ftdi_sio: fix FTX sub-integer prescaler\n (git-fixes).\n\n - USB: serial: io_edgeport: fix memory leak in\n edge_startup (git-fixes).\n\n - USB-storage: Add quirk to defeat Kindle's automatic\n unload (git-fixes).\n\n - USB: typec: tcpm: Invoke power_supply_changed for\n tcpm-source-psy- (git-fixes).\n\n - USB: usblp: fix a hang in poll() if disconnected\n (git-fixes).\n\n - USB: xhci: do not perform Soft Retry for some xHCI hosts\n (git-fixes).\n\n - USB: xhci: Fix ASMedia ASM1042A and ASM3242 DMA\n addressing (git-fixes).\n\n - USB: xhci-mtk: fix broken streams issue on 0.96 xHCI\n (git-fixes).\n\n - use __netdev_notify_peers in ibmvnic (bsc#1183871\n ltc#192139).\n\n - video: fbdev: acornfb: remove free_unused_pages()\n (bsc#1152489)\n\n - video: hyperv_fb: Fix a double free in hvfb_probe\n (git-fixes).\n\n - VMCI: Use set_page_dirty_lock() when unregistering guest\n memory (git-fixes).\n\n - vt/consolemap: do font sum unsigned (git-fixes).\n\n - watchdog: mei_wdt: request stop on unregister\n (git-fixes).\n\n - wireguard: device: do not generate ICMP for non-IP\n packets (git-fixes).\n\n - wireguard: kconfig: use arm chacha even with no neon\n (git-fixes).\n\n - wireguard: selftests: test multiple parallel streams\n (git-fixes).\n\n - wlcore: Fix command execute failure 19 for wl12xx\n (git-fixes).\n\n - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task\n (bsc#1152489).\n\n - xen/events: avoid handling the same event on two cpus at\n the same time (git-fixes).\n\n - xen/events: do not unmask an event channel when an eoi\n is pending (git-fixes).\n\n - xen/events: reset affinity of 2-level event when tearing\n it down (git-fixes).\n\n - xen/gnttab: handle p2m update errors on a per-slot basis\n (bsc#1183022 XSA-367).\n\n - xen-netback: respect gnttab_map_refs()'s return value\n (bsc#1183022 XSA-367).\n\n - xfs: group quota should return EDQUOT when prj quota\n enabled (bsc#1180980).\n\n - xhci: Fix repeated xhci wake after suspend due to\n uncleared internal wake state (git-fixes).\n\n - xhci: Improve detection of device initiated wake signal\n (git-fixes).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152489\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153274\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1155518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1156256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1159280\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1160634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1167773\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1168777\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171295\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177326\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1180197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1180980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181383\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181862\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182011\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182552\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182574\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182591\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182595\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182989\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183015\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183277\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183280\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183282\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183283\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183284\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183287\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183288\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183366\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183530\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183696\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183757\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183859\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184196\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184217\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184218\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184219\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184220\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184224\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-rebuild\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-debuginfo-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-debugsource-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-devel-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-devel-debuginfo-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-debuginfo-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-debugsource-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-devel-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-devel-debuginfo-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-devel-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-docs-html-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-debuginfo-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-debugsource-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-devel-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-devel-debuginfo-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-macros-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-obs-build-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-obs-build-debugsource-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-obs-qa-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-debuginfo-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-debugsource-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-devel-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-devel-debuginfo-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-source-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-source-vanilla-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-syms-5.3.18-lp152.69.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-debuginfo / kernel-debug-debugsource / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-15T18:07:49", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc.Security Fix(es):An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.(CVE-2021-30002)A flaw was found in the JFS filesystem code. This flaw allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-27815)An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-35519)There is a flaw reported in drivers/gpu/drm/ nouveau/ nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.(CVE-2021-20292)In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8.(CVE-2021-28972)A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc.(CVE-2021-28964)An issue was discovered in the Linux kernel before 5.11.7.\n usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70.(CVE-2021-29265)A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a system crash problem which can lead to an availability threat.(CVE-2021-3428)BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/ net/bpf_jit_comp.c and arch/x86/ net/bpf_jit_comp32.c.(CVE-2021-29154)A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability.(CVE-2021-20265)In the l2tp subsystem, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-152409173(CVE-2020-27067)A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2021-3483)kernel: memory leak in llcp_sock_connect()(CVE-2020-25672)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-07-16T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : kernel (EulerOS-SA-2021-2221)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25672", "CVE-2020-27067", "CVE-2020-27815", "CVE-2020-35519", "CVE-2021-20265", "CVE-2021-20292", "CVE-2021-28964", "CVE-2021-28972", "CVE-2021-29154", "CVE-2021-29265", "CVE-2021-30002", "CVE-2021-3428", "CVE-2021-3483"], "modified": "2021-07-21T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2221.NASL", "href": "https://www.tenable.com/plugins/nessus/151767", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151767);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/21\");\n\n script_cve_id(\n \"CVE-2020-25672\",\n \"CVE-2020-27067\",\n \"CVE-2020-27815\",\n \"CVE-2020-35519\",\n \"CVE-2021-20265\",\n \"CVE-2021-20292\",\n \"CVE-2021-28964\",\n \"CVE-2021-28972\",\n \"CVE-2021-29154\",\n \"CVE-2021-29265\",\n \"CVE-2021-30002\",\n \"CVE-2021-3428\",\n \"CVE-2021-3483\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : kernel (EulerOS-SA-2021-2221)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):An issue was discovered in\n the Linux kernel before 5.11.3 when a webcam device\n exists. video_usercopy in\n drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak\n for large arguments, aka\n CID-fb18802a338b.(CVE-2021-30002)A flaw was found in\n the JFS filesystem code. This flaw allows a local\n attacker with the ability to set extended attributes to\n panic the system, causing memory corruption or\n escalating privileges. The highest threat from this\n vulnerability is to confidentiality, integrity, as well\n as system availability.(CVE-2020-27815)An out-of-bounds\n (OOB) memory access flaw was found in x25_bind in\n net/x25/af_x25.c in the Linux kernel. A bounds check\n failure allows a local attacker with a user account on\n the system to gain access to out-of-bounds memory,\n leading to a system crash or a leak of internal kernel\n information. The highest threat from this vulnerability\n is to confidentiality, integrity, as well as system\n availability.(CVE-2020-35519)There is a flaw reported\n in drivers/gpu/drm/ nouveau/ nouveau_sgdma.c in\n nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The\n issue results from the lack of validating the existence\n of an object prior to performing operations on the\n object. An attacker with a local account with a root\n privilege, can leverage this vulnerability to escalate\n privileges and execute code in the context of the\n kernel.(CVE-2021-20292)In\n drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux\n kernel through 5.11.8, the RPA PCI Hotplug driver has a\n user-tolerable buffer overflow when writing a new\n device name to the driver from userspace, allowing\n userspace to write data to the kernel stack frame\n directly. This occurs because add_slot_store and\n remove_slot_store mishandle drc_name '\\0' termination,\n aka CID-cc7a0bb058b8.(CVE-2021-28972)A race condition\n was discovered in get_old_root in fs/btrfs/ctree.c in\n the Linux kernel through 5.11.8. It allows attackers to\n cause a denial of service (BUG) because of a lack of\n locking on an extent buffer before a cloning operation,\n aka CID-dbcc7d57bffc.(CVE-2021-28964)An issue was\n discovered in the Linux kernel before 5.11.7.\n usbip_sockfd_store in drivers/usb/usbip/stub_dev.c\n allows attackers to cause a denial of service (GPF)\n because the stub-up sequence has race conditions during\n an update of the local and shared status, aka\n CID-9380afd6df70.(CVE-2021-29265)A flaw was found in\n the Linux kernel. A denial of service problem is\n identified if an extent tree is corrupted in a crafted\n ext4 filesystem in fs/ext4/extents.c in\n ext4_es_cache_extent. Fabricating an integer overflow,\n A local attacker with a special user privilege may\n cause a system crash problem which can lead to an\n availability threat.(CVE-2021-3428)BPF JIT compilers in\n the Linux kernel through 5.11.12 have incorrect\n computation of branch displacements, allowing them to\n execute arbitrary code within the kernel context. This\n affects arch/x86/ net/bpf_jit_comp.c and arch/x86/\n net/bpf_jit_comp32.c.(CVE-2021-29154)A flaw was found\n in the way memory resources were freed in the\n unix_stream_recvmsg function in the Linux kernel when a\n signal was pending. This flaw allows an unprivileged\n local user to crash the system by exhausting available\n memory. The highest threat from this vulnerability is\n to system availability.(CVE-2021-20265)In the l2tp\n subsystem, there is a possible use after free due to a\n race condition. This could lead to local escalation of\n privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-152409173(CVE-2020-27067)A flaw was found in the Nosy\n driver in the Linux kernel. This issue allows a device\n to be inserted twice into a doubly-linked list, leading\n to a use-after-free when one of these devices is\n removed. The highest threat from this vulnerability is\n to confidentiality, integrity, as well as system\n availability.(CVE-2021-3483)kernel: memory leak in\n llcp_sock_connect()(CVE-2020-25672)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2221\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?58d1e260\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-29154\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.5.h576.eulerosv2r7\",\n \"kernel-devel-3.10.0-862.14.1.5.h576.eulerosv2r7\",\n \"kernel-headers-3.10.0-862.14.1.5.h576.eulerosv2r7\",\n \"kernel-tools-3.10.0-862.14.1.5.h576.eulerosv2r7\",\n \"kernel-tools-libs-3.10.0-862.14.1.5.h576.eulerosv2r7\",\n \"perf-3.10.0-862.14.1.5.h576.eulerosv2r7\",\n \"python-perf-3.10.0-862.14.1.5.h576.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-18T14:41:28", "description": "The version of kernel installed on the remote host is prior to 4.14.232-123.381. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1503 advisory.\n\n - An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.\n (CVE-2020-29374)\n\n - A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket. (CVE-2021-23133)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\n - An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations. (CVE-2021-29155)\n\n - kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel. (CVE-2021-31829)\n\n - An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi- device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. (CVE-2021-31916)\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. (CVE-2021-33033)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-05-24T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2021-1503)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-25673", "CVE-2020-29374", "CVE-2021-23133", "CVE-2021-28688", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-29154", "CVE-2021-29155", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-33033"], "modified": "2021-05-24T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2021-1503.NASL", "href": "https://www.tenable.com/plugins/nessus/149872", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2021-1503.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149872);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/24\");\n\n script_cve_id(\n \"CVE-2020-25670\",\n \"CVE-2020-25671\",\n \"CVE-2020-25672\",\n \"CVE-2020-25673\",\n \"CVE-2020-29374\",\n \"CVE-2021-23133\",\n \"CVE-2021-28688\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-29154\",\n \"CVE-2021-29155\",\n \"CVE-2021-31829\",\n \"CVE-2021-31916\",\n \"CVE-2021-33033\"\n );\n script_xref(name:\"ALAS\", value:\"2021-1503\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2021-1503)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 4.14.232-123.381. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS-2021-1503 advisory.\n\n - An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The\n get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider\n the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.\n (CVE-2020-29374)\n\n - A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel\n privilege escalation from the context of a network service or an unprivileged process. If\n sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the\n auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network\n service privileges to escalate to root or from the context of an unprivileged user directly if a\n BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket. (CVE-2021-23133)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use\n uninitialized or stale values. This initialization went too far and may under certain conditions also\n overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking\n persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died,\n leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It\n allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer\n before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some\n Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS\n status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements,\n allowing them to execute arbitrary code within the kernel context. This affects\n arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\n - An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable\n out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer\n arithmetic operations, the pointer modification performed by the first operation is not correctly\n accounted for when restricting subsequent operations. (CVE-2021-29155)\n\n - kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading\n to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not\n protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized\n data that might represent sensitive information previously operated on by the kernel. (CVE-2021-31829)\n\n - An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-\n device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with\n special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or\n a leak of internal kernel information. The highest threat from this vulnerability is to system\n availability. (CVE-2021-31916)\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because\n the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads\n to writing an arbitrary value. (CVE-2021-33033)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2021-1503.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25670\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-23133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-28688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-28964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-28971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-31829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-31916\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-33033\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-29154\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n cve_list = make_list(\"CVE-2020-25670\", \"CVE-2020-25671\", \"CVE-2020-25672\", \"CVE-2020-25673\", \"CVE-2020-29374\", \"CVE-2021-23133\", \"CVE-2021-28688\", \"CVE-2021-28964\", \"CVE-2021-28971\", \"CVE-2021-29154\", \"CVE-2021-29155\", \"CVE-2021-31829\", \"CVE-2021-31916\", \"CVE-2021-33033\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALAS-2021-1503\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\npkgs = [\n {'reference':'kernel-4.14.232-123.381.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.14.232-123.381.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.14.232-123.381.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.14.232-123.381.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-i686-4.14.232-123.381.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-x86_64-4.14.232-123.381.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.232-123.381.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.232-123.381.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.232-123.381.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.232-123.381.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.232-123.381.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.232-123.381.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.14.232-123.381.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.14.232-123.381.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-4.14.232-123.381.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-4.14.232-123.381.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.232-123.381.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.232-123.381.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.14.232-123.381.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.14.232-123.381.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-15T17:01:43", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c. (CVE-2021-26930)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8. (CVE-2021-28972)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-05-27T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : kernel (EulerOS-SA-2022-1780)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26930", "CVE-2021-28688", "CVE-2021-28972", "CVE-2021-3772", "CVE-2022-0492"], "modified": "2022-05-27T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1780.NASL", "href": "https://www.tenable.com/plugins/nessus/161629", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161629);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/27\");\n\n script_cve_id(\n \"CVE-2021-3772\",\n \"CVE-2021-26930\",\n \"CVE-2021-28688\",\n \"CVE-2021-28972\",\n \"CVE-2022-0492\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : kernel (EulerOS-SA-2022-1780)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to\n the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be\n encountered. In one case, an error encountered earlier might be discarded by later processing, resulting\n in the caller assuming successful mapping, and hence subsequent operations trying to access space that\n wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery\n from the error. This affects drivers/block/xen-blkback/blkback.c. (CVE-2021-26930)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use\n uninitialized or stale values. This initialization went too far and may under certain conditions also\n overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking\n persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died,\n leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has\n a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing\n userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and\n remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8. (CVE-2021-28972)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP\n association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and\n the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the\n kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups\n v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1780\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2ac9c210\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28972\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-0492\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"kernel-4.18.0-147.5.1.6.h689.eulerosv2r9\",\n \"kernel-tools-4.18.0-147.5.1.6.h689.eulerosv2r9\",\n \"kernel-tools-libs-4.18.0-147.5.1.6.h689.eulerosv2r9\",\n \"python3-perf-4.18.0-147.5.1.6.h689.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-18T14:39:59", "description": "The version of kernel installed on the remote host is prior to 4.14.231-173.360. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1627 advisory.\n\n - A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41.\n (CVE-2019-19060)\n\n - kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks. (CVE-2019-7308)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d. (CVE-2020-27171)\n\n - rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base. (CVE-2021-28660)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8. (CVE-2021-28972)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\n - An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70.\n (CVE-2021-29265)\n\n - An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624. (CVE-2021-29647)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-04-22T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALAS-2021-1627)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19060", "CVE-2019-7308", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-27171", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28964", "CVE-2021-28972", "CVE-2021-29154", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-3483"], "modified": "2021-04-23T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-livepatch-4.14.231-173.360", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2021-1627.NASL", "href": "https://www.tenable.com/plugins/nessus/148919", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2021-1627.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148919);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/23\");\n\n script_cve_id(\n \"CVE-2019-7308\",\n \"CVE-2019-19060\",\n \"CVE-2020-25670\",\n \"CVE-2020-25671\",\n \"CVE-2020-25672\",\n \"CVE-2020-27171\",\n \"CVE-2021-3483\",\n \"CVE-2021-28660\",\n \"CVE-2021-28688\",\n \"CVE-2021-28964\",\n \"CVE-2021-28972\",\n \"CVE-2021-29154\",\n \"CVE-2021-29265\",\n \"CVE-2021-29647\"\n );\n script_xref(name:\"ALAS\", value:\"2021-1627\");\n\n script_name(english:\"Amazon Linux 2 : kernel (ALAS-2021-1627)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 4.14.231-173.360. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2-2021-1627 advisory.\n\n - A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel\n before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41.\n (CVE-2019-19060)\n\n - kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on\n pointer arithmetic in various cases, including cases of different branches with different state or limits\n to sanitize, leading to side-channel attacks. (CVE-2019-7308)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error\n (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to\n side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory,\n aka CID-10d2bb2e6b1d. (CVE-2020-27171)\n\n - rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6\n allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases,\n CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may\n have situations in which a drivers/staging issue is relevant to their own customer base. (CVE-2021-28660)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use\n uninitialized or stale values. This initialization went too far and may under certain conditions also\n overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking\n persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died,\n leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It\n allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer\n before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has\n a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing\n userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and\n remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8. (CVE-2021-28972)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements,\n allowing them to execute arbitrary code within the kernel context. This affects\n arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\n - An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in\n drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up\n sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70.\n (CVE-2021-29265)\n\n - An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows\n attackers to obtain sensitive information from kernel memory because of a partially uninitialized data\n structure, aka CID-50535249f624. (CVE-2021-29647)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2021-1627.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19060\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-7308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25670\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27171\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-28660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-28688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-28964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-28972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29265\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3483\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-29154\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-4.14.231-173.360\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n cve_list = make_list(\"CVE-2019-7308\", \"CVE-2019-19060\", \"CVE-2020-25670\", \"CVE-2020-25671\", \"CVE-2020-25672\", \"CVE-2020-27171\", \"CVE-2021-3483\", \"CVE-2021-28660\", \"CVE-2021-28688\", \"CVE-2021-28964\", \"CVE-2021-28972\", \"CVE-2021-29154\", \"CVE-2021-29265\", \"CVE-2021-29647\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALAS-2021-1627\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\npkgs = [\n {'reference':'kernel-4.14.231-173.360.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.14.231-173.360.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.14.231-173.360.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.14.231-173.360.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-aarch64-4.14.231-173.360.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-x86_64-4.14.231-173.360.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.231-173.360.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.231-173.360.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.231-173.360.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.231-173.360.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.231-173.360.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-livepatch-4.14.231-173.360-1.0-0.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.231-173.360.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.231-173.360.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.14.231-173.360.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.14.231-173.360.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-4.14.231-173.360.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-4.14.231-173.360.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.231-173.360.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.231-173.360.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.14.231-173.360.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.14.231-173.360.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.231-173.360.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.231-173.360.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-debuginfo-4.14.231-173.360.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-debuginfo-4.14.231-173.360.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:58:47", "description": "The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170).\n\nCVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485).\n\nCVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167).\n\nCVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168).\n\nCVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198).\n\nCVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ).\n\nCVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193).\n\nCVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).\n\nCVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ).\n\nCVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022).\n\nCVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715).\n\nCVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717).\n\nCVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716).\n\nCVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696).\n\nCVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454).\n\nCVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775).\n\nCVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686).\n\nCVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843).\n\nCVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753).\n\nCVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747).\n\nCVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428).\n\nCVE-2020-0433: Fixed a use after free due to improper locking which could have led to local escalation of privilege (bsc#1176720).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-04-14T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1175-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0433", "CVE-2020-27170", "CVE-2020-27171", "CVE-2020-27815", "CVE-2020-29368", "CVE-2020-29374", "CVE-2020-35519", "CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-28038", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972", "CVE-2021-29264", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-3428", "CVE-2021-3444"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-base", "p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debugsource", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-1175-1.NASL", "href": "https://www.tenable.com/plugins/nessus/148509", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:1175-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148509);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-0433\",\n \"CVE-2020-27170\",\n \"CVE-2020-27171\",\n \"CVE-2020-27815\",\n \"CVE-2020-29368\",\n \"CVE-2020-29374\",\n \"CVE-2020-35519\",\n \"CVE-2021-3428\",\n \"CVE-2021-3444\",\n \"CVE-2021-26930\",\n \"CVE-2021-26931\",\n \"CVE-2021-26932\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\",\n \"CVE-2021-28038\",\n \"CVE-2021-28660\",\n \"CVE-2021-28688\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-28972\",\n \"CVE-2021-29264\",\n \"CVE-2021-29265\",\n \"CVE-2021-29647\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1175-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3444: Fixed an issue with the bpf verifier which did not\nproperly handle mod32 destination register truncation when the source\nregister was known to be 0 leading to out of bounds read\n(bsc#1184170).\n\nCVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent\n(bsc#1173485).\n\nCVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have\nallowed attackers to obtain sensitive information from kernel memory\nbecause of a partially uninitialized data structure (bsc#1184192 ).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have\nallowed attackers to cause a denial of service due to race conditions\nduring an update of the local and shared status (bsc#1184167).\n\nCVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet\ndriver which could have allowed attackers to cause a system crash due\nto a calculation of negative fragment size (bsc#1184168).\n\nCVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a\nnew device name to the driver from userspace, allowing userspace to\nwrite data to the kernel stack frame directly (bsc#1184198).\n\nCVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could\nhave caused a system crash because the PEBS status in a PEBS record\nwas mishandled (bsc#1184196 ).\n\nCVE-2021-28964: Fixed a race condition in get_old_root which could\nhave allowed attackers to cause a denial of service (bsc#1184193).\n\nCVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).\n\nCVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan\n(bsc#1183593 ).\n\nCVE-2021-28038: Fixed an issue with the netback driver which was\nlacking necessary treatment of errors such as failed memory\nallocations (bsc#1183022).\n\nCVE-2021-27365: Fixed an issue where an unprivileged user can send a\nNetlink message that is associated with iSCSI, and has a length up to\nthe maximum length of a Netlink message (bsc#1182715).\n\nCVE-2021-27364: Fixed an issue where an attacker could craft Netlink\nmessages (bsc#1182717).\n\nCVE-2021-27363: Fixed a kernel pointer leak which could have been used\nto determine the address of the iscsi_transport structure\n(bsc#1182716).\n\nCVE-2020-35519: Fixed an out-of-bounds memory access was found in\nx25_bind (bsc#1183696).\n\nCVE-2020-27815: Fixed an issue in JFS filesystem where could have\nallowed an attacker to execute code (bsc#1179454).\n\nCVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds\nspeculation on pointer arithmetic, leading to side-channel attacks\nthat defeat Spectre mitigations and obtain sensitive information from\nkernel memory (bsc#1183775).\n\nCVE-2020-27170: Fixed potential side-channel attacks that defeat\nSpectre mitigations and obtain sensitive information from kernel\nmemory (bsc#1183686).\n\nCVE-2021-26930: Fixed an improper error handling in blkback's grant\nmapping (XSA-365 bsc#1181843).\n\nCVE-2021-26931: Fixed an issue where Linux kernel was treating grant\nmapping errors as bugs (XSA-362 bsc#1181753).\n\nCVE-2021-26932: Fixed improper error handling issues in Linux grant\nmapping (XSA-361 bsc#1181747).\n\nCVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write\nimplementation which could have granted unintended write access\nbecause of a race condition in a THP mapcount check (bsc#1179660,\nbsc#1179428).\n\nCVE-2020-0433: Fixed a use after free due to improper locking which\ncould have led to local escalation of privilege (bsc#1176720).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104270\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109837\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175165\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179243\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180846\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181515\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181747\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181753\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182175\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183379\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183380\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183416\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184114\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0433/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27170/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27171/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27815/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29368/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29374/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35519/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26930/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26931/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26932/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27363/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27364/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27365/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28038/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28688/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28964/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28971/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28972/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29264/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29265/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29647/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3428/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3444/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20211175-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f99314b7\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1175=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28972\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3444\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-4.12.14-16.50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-base-4.12.14-16.50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-base-debuginfo-4.12.14-16.50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-debuginfo-4.12.14-16.50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-debugsource-4.12.14-16.50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-devel-4.12.14-16.50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-syms-azure-4.12.14-16.50.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T15:02:05", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - There is a flaw reported in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.(CVE-2021-20292)\n\n - An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.(CVE-2021-30002)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6.(CVE-2021-28971)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc.(CVE-2021-28964)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.(CVE-2021-29154)\n\n - An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6.(CVE-2021-29264)\n\n - An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-35519)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d.(CVE-2020-27171)\n\n - rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work) however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.(CVE-2021-28660)\n\n - An issue was discovered in the Linux kernel before 5.8.\n arch/x86/kvm/svm/svm.c allows a set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52.(CVE-2020-36310)\n\n - An issue was discovered in the Linux kernel before 5.7.\n The KVM subsystem allows out-of-range access to memslots after a deletion, aka CID-0774a964ef56. This affects arch/s390/kvm/kvm-s390.c, include/linux/kvm_host.h, and virt/kvm/kvm_main.c.(CVE-2020-36313)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.(CVE-2021-29650)\n\n - An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624.(CVE-2021-29647)\n\n - A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2021-3483)\n\n - A race condition was found in the Linux kernel in sctp_destroy_sock. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock held and sp->do_auto_asconf is true, then an element is removed from the auto_asconf_splist without any proper locking.\n This can lead to kernel privilege escalation from the context of a network service or from an unprivileged process if certain conditions are met.(CVE-2021-23133)\n\n - An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.(CVE-2020-36322)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-06-04T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.0 : kernel (EulerOS-SA-2021-1971)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27171", "CVE-2020-35519", "CVE-2020-36310", "CVE-2020-36313", "CVE-2020-36322", "CVE-2021-20292", "CVE-2021-23133", "CVE-2021-28660", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-29154", "CVE-2021-29264", "CVE-2021-29647", "CVE-2021-29650", "CVE-2021-30002", "CVE-2021-3483"], "modified": "2021-06-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "cpe:/o:huawei:euleros:uvp:2.9.0"], "id": "EULEROS_SA-2021-1971.NASL", "href": "https://www.tenable.com/plugins/nessus/150253", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150253);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/08\");\n\n script_cve_id(\n \"CVE-2020-27171\",\n \"CVE-2020-35519\",\n \"CVE-2020-36310\",\n \"CVE-2020-36313\",\n \"CVE-2020-36322\",\n \"CVE-2021-20292\",\n \"CVE-2021-23133\",\n \"CVE-2021-28660\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-29154\",\n \"CVE-2021-29264\",\n \"CVE-2021-29647\",\n \"CVE-2021-29650\",\n \"CVE-2021-30002\",\n \"CVE-2021-3483\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.9.0 : kernel (EulerOS-SA-2021-1971)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - There is a flaw reported in\n drivers/gpu/drm/nouveau/nouveau_sgdma.c in\n nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The\n issue results from the lack of validating the existence\n of an object prior to performing operations on the\n object. An attacker with a local account with a root\n privilege, can leverage this vulnerability to escalate\n privileges and execute code in the context of the\n kernel.(CVE-2021-20292)\n\n - An issue was discovered in the Linux kernel before\n 5.11.3 when a webcam device exists. video_usercopy in\n drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak\n for large arguments, aka\n CID-fb18802a338b.(CVE-2021-30002)\n\n - In intel_pmu_drain_pebs_nhm in\n arch/x86/events/intel/ds.c in the Linux kernel through\n 5.11.8 on some Haswell CPUs, userspace applications\n (such as perf-fuzzer) can cause a system crash because\n the PEBS status in a PEBS record is mishandled, aka\n CID-d88d05a9e0b6.(CVE-2021-28971)\n\n - A race condition was discovered in get_old_root in\n fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It\n allows attackers to cause a denial of service (BUG)\n because of a lack of locking on an extent buffer before\n a cloning operation, aka\n CID-dbcc7d57bffc.(CVE-2021-28964)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12\n have incorrect computation of branch displacements,\n allowing them to execute arbitrary code within the\n kernel context. This affects\n arch/x86/net/bpf_jit_comp.c and\n arch/x86/net/bpf_jit_comp32.c.(CVE-2021-29154)\n\n - An issue was discovered in the Linux kernel through\n 5.11.10. drivers/net/ethernet/freescale/gianfar.c in\n the Freescale Gianfar Ethernet driver allows attackers\n to cause a system crash because a negative fragment\n size is calculated in situations involving an rx queue\n overrun when jumbo packets are used and NAPI is\n enabled, aka CID-d8861bab48b6.(CVE-2021-29264)\n\n - An out-of-bounds (OOB) memory access flaw was found in\n x25_bind in net/x25/af_x25.c in the Linux kernel. A\n bounds check failure allows a local attacker with a\n user account on the system to gain access to\n out-of-bounds memory, leading to a system crash or a\n leak of internal kernel information. The highest threat\n from this vulnerability is to confidentiality,\n integrity, as well as system\n availability.(CVE-2020-35519)\n\n - An issue was discovered in the Linux kernel before\n 5.11.8. kernel/bpf/verifier.c has an off-by-one error\n (with a resultant integer underflow) affecting\n out-of-bounds speculation on pointer arithmetic,\n leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from\n kernel memory, aka CID-10d2bb2e6b1d.(CVE-2020-27171)\n\n - rtw_wx_set_scan in\n drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the\n Linux kernel through 5.11.6 allows writing beyond the\n end of the ->ssid[] array. NOTE: from the perspective\n of kernel.org releases, CVE IDs are not normally used\n for drivers/staging/* (unfinished work) however, system\n integrators may have situations in which a\n drivers/staging issue is relevant to their own customer\n base.(CVE-2021-28660)\n\n - An issue was discovered in the Linux kernel before 5.8.\n arch/x86/kvm/svm/svm.c allows a set_memory_region_test\n infinite loop for certain nested page faults, aka\n CID-e72436bc3a52.(CVE-2020-36310)\n\n - An issue was discovered in the Linux kernel before 5.7.\n The KVM subsystem allows out-of-range access to\n memslots after a deletion, aka CID-0774a964ef56. This\n affects arch/s390/kvm/kvm-s390.c,\n include/linux/kvm_host.h, and\n virt/kvm/kvm_main.c.(CVE-2020-36313)\n\n - An issue was discovered in the Linux kernel before\n 5.11.11. The netfilter subsystem allows attackers to\n cause a denial of service (panic) because\n net/netfilter/x_tables.c and\n include/linux/netfilter/x_tables.h lack a full memory\n barrier upon the assignment of a new table value, aka\n CID-175e476b8cdf.(CVE-2021-29650)\n\n - An issue was discovered in the Linux kernel before\n 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows\n attackers to obtain sensitive information from kernel\n memory because of a partially uninitialized data\n structure, aka CID-50535249f624.(CVE-2021-29647)\n\n - A flaw was found in the Nosy driver in the Linux\n kernel. This issue allows a device to be inserted twice\n into a doubly-linked list, leading to a use-after-free\n when one of these devices is removed. The highest\n threat from this vulnerability is to confidentiality,\n integrity, as well as system\n availability.(CVE-2021-3483)\n\n - A race condition was found in the Linux kernel in\n sctp_destroy_sock. If sctp_destroy_sock is called\n without sock_net(sk)->sctp.addr_wq_lock held and\n sp->do_auto_asconf is true, then an element is removed\n from the auto_asconf_splist without any proper locking.\n This can lead to kernel privilege escalation from the\n context of a network service or from an unprivileged\n process if certain conditions are met.(CVE-2021-23133)\n\n - An issue was discovered in the FUSE filesystem\n implementation in the Linux kernel before 5.10.6, aka\n CID-5d069dbe8aaf. fuse_do_getattr() calls\n make_bad_inode() in inappropriate situations, causing a\n system crash. NOTE: the original fix for this\n vulnerability was incomplete, and its incompleteness is\n tracked as CVE-2021-28950.(CVE-2020-36322)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1971\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?221a799c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-29154\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.18.0-147.5.1.6.h451.eulerosv2r9\",\n \"kernel-tools-4.18.0-147.5.1.6.h451.eulerosv2r9\",\n \"kernel-tools-libs-4.18.0-147.5.1.6.h451.eulerosv2r9\",\n \"perf-4.18.0-147.5.1.6.h451.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T15:03:15", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - There is a flaw reported in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.(CVE-2021-20292)\n\n - A flaw memory leak in the Linux kernel webcam device functionality was found in the way user calls ioctl that triggers video_usercopy function. The highest threat from this vulnerability is to system availability.(CVE-2021-30002)\n\n - A flaw was found in the Linux kernel. The usbip driver allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status. The highest threat from this vulnerability is to system availability.(CVE-2021-29265)\n\n - A flaw in the Linux kernels implementation of the RPA PCI Hotplug driver for power-pc. A user with permissions to write to the sysfs settings for this driver can trigger a buffer overflow when writing a new device name to the driver from userspace, overwriting data in the kernel's stack.(CVE-2021-28972)\n\n - rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work) however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.(CVE-2021-28660)\n\n - A race condition flaw was found in get_old_root in fs/btrfs/ctree.c in the Linux kernel in btrfs file-system. This flaw allows a local attacker with a special user privilege to cause a denial of service due to not locking an extent buffer before a cloning operation. The highest threat from this vulnerability is to system availability.(CVE-2021-28964)\n\n - A flaw was found in the Linux kernel. This flaw allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure. The highest threat from this vulnerability is to confidentiality.(CVE-2021-29647)\n\n - A flaw was found in the Linux kernel. The Freescale Gianfar Ethernet driver allows attackers to cause a system crash due to a negative fragment size calculated in situations involving an RX queue overrun when jumbo packets are used and NAPI is enabled. The highest threat from this vulnerability is to data integrity and system availability.(CVE-2021-29264)\n\n - An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-35519)\n\n - A flaw was found in the Linux kernels eBPF verification code. By default accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. A flaw that triggers Integer underflow when restricting speculative pointer arithmetic allows unprivileged local users to leak the content of kernel memory. The highest threat from this vulnerability is to data confidentiality.(CVE-2020-27171)\n\n - A flaw was found in the Linux kernels eBPF verification code. By default accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. A local user with the ability to insert eBPF instructions can use the eBPF verifier to abuse a spectre like flaw where they can infer all system memory.(CVE-2020-27170)\n\n - A flaw was found in the Linux kernels eBPF implementation. By default, accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. A local user with the ability to insert eBPF instructions can abuse a flaw in eBPF to corrupt memory. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2021-29154)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11.(CVE-2021-28688)\n\n - A denial-of-service (DoS) flaw was identified in the Linux kernel due to an incorrect memory barrier in xt_replace_table in net/netfilter/x_tables.c in the netfilter subsystem.(CVE-2021-29650)\n\n - A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2021-3483)\n\n - A use-after-free flaw was found in the Linux kernel's SCTP socket functionality that triggers a race condition. This flaw allows a local user to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2021-23133)\n\n - A denial of service flaw was found in fuse_do_getattr in fs/fuse/dir.c in the kernel side of the FUSE filesystem in the Linux kernel. A local user could use this flaw to crash the system.(CVE-2020-36322)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-06-04T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.1 : kernel (EulerOS-SA-2021-1967)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27170", "CVE-2020-27171", "CVE-2020-35519", "CVE-2020-36322", "CVE-2021-20292", "CVE-2021-23133", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28964", "CVE-2021-28972", "CVE-2021-29154", "CVE-2021-29264", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-29650", "CVE-2021-30002", "CVE-2021-3483"], "modified": "2021-06-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "cpe:/o:huawei:euleros:uvp:2.9.1"], "id": "EULEROS_SA-2021-1967.NASL", "href": "https://www.tenable.com/plugins/nessus/150271", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150271);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/08\");\n\n script_cve_id(\n \"CVE-2020-27170\",\n \"CVE-2020-27171\",\n \"CVE-2020-35519\",\n \"CVE-2020-36322\",\n \"CVE-2021-20292\",\n \"CVE-2021-23133\",\n \"CVE-2021-28660\",\n \"CVE-2021-28688\",\n \"CVE-2021-28964\",\n \"CVE-2021-28972\",\n \"CVE-2021-29154\",\n \"CVE-2021-29264\",\n \"CVE-2021-29265\",\n \"CVE-2021-29647\",\n \"CVE-2021-29650\",\n \"CVE-2021-30002\",\n \"CVE-2021-3483\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.9.1 : kernel (EulerOS-SA-2021-1967)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - There is a flaw reported in\n drivers/gpu/drm/nouveau/nouveau_sgdma.c in\n nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The\n issue results from the lack of validating the existence\n of an object prior to performing operations on the\n object. An attacker with a local account with a root\n privilege, can leverage this vulnerability to escalate\n privileges and execute code in the context of the\n kernel.(CVE-2021-20292)\n\n - A flaw memory leak in the Linux kernel webcam device\n functionality was found in the way user calls ioctl\n that triggers video_usercopy function. The highest\n threat from this vulnerability is to system\n availability.(CVE-2021-30002)\n\n - A flaw was found in the Linux kernel. The usbip driver\n allows attackers to cause a denial of service (GPF)\n because the stub-up sequence has race conditions during\n an update of the local and shared status. The highest\n threat from this vulnerability is to system\n availability.(CVE-2021-29265)\n\n - A flaw in the Linux kernels implementation of the RPA\n PCI Hotplug driver for power-pc. A user with\n permissions to write to the sysfs settings for this\n driver can trigger a buffer overflow when writing a new\n device name to the driver from userspace, overwriting\n data in the kernel's stack.(CVE-2021-28972)\n\n - rtw_wx_set_scan in\n drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the\n Linux kernel through 5.11.6 allows writing beyond the\n end of the ->ssid[] array. NOTE: from the perspective\n of kernel.org releases, CVE IDs are not normally used\n for drivers/staging/* (unfinished work) however, system\n integrators may have situations in which a\n drivers/staging issue is relevant to their own customer\n base.(CVE-2021-28660)\n\n - A race condition flaw was found in get_old_root in\n fs/btrfs/ctree.c in the Linux kernel in btrfs\n file-system. This flaw allows a local attacker with a\n special user privilege to cause a denial of service due\n to not locking an extent buffer before a cloning\n operation. The highest threat from this vulnerability\n is to system availability.(CVE-2021-28964)\n\n - A flaw was found in the Linux kernel. This flaw allows\n attackers to obtain sensitive information from kernel\n memory because of a partially uninitialized data\n structure. The highest threat from this vulnerability\n is to confidentiality.(CVE-2021-29647)\n\n - A flaw was found in the Linux kernel. The Freescale\n Gianfar Ethernet driver allows attackers to cause a\n system crash due to a negative fragment size calculated\n in situations involving an RX queue overrun when jumbo\n packets are used and NAPI is enabled. The highest\n threat from this vulnerability is to data integrity and\n system availability.(CVE-2021-29264)\n\n - An out-of-bounds (OOB) memory access flaw was found in\n x25_bind in net/x25/af_x25.c in the Linux kernel. A\n bounds check failure allows a local attacker with a\n user account on the system to gain access to\n out-of-bounds memory, leading to a system crash or a\n leak of internal kernel information. The highest threat\n from this vulnerability is to confidentiality,\n integrity, as well as system\n availability.(CVE-2020-35519)\n\n - A flaw was found in the Linux kernels eBPF verification\n code. By default accessing the eBPF verifier is only\n accessible to privileged users with CAP_SYS_ADMIN. A\n flaw that triggers Integer underflow when restricting\n speculative pointer arithmetic allows unprivileged\n local users to leak the content of kernel memory. The\n highest threat from this vulnerability is to data\n confidentiality.(CVE-2020-27171)\n\n - A flaw was found in the Linux kernels eBPF verification\n code. By default accessing the eBPF verifier is only\n accessible to privileged users with CAP_SYS_ADMIN. A\n local user with the ability to insert eBPF instructions\n can use the eBPF verifier to abuse a spectre like flaw\n where they can infer all system memory.(CVE-2020-27170)\n\n - A flaw was found in the Linux kernels eBPF\n implementation. By default, accessing the eBPF verifier\n is only accessible to privileged users with\n CAP_SYS_ADMIN. A local user with the ability to insert\n eBPF instructions can abuse a flaw in eBPF to corrupt\n memory. The highest threat from this vulnerability is\n to confidentiality, integrity, as well as system\n availability.(CVE-2021-29154)\n\n - The fix for XSA-365 includes initialization of pointers\n such that subsequent cleanup code wouldn't use\n uninitialized or stale values. This initialization went\n too far and may under certain conditions also overwrite\n pointers which are in need of cleaning up. The lack of\n cleanup would result in leaking persistent grants. The\n leak in turn would prevent fully cleaning up after a\n respective guest has died, leaving around zombie\n domains. All Linux versions having the fix for XSA-365\n applied are vulnerable. XSA-365 was classified to\n affect versions back to at least 3.11.(CVE-2021-28688)\n\n - A denial-of-service (DoS) flaw was identified in the\n Linux kernel due to an incorrect memory barrier in\n xt_replace_table in net/netfilter/x_tables.c in the\n netfilter subsystem.(CVE-2021-29650)\n\n - A flaw was found in the Nosy driver in the Linux\n kernel. This issue allows a device to be inserted twice\n into a doubly-linked list, leading to a use-after-free\n when one of these devices is removed. The highest\n threat from this vulnerability is to confidentiality,\n integrity, as well as system\n availability.(CVE-2021-3483)\n\n - A use-after-free flaw was found in the Linux kernel's\n SCTP socket functionality that triggers a race\n condition. This flaw allows a local user to escalate\n their privileges on the system. The highest threat from\n this vulnerability is to confidentiality, integrity, as\n well as system availability.(CVE-2021-23133)\n\n - A denial of service flaw was found in fuse_do_getattr\n in fs/fuse/dir.c in the kernel side of the FUSE\n filesystem in the Linux kernel. A local user could use\n this flaw to crash the system.(CVE-2020-36322)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1967\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bd8d5d51\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-29154\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.90-vhulk2103.1.0.h462.eulerosv2r9\",\n \"kernel-tools-4.19.90-vhulk2103.1.0.h462.eulerosv2r9\",\n \"kernel-tools-libs-4.19.90-vhulk2103.1.0.h462.eulerosv2r9\",\n \"perf-4.19.90-vhulk2103.1.0.h462.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-15T18:07:08", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-35519)\n\n - A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2021-3483)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit.(CVE-2020-27170)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc.(CVE-2021-28964)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d.(CVE-2020-27171)\n\n - rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work) however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.(CVE-2021-28660)\n\n - An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.(CVE-2021-30002)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.(CVE-2021-29650)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.(CVE-2021-29154)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11.(CVE-2021-28688)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8.(CVE-2021-28972)\n\n - An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624.(CVE-2021-29647)\n\n - There is a flaw reported in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.(CVE-2021-20292)\n\n - An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70.(CVE-2021-29265)\n\n - An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6.(CVE-2021-29264)\n\n - An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.(CVE-2020-36322)\n\n - A race condition was found in the Linux kernel in sctp_destroy_sock. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock held and sp->do_auto_asconf is true, then an element is removed from the auto_asconf_splist without any proper locking.\n This can lead to kernel privilege escalation from the context of a network service or from an unprivileged process if certain conditions are met.(CVE-2021-23133)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-07-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-2062)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27170", "CVE-2020-27171", "CVE-2020-35519", "CVE-2020-36322", "CVE-2021-20292", "CVE-2021-23133", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28972", "CVE-2021-29154", "CVE-2021-29264", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-29650", "CVE-2021-30002", "CVE-2021-3483"], "modified": "2021-07-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2062.NASL", "href": "https://www.tenable.com/plugins/nessus/151240", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151240);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/06\");\n\n script_cve_id(\n \"CVE-2020-27170\",\n \"CVE-2020-27171\",\n \"CVE-2020-35519\",\n \"CVE-2020-36322\",\n \"CVE-2021-20292\",\n \"CVE-2021-23133\",\n \"CVE-2021-28660\",\n \"CVE-2021-28688\",\n \"CVE-2021-28964\",\n \"CVE-2021-28972\",\n \"CVE-2021-29154\",\n \"CVE-2021-29264\",\n \"CVE-2021-29265\",\n \"CVE-2021-29647\",\n \"CVE-2021-29650\",\n \"CVE-2021-30002\",\n \"CVE-2021-3483\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-2062)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An out-of-bounds (OOB) memory access flaw was found in\n x25_bind in net/x25/af_x25.c in the Linux kernel. A\n bounds check failure allows a local attacker with a\n user account on the system to gain access to\n out-of-bounds memory, leading to a system crash or a\n leak of internal kernel information. The highest threat\n from this vulnerability is to confidentiality,\n integrity, as well as system\n availability.(CVE-2020-35519)\n\n - A flaw was found in the Nosy driver in the Linux\n kernel. This issue allows a device to be inserted twice\n into a doubly-linked list, leading to a use-after-free\n when one of these devices is removed. The highest\n threat from this vulnerability is to confidentiality,\n integrity, as well as system\n availability.(CVE-2021-3483)\n\n - An issue was discovered in the Linux kernel before\n 5.11.8. kernel/bpf/verifier.c performs undesirable\n out-of-bounds speculation on pointer arithmetic,\n leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from\n kernel memory, aka CID-f232326f6966. This affects\n pointer types that do not define a\n ptr_limit.(CVE-2020-27170)\n\n - A race condition was discovered in get_old_root in\n fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It\n allows attackers to cause a denial of service (BUG)\n because of a lack of locking on an extent buffer before\n a cloning operation, aka\n CID-dbcc7d57bffc.(CVE-2021-28964)\n\n - An issue was discovered in the Linux kernel before\n 5.11.8. kernel/bpf/verifier.c has an off-by-one error\n (with a resultant integer underflow) affecting\n out-of-bounds speculation on pointer arithmetic,\n leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from\n kernel memory, aka CID-10d2bb2e6b1d.(CVE-2020-27171)\n\n - rtw_wx_set_scan in\n drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the\n Linux kernel through 5.11.6 allows writing beyond the\n end of the ->ssid[] array. NOTE: from the perspective\n of kernel.org releases, CVE IDs are not normally used\n for drivers/staging/* (unfinished work) however, system\n integrators may have situations in which a\n drivers/staging issue is relevant to their own customer\n base.(CVE-2021-28660)\n\n - An issue was discovered in the Linux kernel before\n 5.11.3 when a webcam device exists. video_usercopy in\n drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak\n for large arguments, aka\n CID-fb18802a338b.(CVE-2021-30002)\n\n - An issue was discovered in the Linux kernel before\n 5.11.11. The netfilter subsystem allows attackers to\n cause a denial of service (panic) because\n net/netfilter/x_tables.c and\n include/linux/netfilter/x_tables.h lack a full memory\n barrier upon the assignment of a new table value, aka\n CID-175e476b8cdf.(CVE-2021-29650)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12\n have incorrect computation of branch displacements,\n allowing them to execute arbitrary code within the\n kernel context. This affects\n arch/x86/net/bpf_jit_comp.c and\n arch/x86/net/bpf_jit_comp32.c.(CVE-2021-29154)\n\n - The fix for XSA-365 includes initialization of pointers\n such that subsequent cleanup code wouldn't use\n uninitialized or stale values. This initialization went\n too far and may under certain conditions also overwrite\n pointers which are in need of cleaning up. The lack of\n cleanup would result in leaking persistent grants. The\n leak in turn would prevent fully cleaning up after a\n respective guest has died, leaving around zombie\n domains. All Linux versions having the fix for XSA-365\n applied are vulnerable. XSA-365 was classified to\n affect versions back to at least 3.11.(CVE-2021-28688)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux\n kernel through 5.11.8, the RPA PCI Hotplug driver has a\n user-tolerable buffer overflow when writing a new\n device name to the driver from userspace, allowing\n userspace to write data to the kernel stack frame\n directly. This occurs because add_slot_store and\n remove_slot_store mishandle drc_name '\\0' termination,\n aka CID-cc7a0bb058b8.(CVE-2021-28972)\n\n - An issue was discovered in the Linux kernel before\n 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows\n attackers to obtain sensitive information from kernel\n memory because of a partially uninitialized data\n structure, aka CID-50535249f624.(CVE-2021-29647)\n\n - There is a flaw reported in\n drivers/gpu/drm/nouveau/nouveau_sgdma.c in\n nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The\n issue results from the lack of validating the existence\n of an object prior to performing operations on the\n object. An attacker with a local account with a root\n privilege, can leverage this vulnerability to escalate\n privileges and execute code in the context of the\n kernel.(CVE-2021-20292)\n\n - An issue was discovered in the Linux kernel before\n 5.11.7. usbip_sockfd_store in\n drivers/usb/usbip/stub_dev.c allows attackers to cause\n a denial of service (GPF) because the stub-up sequence\n has race conditions during an update of the local and\n shared status, aka CID-9380afd6df70.(CVE-2021-29265)\n\n - An issue was discovered in the Linux kernel through\n 5.11.10. drivers/net/ethernet/freescale/gianfar.c in\n the Freescale Gianfar Ethernet driver allows attackers\n to cause a system crash because a negative fragment\n size is calculated in situations involving an rx queue\n overrun when jumbo packets are used and NAPI is\n enabled, aka CID-d8861bab48b6.(CVE-2021-29264)\n\n - An issue was discovered in the FUSE filesystem\n implementation in the Linux kernel before 5.10.6, aka\n CID-5d069dbe8aaf. fuse_do_getattr() calls\n make_bad_inode() in inappropriate situations, causing a\n system crash. NOTE: the original fix for this\n vulnerability was incomplete, and its incompleteness is\n tracked as CVE-2021-28950.(CVE-2020-36322)\n\n - A race condition was found in the Linux kernel in\n sctp_destroy_sock. If sctp_destroy_sock is called\n without sock_net(sk)->sctp.addr_wq_lock held and\n sp->do_auto_asconf is true, then an element is removed\n from the auto_asconf_splist without any proper locking.\n This can lead to kernel privilege escalation from the\n context of a network service or from an unprivileged\n process if certain conditions are met.(CVE-2021-23133)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2062\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?77303270\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-29154\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.90-vhulk2103.1.0.h462.eulerosv2r9\",\n \"kernel-tools-4.19.90-vhulk2103.1.0.h462.eulerosv2r9\",\n \"kernel-tools-libs-4.19.90-vhulk2103.1.0.h462.eulerosv2r9\",\n \"python3-perf-4.19.90-vhulk2103.1.0.h462.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-15T22:10:35", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70.(CVE-2021-29265)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc.(CVE-2021-28964)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8.(CVE-2021-28972)\n\n - An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d.(CVE-2020-36312)\n\n - An issue was discovered in the Linux kernel before 5.9.\n arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions), aka CID-7be74942f184.(CVE-2020-36311)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.(CVE-2021-29154)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit.(CVE-2020-27170)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d.(CVE-2020-27171)\n\n - An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information.\n The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-35519)\n\n - An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6.(CVE-2021-29264)\n\n - An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624.(CVE-2021-29647)\n\n - An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.(CVE-2020-36322)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.(CVE-2021-27365)\n\n - A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions before kernel 5.12-rc6 are affected(CVE-2021-3483)\n\n - An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.(CVE-2021-30002)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11.(CVE-2021-28688)\n\n - A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket.(CVE-2021-23133)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-06-28T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : kernel (EulerOS-SA-2021-1983)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27170", "CVE-2020-27171", "CVE-2020-35519", "CVE-2020-36311", "CVE-2020-36312", "CVE-2020-36322", "CVE-2021-23133", "CVE-2021-27365", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28972", "CVE-2021-29154", "CVE-2021-29264", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-30002", "CVE-2021-3483"], "modified": "2021-06-30T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bpftool", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-source", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1983.NASL", "href": "https://www.tenable.com/plugins/nessus/151042", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151042);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/30\");\n\n script_cve_id(\n \"CVE-2020-27170\",\n \"CVE-2020-27171\",\n \"CVE-2020-35519\",\n \"CVE-2020-36311\",\n \"CVE-2020-36312\",\n \"CVE-2020-36322\",\n \"CVE-2021-23133\",\n \"CVE-2021-27365\",\n \"CVE-2021-28688\",\n \"CVE-2021-28964\",\n \"CVE-2021-28972\",\n \"CVE-2021-29154\",\n \"CVE-2021-29264\",\n \"CVE-2021-29265\",\n \"CVE-2021-29647\",\n \"CVE-2021-30002\",\n \"CVE-2021-3483\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : kernel (EulerOS-SA-2021-1983)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in the Linux kernel before\n 5.11.7. usbip_sockfd_store in\n drivers/usb/usbip/stub_dev.c allows attackers to cause\n a denial of service (GPF) because the stub-up sequence\n has race conditions during an update of the local and\n shared status, aka CID-9380afd6df70.(CVE-2021-29265)\n\n - A race condition was discovered in get_old_root in\n fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It\n allows attackers to cause a denial of service (BUG)\n because of a lack of locking on an extent buffer before\n a cloning operation, aka\n CID-dbcc7d57bffc.(CVE-2021-28964)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux\n kernel through 5.11.8, the RPA PCI Hotplug driver has a\n user-tolerable buffer overflow when writing a new\n device name to the driver from userspace, allowing\n userspace to write data to the kernel stack frame\n directly. This occurs because add_slot_store and\n remove_slot_store mishandle drc_name '\\0' termination,\n aka CID-cc7a0bb058b8.(CVE-2021-28972)\n\n - An issue was discovered in the Linux kernel before\n 5.8.10. virt/kvm/kvm_main.c has a\n kvm_io_bus_unregister_dev memory leak upon a kmalloc\n failure, aka CID-f65886606c2d.(CVE-2020-36312)\n\n - An issue was discovered in the Linux kernel before 5.9.\n arch/x86/kvm/svm/sev.c allows attackers to cause a\n denial of service (soft lockup) by triggering\n destruction of a large SEV VM (which requires\n unregistering many encrypted regions), aka\n CID-7be74942f184.(CVE-2020-36311)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12\n have incorrect computation of branch displacements,\n allowing them to execute arbitrary code within the\n kernel context. This affects\n arch/x86/net/bpf_jit_comp.c and\n arch/x86/net/bpf_jit_comp32.c.(CVE-2021-29154)\n\n - An issue was discovered in the Linux kernel before\n 5.11.8. kernel/bpf/verifier.c performs undesirable\n out-of-bounds speculation on pointer arithmetic,\n leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from\n kernel memory, aka CID-f232326f6966. This affects\n pointer types that do not define a\n ptr_limit.(CVE-2020-27170)\n\n - An issue was discovered in the Linux kernel before\n 5.11.8. kernel/bpf/verifier.c has an off-by-one error\n (with a resultant integer underflow) affecting\n out-of-bounds speculation on pointer arithmetic,\n leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from\n kernel memory, aka CID-10d2bb2e6b1d.(CVE-2020-27171)\n\n - An out-of-bounds (OOB) memory access flaw was found in\n x25_bind in net/x25/af_x25.c in the Linux kernel\n version v5.12-rc5. A bounds check failure allows a\n local attacker with a user account on the system to\n gain access to out-of-bounds memory, leading to a\n system crash or a leak of internal kernel information.\n The highest threat from this vulnerability is to\n confidentiality, integrity, as well as system\n availability.(CVE-2020-35519)\n\n - An issue was discovered in the Linux kernel through\n 5.11.10. drivers/net/ethernet/freescale/gianfar.c in\n the Freescale Gianfar Ethernet driver allows attackers\n to cause a system crash because a negative fragment\n size is calculated in situations involving an rx queue\n overrun when jumbo packets are used and NAPI is\n enabled, aka CID-d8861bab48b6.(CVE-2021-29264)\n\n - An issue was discovered in the Linux kernel before\n 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows\n attackers to obtain sensitive information from kernel\n memory because of a partially uninitialized data\n structure, aka CID-50535249f624.(CVE-2021-29647)\n\n - An issue was discovered in the FUSE filesystem\n implementation in the Linux kernel before 5.10.6, aka\n CID-5d069dbe8aaf. fuse_do_getattr() calls\n make_bad_inode() in inappropriate situations, causing a\n system crash. NOTE: the original fix for this\n vulnerability was incomplete, and its incompleteness is\n tracked as CVE-2021-28950.(CVE-2020-36322)\n\n - An issue was discovered in the Linux kernel through\n 5.11.3. Certain iSCSI data structures do not have\n appropriate length constraints or checks, and can\n exceed the PAGE_SIZE value. An unprivileged user can\n send a Netlink message that is associated with iSCSI,\n and has a length up to the maximum length of a Netlink\n message.(CVE-2021-27365)\n\n - A flaw was found in the Nosy driver in the Linux\n kernel. This issue allows a device to be inserted twice\n into a doubly-linked list, leading to a use-after-free\n when one of these devices is removed. The highest\n threat from this vulnerability is to confidentiality,\n integrity, as well as system availability. Versions\n before kernel 5.12-rc6 are affected(CVE-2021-3483)\n\n - An issue was discovered in the Linux kernel before\n 5.11.3 when a webcam device exists. video_usercopy in\n drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak\n for large arguments, aka\n CID-fb18802a338b.(CVE-2021-30002)\n\n - The fix for XSA-365 includes initialization of pointers\n such that subsequent cleanup code wouldn't use\n uninitialized or stale values. This initialization went\n too far and may under certain conditions also overwrite\n pointers which are in need of cleaning up. The lack of\n cleanup would result in leaking persistent grants. The\n leak in turn would prevent fully cleaning up after a\n respective guest has died, leaving around zombie\n domains. All Linux versions having the fix for XSA-365\n applied are vulnerable. XSA-365 was classified to\n affect versions back to at least 3.11.(CVE-2021-28688)\n\n - A race condition in Linux kernel SCTP sockets\n (net/sctp/socket.c) before 5.12-rc8 can lead to kernel\n privilege escalation from the context of a network\n service or an unprivileged process. If\n sctp_destroy_sock is called without\n sock_net(sk)->sctp.addr_wq_lock then an element is\n removed from the auto_asconf_splist list without any\n proper locking. This can be exploited by an attacker\n with network service privileges to escalate to root or\n from the context of an unprivileged user directly if a\n BPF_CGROUP_INET_SOCK_CREATE is attached which denies\n creation of some SCTP socket.(CVE-2021-23133)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1983\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e06d7501\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-29154\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"bpftool-4.19.36-vhulk1907.1.0.h1032.eulerosv2r8\",\n \"kernel-4.19.36-vhulk1907.1.0.h1032.eulerosv2r8\",\n \"kernel-devel-4.19.36-vhulk1907.1.0.h1032.eulerosv2r8\",\n \"kernel-headers-4.19.36-vhulk1907.1.0.h1032.eulerosv2r8\",\n \"kernel-source-4.19.36-vhulk1907.1.0.h1032.eulerosv2r8\",\n \"kernel-tools-4.19.36-vhulk1907.1.0.h1032.eulerosv2r8\",\n \"kernel-tools-libs-4.19.36-vhulk1907.1.0.h1032.eulerosv2r8\",\n \"perf-4.19.36-vhulk1907.1.0.h1032.eulerosv2r8\",\n \"python-perf-4.19.36-vhulk1907.1.0.h1032.eulerosv2r8\",\n \"python3-perf-4.19.36-vhulk1907.1.0.h1032.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-15T18:06:45", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2021-3483)\n\n - An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.(CVE-2021-30002)\n\n - An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.(CVE-2020-36322)\n\n - There is a flaw reported in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.(CVE-2021-20292)\n\n - An issue was discovered in the Linux kernel before 5.8.\n arch/x86/kvm/svm/svm.c allows a set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52.(CVE-2020-36310)\n\n - A race condition was found in the Linux kernel in sctp_destroy_sock. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock held and sp->do_auto_asconf is true, then an element is removed from the auto_asconf_splist without any proper locking.\n This can lead to kernel privilege escalation from the context of a network service or from an unprivileged process if certain conditions are met.(CVE-2021-23133)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6.(CVE-2021-28971)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.(CVE-2021-29154)\n\n - An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624.(CVE-2021-29647)\n\n - An issue was discovered in the Linux kernel before 5.7.\n The KVM subsystem allows out-of-range access to memslots after a deletion, aka CID-0774a964ef56. This affects arch/s390/kvm/kvm-s390.c, include/linux/kvm_host.h, and virt/kvm/kvm_main.c.(CVE-2020-36313)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc.(CVE-2021-28964)\n\n - An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6.(CVE-2021-29264)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d.(CVE-2020-27171)\n\n - An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-35519)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.(CVE-2021-29650)\n\n - rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work) however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.(CVE-2021-28660)\n\n - An issue was discovered in the Linux kernel before 5.9.\n arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions), aka CID-7be74942f184.(CVE-2020-36311)\n\n - An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d.(CVE-2020-36312)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-07-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-2051)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27171", "CVE-2020-35519", "CVE-2020-36310", "CVE-2020-36311", "CVE-2020-36312", "CVE-2020-36313", "CVE-2020-36322", "CVE-2021-20292", "CVE-2021-23133", "CVE-2021-28660", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-29154", "CVE-2021-29264", "CVE-2021-29647", "CVE-2021-29650", "CVE-2021-30002", "CVE-2021-3483"], "modified": "2021-07-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2051.NASL", "href": "https://www.tenable.com/plugins/nessus/151238", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151238);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/06\");\n\n script_cve_id(\n \"CVE-2020-27171\",\n \"CVE-2020-35519\",\n \"CVE-2020-36310\",\n \"CVE-2020-36311\",\n \"CVE-2020-36312\",\n \"CVE-2020-36313\",\n \"CVE-2020-36322\",\n \"CVE-2021-20292\",\n \"CVE-2021-23133\",\n \"CVE-2021-28660\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-29154\",\n \"CVE-2021-29264\",\n \"CVE-2021-29647\",\n \"CVE-2021-29650\",\n \"CVE-2021-30002\",\n \"CVE-2021-3483\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-2051)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in the Nosy driver in the Linux\n kernel. This issue allows a device to be inserted twice\n into a doubly-linked list, leading to a use-after-free\n when one of these devices is removed. The highest\n threat from this vulnerability is to confidentiality,\n integrity, as well as system\n availability.(CVE-2021-3483)\n\n - An issue was discovered in the Linux kernel before\n 5.11.3 when a webcam device exists. video_usercopy in\n drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak\n for large arguments, aka\n CID-fb18802a338b.(CVE-2021-30002)\n\n - An issue was discovered in the FUSE filesystem\n implementation in the Linux kernel before 5.10.6, aka\n CID-5d069dbe8aaf. fuse_do_getattr() calls\n make_bad_inode() in inappropriate situations, causing a\n system crash. NOTE: the original fix for this\n vulnerability was incomplete, and its incompleteness is\n tracked as CVE-2021-28950.(CVE-2020-36322)\n\n - There is a flaw reported in\n drivers/gpu/drm/nouveau/nouveau_sgdma.c in\n nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The\n issue results from the lack of validating the existence\n of an object prior to performing operations on the\n object. An attacker with a local account with a root\n privilege, can leverage this vulnerability to escalate\n privileges and execute code in the context of the\n kernel.(CVE-2021-20292)\n\n - An issue was discovered in the Linux kernel before 5.8.\n arch/x86/kvm/svm/svm.c allows a set_memory_region_test\n infinite loop for certain nested page faults, aka\n CID-e72436bc3a52.(CVE-2020-36310)\n\n - A race condition was found in the Linux kernel in\n sctp_destroy_sock. If sctp_destroy_sock is called\n without sock_net(sk)->sctp.addr_wq_lock held and\n sp->do_auto_asconf is true, then an element is removed\n from the auto_asconf_splist without any proper locking.\n This can lead to kernel privilege escalation from the\n context of a network service or from an unprivileged\n process if certain conditions are met.(CVE-2021-23133)\n\n - In intel_pmu_drain_pebs_nhm in\n arch/x86/events/intel/ds.c in the Linux kernel through\n 5.11.8 on some Haswell CPUs, userspace applications\n (such as perf-fuzzer) can cause a system crash because\n the PEBS status in a PEBS record is mishandled, aka\n CID-d88d05a9e0b6.(CVE-2021-28971)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12\n have incorrect computation of branch displacements,\n allowing them to execute arbitrary code within the\n kernel context. This affects\n arch/x86/net/bpf_jit_comp.c and\n arch/x86/net/bpf_jit_comp32.c.(CVE-2021-29154)\n\n - An issue was discovered in the Linux kernel before\n 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows\n attackers to obtain sensitive information from kernel\n memory because of a partially uninitialized data\n structure, aka CID-50535249f624.(CVE-2021-29647)\n\n - An issue was discovered in the Linux kernel before 5.7.\n The KVM subsystem allows out-of-range access to\n memslots after a deletion, aka CID-0774a964ef56. This\n affects arch/s390/kvm/kvm-s390.c,\n include/linux/kvm_host.h, and\n virt/kvm/kvm_main.c.(CVE-2020-36313)\n\n - A race condition was discovered in get_old_root in\n fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It\n allows attackers to cause a denial of service (BUG)\n because of a lack of locking on an extent buffer before\n a cloning operation, aka\n CID-dbcc7d57bffc.(CVE-2021-28964)\n\n - An issue was discovered in the Linux kernel through\n 5.11.10. drivers/net/ethernet/freescale/gianfar.c in\n the Freescale Gianfar Ethernet driver allows attackers\n to cause a system crash because a negative fragment\n size is calculated in situations involving an rx queue\n overrun when jumbo packets are used and NAPI is\n enabled, aka CID-d8861bab48b6.(CVE-2021-29264)\n\n - An issue was discovered in the Linux kernel before\n 5.11.8. kernel/bpf/verifier.c has an off-by-one error\n (with a resultant integer underflow) affecting\n out-of-bounds speculation on pointer arithmetic,\n leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from\n kernel memory, aka CID-10d2bb2e6b1d.(CVE-2020-27171)\n\n - An out-of-bounds (OOB) memory access flaw was found in\n x25_bind in net/x25/af_x25.c in the Linux kernel. A\n bounds check failure allows a local attacker with a\n user account on the system to gain access to\n out-of-bounds memory, leading to a system crash or a\n leak of internal kernel information. The highest threat\n from this vulnerability is to confidentiality,\n integrity, as well as system\n availability.(CVE-2020-35519)\n\n - An issue was discovered in the Linux kernel before\n 5.11.11. The netfilter subsystem allows attackers to\n cause a denial of service (panic) because\n net/netfilter/x_tables.c and\n include/linux/netfilter/x_tables.h lack a full memory\n barrier upon the assignment of a new table value, aka\n CID-175e476b8cdf.(CVE-2021-29650)\n\n - rtw_wx_set_scan in\n drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the\n Linux kernel through 5.11.6 allows writing beyond the\n end of the ->ssid[] array. NOTE: from the perspective\n of kernel.org releases, CVE IDs are not normally used\n for drivers/staging/* (unfinished work) however, system\n integrators may have situations in which a\n drivers/staging issue is relevant to their own customer\n base.(CVE-2021-28660)\n\n - An issue was discovered in the Linux kernel before 5.9.\n arch/x86/kvm/svm/sev.c allows attackers to cause a\n denial of service (soft lockup) by triggering\n destruction of a large SEV VM (which requires\n unregistering many encrypted regions), aka\n CID-7be74942f184.(CVE-2020-36311)\n\n - An issue was discovered in the Linux kernel before\n 5.8.10. virt/kvm/kvm_main.c has a\n kvm_io_bus_unregister_dev memory leak upon a kmalloc\n failure, aka CID-f65886606c2d.(CVE-2020-36312)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2051\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9dbc5945\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-29154\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.18.0-147.5.1.6.h451.eulerosv2r9\",\n \"kernel-tools-4.18.0-147.5.1.6.h451.eulerosv2r9\",\n \"kernel-tools-libs-4.18.0-147.5.1.6.h451.eulerosv2r9\",\n \"python3-perf-4.18.0-147.5.1.6.h451.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-18T14:42:43", "description": "The SUSE Linux Enterprise 15 SP2 kernel RT was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170).\n\n - CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485).\n\n - CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ).\n\n - CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167).\n\n - CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168).\n\n - CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198).\n\n - CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ).\n\n - CVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193).\n\n - CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).\n\n - CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ).\n\n - CVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not prevent user applications from sending kernel RPC messages (bsc#1183596).\n\n - CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022).\n\n - CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715).\n\n - CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717).\n\n - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716).\n\n - CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696).\n\n - CVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454).\n\n - CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775).\n\n - CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686).\n\n - CVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire function (bsc#1159280 ).\n\n - CVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in aa_audit_rule_init() (bsc#1156256).\n\n - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181).\n\n - CVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511).\n\n - CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391).\n\n - CVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120).\n\n - CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393).\n\n - CVE-2020-36310: Fixed infinite loop for certain nested page faults (bsc#1184512).\n\n - CVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509 ).\n\n - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop continually was finding the same bad inode (bsc#1184194).\n\nThe following non-security bugs were fixed :\n\n - 0007-block-add-docs-for-gendisk-request_queue-refcount-h e.patch: (bsc#1171295, git fixes (block drivers)).\n\n - 0008-block-revert-back-to-synchronous-request_queue-remo v.patch: (bsc#1171295, git fixes (block drivers)).\n\n - 0009-blktrace-fix-debugfs-use-after-free.patch:\n (bsc#1171295, git fixes (block drivers)). \n\n - ACPI: bus: Constify is_acpi_node() and friends (part 2) (git-fixes).\n\n - ACPICA: Always create namespace nodes using acpi_ns_create_node() (git-fixes).\n\n - ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383).\n\n - ACPICA: Fix race in generic_serial_bus (I2C) and GPIO op_region parameter handling (git-fixes).\n\n - ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes).\n\n - ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807 (git-fixes).\n\n - ACPI: video: Add missing callback back for Sony VPCEH3U1E (git-fixes).\n\n - ALSA: aloop: Fix initialization of controls (git-fixes).\n\n - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (git-fixes).\n\n - ALSA: hda: Avoid spurious unsol event handling during S3/S4 (git-fixes).\n\n - ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes).\n\n - ALSA: hda: generic: Fix the micmute led init state (git-fixes).\n\n - ALSA: hda/hdmi: Cancel pending works before suspend (git-fixes).\n\n - ALSA: hda/realtek: Add quirk for Clevo NH55RZQ (git-fixes).\n\n - ALSA: hda/realtek: Add quirk for Intel NUC 10 (git-fixes).\n\n - ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike X570 board (git-fixes).\n\n - ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air (git-fixes).\n\n - ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro (git-fixes).\n\n - ALSA: hda/realtek: Enable headset mic of Acer SWIFT with ALC256 (git-fixes).\n\n - ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO (git-fixes).\n\n - ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire E1 (git-fixes).\n\n - ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk (bsc#1182552).\n\n - ALSA: usb-audio: Allow modifying parameters with succeeding hw_params calls (bsc#1182552).\n\n - ALSA: usb-audio: Apply sample rate quirk to Logitech Connect (git-fixes).\n\n - ALSA: usb-audio: Apply the control quirk to Plantronics headsets (bsc#1182552).\n\n - ALSA: usb-audio: Disable USB autosuspend properly in setup_disable_autosuspend() (bsc#1182552).\n\n - ALSA: usb-audio: Do not abort even if the clock rate differs (bsc#1182552).\n\n - ALSA: usb-audio: Drop bogus dB range in too low level (bsc#1182552).\n\n - ALSA: usb-audio: Fix 'cannot get freq eq' errors on Dell AE515 sound bar (bsc#1182552).\n\n - ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe (bsc#1182552).\n\n - ALSA: usb-audio: Fix 'RANGE setting not yet supported' errors (git-fixes).\n\n - ALSA: usb-audio: fix use after free in usb_audio_disconnect (bsc#1182552).\n\n - ALSA: usb-audio: Skip the clock selector inquiry for single connections (git-fixes).\n\n - ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it (git-fixes).\n\n - amd/amdgpu: Disable VCN DPG mode for Picasso (git-fixes).\n\n - apparmor: check/put label on apparmor_sk_clone_security() (git-fixes).\n\n - appletalk: Fix skb allocation size in loopback case (git-fixes).\n\n - arm64: make STACKPROTECTOR_PER_TASK configurable (bsc#1181862).\n\n - ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes).\n\n - ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes).\n\n - ASoC: cs42l42: Always wait at least 3ms after reset (git-fixes).\n\n - ASoC: cs42l42: Do not enable/disable regulator at Bias Level (git-fixes).\n\n - ASoC: cs42l42: Fix Bitclock polarity inversion (git-fixes).\n\n - ASoC: cs42l42: Fix channel width support (git-fixes).\n\n - ASoC: cs42l42: Fix mixer volume control (git-fixes).\n\n - ASoC: cygnus: fix for_each_child.cocci warnings (git-fixes).\n\n - ASoC: es8316: Simplify adc_pga_gain_tlv table (git-fixes).\n\n - ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes).\n\n - ASoC: fsl_ssi: Fix TDM slot setup for I2S mode (git-fixes).\n\n - ASoC: Intel: Add DMI quirk table to soc_intel_is_byt_cr() (git-fixes).\n\n - ASoC: intel: atom: Remove 44100 sample-rate from the media and deep-buffer DAI descriptions (git-fixes).\n\n - ASoC: intel: atom: Stop advertising non working S24LE support (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140 (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID 7316R tablet (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX OVCD current threshold (git-fixes).\n\n - ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper EZpad 7 tablet (git-fixes).\n\n - ASoC: max98373: Added 30ms turn on/off time delay (git-fixes).\n\n - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes).\n\n - ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes).\n\n - ASoC: rt5670: Add emulated 'DAC1 Playback Switch' control (git-fixes).\n\n - ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from Sto1 ADC mixer settings (git-fixes).\n\n - ASoC: rt5670: Remove 'HP Playback Switch' control (git-fixes).\n\n - ASoC: rt5670: Remove 'OUT Channel Switch' control (git-fixes).\n\n - ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe (git-fixes).\n\n - ASoC: simple-card-utils: Do not handle device clock (git-fixes).\n\n - ASoC: sunxi: sun4i-codec: fill ASoC card owner (git-fixes).\n\n - ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips (git-fixes).\n\n - ath10k: fix wmi mgmt tx queue full due to race condition (git-fixes).\n\n - ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() (git-fixes).\n\n - ath9k: fix transmitting to stations in dynamic SMPS mode (git-fixes).\n\n - atl1c: fix error return code in atl1c_probe() (git-fixes).\n\n - atl1e: fix error return code in atl1e_probe() (git-fixes).\n\n - batman-adv: initialize 'struct batadv_tvlv_tt_vlan_data'->reserved field (git-fixes).\n\n - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes).\n\n - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes).\n\n - blktrace-annotate-required-lock-on-do_blk_trace_setu.pat ch: (bsc#1171295).\n\n - blktrace-Avoid-sparse-warnings-when-assigning-q-blk_.pat ch: (bsc#1171295).\n\n - blktrace-break-out-of-blktrace-setup-on-concurrent-c.pat ch: (bsc#1171295).\n\n - block-clarify-context-for-refcount-increment-helpers.pat ch: (bsc#1171295).\n\n - block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes).\n\n - Bluetooth: Fix NULL pointer dereference in amp_read_loc_assoc_final_data (git-fixes).\n\n - Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl (git-fixes).\n\n - bnxt_en: reliably allocate IRQ table on reset to avoid crash (jsc#SLE-8371 bsc#1153274).\n\n - bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775).\n\n - bpf: Avoid warning when re-casting __bpf_call_base into\n __bpf_call_base_args (bsc#1155518).\n\n - bpf: Declare __bpf_free_used_maps() unconditionally (bsc#1155518).\n\n - bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp programs (bsc#1155518).\n\n - bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170).\n\n - bpf_lru_list: Read double-checked variable once without lock (bsc#1155518).\n\n - bpf: Remove MTU check in __bpf_skb_max_len (bsc#1155518).\n\n - bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775).\n\n - bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163).\n\n - brcmfmac: Add DMI nvram filename quirk for Predia Basic tablet (git-fixes).\n\n - brcmfmac: Add DMI nvram filename quirk for Voyo winpad A15 tablet (git-fixes).\n\n - brcmfmac: clear EAP/association status bits on linkdown events (git-fixes).\n\n - btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root (bsc#1184217).\n\n - btrfs: always pin deleted leaves when there are active tree mod log users (bsc#1184224).\n\n - btrfs: fix exhaustion of the system chunk array due to concurrent allocations (bsc#1183386).\n\n - btrfs: fix extent buffer leak on failure to copy root (bsc#1184218).\n\n - btrfs: fix race when cloning extent buffer during rewind of an old root (bsc#1184193).\n\n - btrfs: fix stale data exposure after cloning a hole with NO_HOLES enabled (bsc#1184220).\n\n - btrfs: fix subvolume/snapshot deletion not triggered on mount (bsc#1184219).\n\n - bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes).\n\n - bus: ti-sysc: Fix warning on unbind if reset is not deasserted (git-fixes).\n\n - can: c_can: move runtime PM enable/disable to c_can_platform (git-fixes).\n\n - can: c_can_pci: c_can_pci_remove(): fix use-after-free (git-fixes).\n\n - can: flexcan: assert FRZ bit in flexcan_chip_freeze() (git-fixes).\n\n - can: flexcan: enable RX FIFO after FRZ/HALT valid (git-fixes).\n\n - can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate (git-fixes).\n\n - can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode (git-fixes).\n\n - can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning (git-fixes).\n\n - can: peak_usb: add forgotten supported devices (git-fixes).\n\n - can: peak_usb: Revert 'can: peak_usb: add forgotten supported devices' (git-fixes).\n\n - can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership (git-fixes).\n\n - cdc-acm: fix BREAK rx code path adding necessary calls (git-fixes).\n\n - certs: Fix blacklist flag type confusion (git-fixes).\n\n - cifs: change noisy error message to FYI (bsc#1181507).\n\n - cifs: check pointer before freeing (bsc#1183534).\n\n - cifs_debug: use %pd instead of messing with ->d_name (bsc#1181507).\n\n - cifs: do not send close in compound create+close requests (bsc#1181507).\n\n - cifs: New optype for session operations (bsc#1181507).\n\n - cifs: print MIDs in decimal notation (bsc#1181507).\n\n - cifs: return proper error code in statfs(2) (bsc#1181507).\n\n - cifs: Tracepoints and logs for tracing credit changes (bsc#1181507).\n\n - clk: fix invalid usage of list cursor in register (git-fixes).\n\n - clk: fix invalid usage of list cursor in unregister (git-fixes).\n\n - clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes).\n\n - completion: Drop init_completion define (git-fixes).\n\n - configfs: fix a use-after-free in __configfs_open_file (git-fixes).\n\n - config: net: freescale: change xgmac-mdio to built-in References: bsc#1183015,bsc#1182595\n\n - crypto: aesni - prevent misaligned buffers on the stack (git-fixes).\n\n - crypto: arm64/sha - add missing module aliases (git-fixes).\n\n - crypto: bcm - Rename struct device_private to bcm_device_private (git-fixes).\n\n - crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires the manager (git-fixes).\n\n - crypto: tcrypt - avoid signed overflow in byte count (git-fixes).\n\n - Delete patches.suse/sched-Reenable-interrupts-in-do_sched_yield .patch (bsc#1183530) \n\n - drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue (git-fixes).\n\n - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (git-fixes).\n\n - drm/amd/display: Guard against NULL pointer deref when get_i2c_info fails (git-fixes).\n\n - drm/amdgpu: Add check to prevent IH overflow (git-fixes).\n\n - drm/amdgpu: check alignment on CPU page for bo map (git-fixes).\n\n - drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() (git-fixes).\n\n - drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie (git-fixes).\n\n - drm/amdkfd: Put ACPI table after using it (bsc#1152489) Backporting notes: 	* context changes\n\n - drm/amd/powerplay: fix spelling mistake 'smu_state_memroy_block' -> (bsc#1152489) Backporting notes: 	* rename amd/pm to amd/powerplay 	* context changes\n\n - drm/compat: Clear bounce structures (git-fixes).\n\n - drm/hisilicon: Fix use-after-free (git-fixes).\n\n - drm/i915: Fix invalid access to ACPI _DSM objects (bsc#1184074).\n\n - drm/i915: Reject 446-480MHz HDMI clock on GLK (git-fixes).\n\n - drm/mediatek: Fix aal size config (bsc#1152489) \n\n - drm: meson_drv add shutdown function (git-fixes).\n\n - drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register (git-fixes).\n\n - drm/msm/adreno: a5xx_power: Do not apply A540 lm_setup to other GPUs (git-fixes).\n\n - drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) (git-fixes).\n\n - drm/msm: Fix races managing the OOB state for timestamp vs (bsc#1152489) \n\n - drm/msm: fix shutdown hook in case GPU components failed to bind (git-fixes).\n\n - drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1152489) \n\n - drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1152489) \n\n - drm/msm/gem: Add obj->lock wrappers (bsc#1152489) \n\n - drm/msm: Ratelimit invalid-fence message (git-fixes).\n\n - drm/msm: Set drvdata to NULL when msm_drm_init() fails (git-fixes).\n\n - drm/nouveau: bail out of nouveau_channel_new if channel init fails (bsc#1152489) \n\n - drm/nouveau/kms: handle mDP connectors (git-fixes).\n\n - drm/panfrost: Do not corrupt the queue mutex on open/close (bsc#1152472) \n\n - drm/panfrost: Fix job timeout handling (bsc#1152472) \n\n - drm/panfrost: Remove unused variables in panfrost_job_close() (bsc#1152472)\n\n - drm/radeon: fix AGP dependency (git-fixes).\n\n - drm: rcar-du: Fix crash when using LVDS1 clock for CRTC (bsc#1152489) \n\n - drm/sched: Cancel and flush all outstanding jobs before finish (git-fixes).\n\n - drm/sun4i: tcon: fix inverted DCLK polarity (bsc#1152489) \n\n - drm/tegra: sor: Grab runtime PM reference across reset (git-fixes).\n\n - drm/vc4: hdmi: Restore cec physical address on reconnect (bsc#1152472) \n\n - efi: use 32-bit alignment for efi_guid_t literals (git-fixes).\n\n - enetc: Fix reporting of h/w packet counters (git-fixes).\n\n - epoll: check for events when removing a timed out thread from the wait queue (git-fixes).\n\n - ethernet: alx: fix order of calls on resume (git-fixes).\n\n - exec: Move would_dump into flush_old_exec (git-fixes).\n\n - exfat: add missing MODULE_ALIAS_FS() (bsc#1182989).\n\n - exfat: add the dummy mount options to be backward compatible with staging/exfat (bsc#1182989).\n\n - extcon: Add stubs for extcon_register_notifier_all() functions (git-fixes).\n\n - extcon: Fix error handling in extcon_dev_register (git-fixes).\n\n - fbdev: aty: SPARC64 requires FB_ATY_CT (git-fixes).\n\n - firmware/efi: Fix a use after bug in efi_mem_reserve_persistent (git-fixes).\n\n - flow_dissector: fix byteorder of dissected ICMP ID (bsc#1154353).\n\n - fsl/fman: check dereferencing NULL pointer (git-fixes).\n\n - fsl/fman: fix dereference null return value (git-fixes).\n\n - fsl/fman: fix eth hash table allocation (git-fixes).\n\n - fsl/fman: fix unreachable code (git-fixes).\n\n - fsl/fman: use 32-bit unsigned integer (git-fixes).\n\n - fuse: fix bad inode (bsc#1184211).\n\n - fuse: fix live lock in fuse_iget() (bsc#1184211).\n\n - fuse: verify write return (git-fixes).\n\n - gcc-plugins: drop support for GCC <= 4.7 (bcs#1181862).\n\n - gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS again (bcs#1181862).\n\n - gcc-plugins: simplify GCC plugin-dev capability test (bsc#1181862).\n\n - gianfar: Account for Tx PTP timestamp in the skb headroom (git-fixes).\n\n - gianfar: Fix TX timestamping with a stacked DSA driver (git-fixes).\n\n - gianfar: Handle error code at MAC address change (git-fixes).\n\n - gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP (git-fixes).\n\n - Goodix Fingerprint device is not a modem (git-fixes).\n\n - gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes).\n\n - gpio: pca953x: Set IRQ type when handle Intel Galileo Gen 2 (git-fixes).\n\n - gpio: zynq: fix reference leak in zynq_gpio functions (git-fixes).\n\n - HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for ITE8568 EC on Voyo Winpad A15 (git-fixes).\n\n - HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube Adapter (git-fixes).\n\n - HSI: Fix PM usage counter unbalance in ssi_hw_init (git-fixes).\n\n - hwmon: (ina3221) Fix PM usage counter unbalance in ina3221_write_enable (git-fixes).\n\n - i2c: rcar: faster irq code to minimize HW race condition (git-fixes).\n\n - i2c: rcar: optimize cacheline to minimize HW race condition (git-fixes).\n\n - i40e: Fix parameters in aq_get_phy_register() (jsc#SLE-8025).\n\n - i40e: Fix sparse error: 'vsi->netdev' could be null (jsc#SLE-8025).\n\n - iavf: Fix incorrect adapter get in iavf_resume (git-fixes).\n\n - iavf: use generic power management (git-fixes).\n\n - ibmvnic: add comments for spinlock_t definitions (bsc#1183871 ltc#192139).\n\n - ibmvnic: always store valid MAC address (bsc#1182011 ltc#191844).\n\n - ibmvnic: avoid multiple line dereference (bsc#1183871 ltc#192139).\n\n - ibmvnic: fix block comments (bsc#1183871 ltc#192139).\n\n - ibmvnic: fix braces (bsc#1183871 ltc#192139).\n\n - ibmvnic: fix miscellaneous checks (bsc#1183871 ltc#192139).\n\n - ibmvnic: Fix possibly uninitialized old_num_tx_queues variable warning (jsc#SLE-17268).\n\n - ibmvnic: merge do_change_param_reset into do_reset (bsc#1183871 ltc#192139).\n\n - ibmvnic: prefer strscpy over strlcpy (bsc#1183871 ltc#192139).\n\n - ibmvnic: prefer 'unsigned long' over 'unsigned long int' (bsc#1183871 ltc#192139).\n\n - ibmvnic: remove excessive irqsave (bsc#1182485 ltc#191591).\n\n - ibmvnic: remove unnecessary rmb() inside ibmvnic_poll (bsc#1183871 ltc#192139).\n\n - ibmvnic: remove unused spinlock_t stats_lock definition (bsc#1183871 ltc#192139).\n\n - ibmvnic: rework to ensure SCRQ entry reads are properly ordered (bsc#1183871 ltc#192139).\n\n - ibmvnic: simplify reset_long_term_buff function (bsc#1183023 ltc#191791).\n\n - ibmvnic: substitute mb() with dma_wmb() for send_*crq* functions (bsc#1183023 ltc#191791).\n\n - ice: fix memory leak if register_netdev_fails (git-fixes).\n\n - ice: fix memory leak in ice_vsi_setup (git-fixes).\n\n - ice: Fix state bits on LLDP mode switch (jsc#SLE-7926).\n\n - ice: remove DCBNL_DEVRESET bit from PF state (jsc#SLE-7926).\n\n - ice: renegotiate link after FW DCB on (jsc#SLE-8464).\n\n - ice: report correct max number of TCs (jsc#SLE-7926).\n\n - ice: update the number of available RSS queues (jsc#SLE-7926).\n\n - igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634).\n\n - iio: adc: ad7949: fix wrong ADC result due to incorrect bit mask (git-fixes).\n\n - iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel (git-fixes).\n\n - iio: adis16400: Fix an error code in adis16400_initial_setup() (git-fixes).\n\n - iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler (git-fixes).\n\n - iio: hid-sensor-humidity: Fix alignment issue of timestamp channel (git-fixes).\n\n - iio: hid-sensor-prox: Fix scale not correct issue (git-fixes).\n\n - iio: hid-sensor-temperature: Fix issues of timestamp channel (git-fixes).\n\n - include/linux/sched/mm.h: use rcu_dereference in in_vfork() (git-fixes).\n\n - Input: applespi - do not wait for responses to commands indefinitely (git-fixes).\n\n - Input: elantech - fix protocol errors for some trackpoints in SMBus mode (git-fixes).\n\n - Input: i8042 - add ASUS Zenbook Flip to noselftest list (git-fixes).\n\n - Input: raydium_ts_i2c - do not send zero length (git-fixes).\n\n - Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S (git-fixes).\n\n - iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc#1183277).\n\n - iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183278).\n\n - iommu/qcom: add missing put_device() call in qcom_iommu_of_xlate() (bsc#1183637).\n\n - iommu/vt-d: Add get_domain_info() helper (bsc#1183279).\n\n - iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1183280).\n\n - iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid() (bsc#1183281).\n\n - iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183282).\n\n - iommu/vt-d: Fix general protection fault in aux_detach_device() (bsc#1183283).\n\n - iommu/vt-d: Fix ineffective devTLB invalidation for subdevices (bsc#1183284).\n\n - iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev() (bsc#1183285).\n\n - iommu/vt-d: Move intel_iommu info from struct intel_svm to struct intel_svm_dev (bsc#1183286).\n\n - ionic: linearize tso skb with too many frags (bsc#1167773).\n\n - kABI: powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes).\n\n - kbuild: add dummy toolchains to enable all cc-option etc. in Kconfig (bcs#1181862).\n\n - kbuild: change *FLAGS_<basetarget>.o to take the path relative to $(obj) (bcs#1181862).\n\n - kbuild: dummy-tools, fix inverted tests for gcc (bcs#1181862).\n\n - kbuild: dummy-tools, support MPROFILE_KERNEL checks for ppc (bsc#1181862).\n\n - kbuild: Fail if gold linker is detected (bcs#1181862).\n\n - kbuild: improve cc-option to clean up all temporary files (bsc#1178330).\n\n - kbuild: include scripts/Makefile.* only when relevant CONFIG is enabled (bcs#1181862).\n\n - kbuild: simplify GCC_PLUGINS enablement in dummy-tools/gcc (bcs#1181862).\n\n - kbuild: stop filtering out $(GCC_PLUGINS_CFLAGS) from cc-option base (bcs#1181862).\n\n - kbuild: use -S instead of -E for precise cc-option test in Kconfig (bsc#1178330).\n\n - kconfig: introduce m32-flag and m64-flag (bcs#1181862).\n\n - KVM: nVMX: Properly handle userspace interrupt window request (bsc#1183427).\n\n - KVM: SVM: Clear the CR4 register on reset (bsc#1183252).\n\n - KVM: x86: Add helpers to perform CPUID-based guest vendor check (bsc#1183445). \n\n - KVM: x86: Add RIP to the kvm_entry, i.e. VM-Enter, tracepoint Needed as a dependency of 0b40723a827 ('kvm:\n tracing: Fix unmatched kvm_entry and kvm_exit events', bsc#1182770).\n\n - KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc#1183287).\n\n - KVM: x86: do not reset microcode version on INIT or RESET (bsc#1183412).\n\n - KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1183447).\n\n - KVM: x86: list MSR_IA32_UCODE_REV as an emulated MSR (bsc#1183369).\n\n - KVM: x86: Return -E2BIG when KVM_GET_SUPPORTED_CPUID hits max entries (bsc#1183428).\n\n - KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset (bsc#1183288).\n\n - libbpf: Clear map_info before each bpf_obj_get_info_by_fd (bsc#1155518).\n\n - libbpf: Fix BTF dump of pointer-to-array-of-struct (bsc#1155518).\n\n - libbpf: Fix INSTALL flag order (bsc#1155518).\n\n - libbpf: Use SOCK_CLOEXEC when opening the netlink socket (bsc#1155518).\n\n - lib/syscall: fix syscall registers retrieval on 32-bit platforms (git-fixes).\n\n - locking/mutex: Fix non debug version of mutex_lock_io_nested() (git-fixes).\n\n - loop-be-paranoid-on-exit-and-prevent-new-additions-r.pat ch: (bsc#1171295).\n\n - mac80211: choose first enabled channel for monitor (git-fixes).\n\n - mac80211: fix double free in ibss_leave (git-fixes).\n\n - mac80211: fix rate mask reset (git-fixes).\n\n - mac80211: fix TXQ AC confusion (git-fixes).\n\n - mdio: fix mdio-thunder.c dependency & build error (git-fixes).\n\n - media: cros-ec-cec: do not bail on device_init_wakeup failure (git-fixes).\n\n - media: cx23885: add more quirks for reset DMA on some AMD IOMMU (git-fixes).\n\n - media: mceusb: Fix potential out-of-bounds shift (git-fixes).\n\n - media: mceusb: sanity check for prescaler value (git-fixes).\n\n - media: rc: compile rc-cec.c into rc-core (git-fixes).\n\n - media: usbtv: Fix deadlock on suspend (git-fixes).\n\n - media: uvcvideo: Allow entities with no pads (git-fixes).\n\n - media: v4l2-ctrls.c: fix shift-out-of-bounds in std_validate (git-fixes).\n\n - media: v4l: vsp1: Fix bru NULL pointer access (git-fixes).\n\n - media: v4l: vsp1: Fix uif NULL pointer access (git-fixes).\n\n - media: vicodec: add missing v4l2_ctrl_request_hdl_put() (git-fixes).\n\n - misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom (git-fixes).\n\n - misc: fastrpc: restrict user apps from sending kernel RPC messages (git-fixes).\n\n - misc/pvpanic: Export module FDT device table (git-fixes).\n\n - misc: rtsx: init of rts522a add OCP power off when no card is present (git-fixes).\n\n - mISDN: fix crash in fritzpci (git-fixes).\n\n - mmc: core: Fix partition switch time for eMMC (git-fixes).\n\n - mmc: cqhci: Fix random crash when remove mmc module/card (git-fixes).\n\n - mmc: mxs-mmc: Fix a resource leak in an error handling path in 'mxs_mmc_probe()' (git-fixes).\n\n - mmc: sdhci-esdhc-imx: fix kernel panic when remove module (git-fixes).\n\n - mmc: sdhci-of-dwcmshc: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes).\n\n - mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page (git-fixes).\n\n - mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (bsc#1168777).\n\n - mount: fix mounting of detached mounts onto targets that reside on shared mounts (git-fixes).\n\n - mt76: dma: do not report truncated frames to mac80211 (git-fixes).\n\n - mwifiex: pcie: skip cancel_work_sync() on reset failure path (git-fixes).\n\n - net: arc_emac: Fix memleak in arc_mdio_probe (git-fixes).\n\n - net: atheros: switch from 'pci_' to 'dma_' API (git-fixes).\n\n - net: b44: fix error return code in b44_init_one() (git-fixes).\n\n - net: bonding: fix error return code of bond_neigh_init() (bsc#1154353).\n\n - net: cdc-phonet: fix data-interface release on probe failure (git-fixes).\n\n - net: core: introduce __netdev_notify_peers (bsc#1183871 ltc#192139).\n\n - netdevsim: init u64 stats for 32bit hardware (git-fixes).\n\n - net: dsa: rtl8366: Fix VLAN semantics (git-fixes).\n\n - net: dsa: rtl8366: Fix VLAN set-up (git-fixes).\n\n - net: dsa: rtl8366rb: Support all 4096 VLANs (git-fixes).\n\n - net: enic: Cure the enic api locking trainwreck (git-fixes).\n\n - net: ethernet: aquantia: Fix wrong return value (git-fixes).\n\n - net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop (git-fixes).\n\n - net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours (bsc#1183871 ltc#192139).\n\n - net: ethernet: ti: cpsw: fix clean up of vlan mc entries for host port (git-fixes).\n\n - net: ethernet: ti: cpsw: fix error return code in cpsw_probe() (git-fixes).\n\n - net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() (git-fixes).\n\n - net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes).\n\n - net: fec: Fix reference count leak in fec series ops (git-fixes).\n\n - net: gemini: Fix another missing clk_disable_unprepare() in probe (git-fixes).\n\n - net: gemini: Fix missing free_netdev() in error path of gemini_ethernet_port_probe() (git-fixes).\n\n - net: gianfar: Add of_node_put() before goto statement (git-fixes).\n\n - net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device (git-fixes).\n\n - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup (git-fixes).\n\n - net: hns3: Remove the left over redundant check & assignment (bsc#1154353).\n\n - net: korina: cast KSEG0 address to pointer in kfree (git-fixes).\n\n - net: korina: fix kfree of rx/tx descriptor array (git-fixes).\n\n - net: lantiq: Wait for the GPHY firmware to be ready (git-fixes).\n\n - net/mlx5: Disable devlink reload for lag devices (jsc#SLE-8464).\n\n - net/mlx5: Disable devlink reload for multi port slave device (jsc#SLE-8464).\n\n - net/mlx5: Disallow RoCE on lag device (jsc#SLE-8464).\n\n - net/mlx5: Disallow RoCE on multi port slave device (jsc#SLE-8464).\n\n - net/mlx5e: E-switch, Fix rate calculation division (jsc#SLE-8464).\n\n - net/mlx5e: E-switch, Fix rate calculation for overflow (jsc#SLE-8464).\n\n - net/mlx5: Fix PPLM register mapping (jsc#SLE-8464).\n\n - net: mvneta: fix double free of txq->buf (git-fixes).\n\n - net: mvneta: make tx buffer array agnostic (git-fixes).\n\n - net: pasemi: fix error return code in pasemi_mac_open() (git-fixes).\n\n - net: phy: broadcom: Only advertise EEE for supported modes (git-fixes).\n\n - net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes).\n\n - net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup (git-fixes).\n\n - net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405)\n\n - netsec: restore phy power state after controller reset (bsc#1183757).\n\n - net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes).\n\n - net: stmmac: Fix incorrect location to set real_num_rx|tx_queues (git-fixes).\n\n - net: stmmac: removed enabling eee in EEE set callback (git-fixes).\n\n - net: stmmac: use netif_tx_start|stop_all_queues() function (git-fixes).\n\n - net: stmmac: Use rtnl_lock/unlock on netif_set_real_num_rx_queues() call (git-fixes).\n\n - net: usb: ax88179_178a: fix missing stop entry in driver_info (git-fixes).\n\n - net: usb: qmi_wwan: allow qmimux add/del with master up (git-fixes).\n\n - net: usb: qmi_wwan: support ZTE P685M modem (git-fixes).\n\n - net: wan/lmc: unregister device when no matching device is found (git-fixes).\n\n - nfp: flower: fix pre_tun mask id allocation (bsc#1154353).\n\n - nvme: allocate the keep alive request using BLK_MQ_REQ_NOWAIT (bsc#1182077).\n\n - nvme-fabrics: fix kato initialization (bsc#1182591).\n\n - nvme-fabrics: only reserve a single tag (bsc#1182077).\n\n - nvme-fc: fix racing controller reset and create association (bsc#1183048).\n\n - nvme-hwmon: Return error code when registration fails (bsc#1177326).\n\n - nvme: merge nvme_keep_alive into nvme_keep_alive_work (bsc#1182077).\n\n - nvme: return an error if nvme_set_queue_count() fails (bsc#1180197).\n\n - nvmet-rdma: Fix list_del corruption on queue establishment failure (bsc#1183501).\n\n - objtool: Fix '.cold' section suffix check for newer versions of GCC (bsc#1169514).\n\n - objtool: Fix error handling for STD/CLD warnings (bsc#1169514).\n\n - objtool: Fix retpoline detection in asm code (bsc#1169514).\n\n - ovl: fix dentry leak in ovl_get_redirect (bsc#1184176).\n\n - ovl: fix out of date comment and unreachable code (bsc#1184176).\n\n - ovl: fix regression with re-formatted lower squashfs (bsc#1184176).\n\n - ovl: fix unneeded call to ovl_change_flags() (bsc#1184176).\n\n - ovl: fix value of i_ino for lower hardlink corner case (bsc#1184176).\n\n - ovl: initialize error in ovl_copy_xattr (bsc#1184176).\n\n - ovl: relax WARN_ON() when decoding lower directory file handle (bsc#1184176).\n\n - PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse (git-fixes).\n\n - PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller (git-fixes).\n\n - PCI: Align checking of syscall user config accessors (git-fixes).\n\n - PCI: Decline to resize resources if boot config must be preserved (git-fixes).\n\n - PCI: Fix pci_register_io_range() memory leak (git-fixes).\n\n - PCI: mediatek: Add missing of_node_put() to fix reference leak (git-fixes).\n\n - PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes).\n\n - PCI: xgene-msi: Fix race in installing chained irq handler (git-fixes).\n\n - pinctrl: rockchip: fix restore error in resume (git-fixes).\n\n - Platform: OLPC: Fix probe error handling (git-fixes).\n\n - platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch 10E SW3-016 (git-fixes).\n\n - platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag (git-fixes).\n\n - platform/x86: acer-wmi: Add new force_caps module parameter (git-fixes).\n\n - platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices (git-fixes).\n\n - platform/x86: acer-wmi: Cleanup accelerometer device handling (git-fixes).\n\n - platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines (git-fixes).\n\n - platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 (git-fixes).\n\n - platform/x86: intel-vbtn: Stop reporting SW_DOCK events (git-fixes).\n\n - platform/x86: thinkpad_acpi: Allow the FnLock LED to change state (git-fixes).\n\n - PM: EM: postpone creating the debugfs dir till fs_initcall (git-fixes).\n\n - PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter (bsc#1183366).\n\n - PM: runtime: Fix ordering in pm_runtime_get_suppliers() (git-fixes).\n\n - PM: runtime: Fix race getting/putting suppliers at probe (git-fixes).\n\n - post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388).\n\n - powerpc/64s: Fix instruction encoding for lis in ppc_function_entry() (bsc#1065729).\n\n - powerpc/book3s64/radix: Remove WARN_ON in destroy_context() (bsc#1183692 ltc#191963).\n\n - powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes).\n\n - powerpc/pseries/mobility: handle premature return from H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922).\n\n - powerpc/pseries/mobility: use struct for shared state (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922).\n\n - powerpc/pseries/ras: Remove unused variable 'status' (bsc#1065729).\n\n - powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1156395).\n\n - powerpc/sstep: Fix darn emulation (bsc#1156395).\n\n - powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1156395).\n\n - powerpc/sstep: Fix load-store and update emulation (bsc#1156395).\n\n - printk: fix deadlock when kernel panic (bsc#1183018).\n\n - proc: fix lookup in /proc/net subdirectories after setns(2) (git-fixes).\n\n - pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() (git-fixes).\n\n - qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes).\n\n - qxl: Fix uninitialised struct field head.surface_id (git-fixes).\n\n - random: fix the RNDRESEEDCRNG ioctl (git-fixes).\n\n - RAS/CEC: Correct ce_add_elem()'s returned values (bsc#1152489).\n\n - RDMA/hns: Disable RQ inline by default (jsc#SLE-8449).\n\n - RDMA/hns: Fix type of sq_signal_bits (jsc#SLE-8449).\n\n - RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc#1169709)\n\n - regulator: bd9571mwv: Fix AVS and DVFS voltage range (git-fixes).\n\n - Revert 'net: bonding: fix error return code of bond_neigh_init()' (bsc#1154353).\n\n - rpadlpar: fix potential drc_name corruption in store functions (bsc#1183416 ltc#191079).\n\n - rpm/check-for-config-changes: add -mrecord-mcount ignore Added by 3b15cdc15956 (tracing: move function tracer options to Kconfig) upstream.\n\n - rpm/check-for-config-changes: Also ignore AS_VERSION added in 5.12.\n\n - rpm/check-for-config-changes: comment on the list To explain what it actually is.\n\n - rpm/check-for-config-changes: declare sed args as an array So that we can reuse it in both seds. This also introduces IGNORED_CONFIGS_RE array which can be easily extended.\n\n - rpm/check-for-config-changes: define ignores more strictly * search for whole words, so make wildcards explicit * use ' for quoting * prepend CONFIG_ dynamically, so it need not be in the list\n\n - rpm/check-for-config-changes: sort the ignores They are growing so to make them searchable by humans.\n\n - rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514) The devel package requires the kernel binary package itself for building modules externally.\n\n - rsi: Fix TX EAPOL packet handling against iwlwifi AP (git-fixes).\n\n - rsi: Move card interrupt handling to RX thread (git-fixes).\n\n - rsxx: Return -EFAULT if copy_to_user() fails (git-fixes).\n\n - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes).\n\n - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes).\n\n - s390/crypto: return -EFAULT if copy_to_user() fails (git-fixes).\n\n - s390/dasd: fix hanging IO request during DASD driver unbind (git-fixes).\n\n - s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes).\n\n - s390/qeth: fix notification for pending buffers during teardown (git-fixes).\n\n - s390/qeth: improve completion of pending TX buffers (git-fixes).\n\n - s390/qeth: schedule TX NAPI on QAOB completion (git-fixes).\n\n - s390/vtime: fix increased steal time accounting (bsc#1183859).\n\n - samples, bpf: Add missing munmap in xdpsock (bsc#1155518).\n\n - scsi: ibmvfc: Fix invalid state machine BUG_ON() (bsc#1184647 ltc#191231).\n\n - scsi: lpfc: Change wording of invalid pci reset log message (bsc#1182574).\n\n - scsi: lpfc: Correct function header comments related to ndlp reference counting (bsc#1182574).\n\n - scsi: lpfc: Fix ADISC handling that never frees nodes (bsc#1182574).\n\n - scsi: lpfc: Fix crash caused by switch reboot (bsc#1182574).\n\n - scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (bsc#1182574).\n\n - scsi: lpfc: Fix FLOGI failure due to accessing a freed node (bsc#1182574).\n\n - scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe (bsc#1182574).\n\n - scsi: lpfc: Fix lpfc_els_retry() possible NULL pointer dereference (bsc#1182574).\n\n - scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574).\n\n - scsi: lpfc: Fix NULL pointer dereference in lpfc_prep_els_iocb() (bsc#1182574).\n\n - scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN (bsc#1182574).\n\n - scsi: lpfc: Fix pt2pt connection does not recover after LOGO (bsc#1182574).\n\n - scsi: lpfc: Fix pt2pt state transition causing rmmod hang (bsc#1182574).\n\n - scsi: lpfc: Fix reftag generation sizing errors (bsc#1182574).\n\n - scsi: lpfc: Fix stale node accesses on stale RRQ request (bsc#1182574).\n\n - scsi: lpfc: Fix status returned in lpfc_els_retry() error exit path (bsc#1182574).\n\n - scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf (bsc#1182574).\n\n - scsi: lpfc: Fix use after free in lpfc_els_free_iocb (bsc#1182574).\n\n - scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid() (bsc#1182574).\n\n - scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports (bsc#1182574).\n\n - scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8 changes (bsc#1182574).\n\n - scsi: lpfc: Update lpfc version to 12.8.0.8 (bsc#1182574).\n\n - scsi: target: pscsi: Avoid OOM in pscsi_map_sg() (bsc#1183843).\n\n - scsi: target: pscsi: Clean up after failure in pscsi_map_sg() (bsc#1183843).\n\n - selftests/bpf: Mask bpf_csum_diff() return value to 16 bits in test_verifier (bsc#1155518).\n\n - selftests/bpf: No need to drop the packet when there is no geneve opt (bsc#1155518).\n\n - selftests/bpf: Set gopt opt_class to 0 if get tunnel opt failed (bsc#1155518).\n\n - selinux: fix error initialization in inode_doinit_with_dentry() (git-fixes).\n\n - selinux: Fix error return code in sel_ib_pkey_sid_slow() (git-fixes).\n\n - selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling (git-fixes).\n\n - smb3: add dynamic trace point to trace when credits obtained (bsc#1181507).\n\n - smb3: fix crediting for compounding when only one request in flight (bsc#1181507).\n\n - smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540).\n\n - soc/fsl: qbman: fix conflicting alignment attributes (git-fixes).\n\n - software node: Fix node registration (git-fixes).\n\n - spi: stm32: make spurious and overrun interrupts visible (git-fixes).\n\n - squashfs: fix inode lookup sanity checks (bsc#1183750).\n\n - squashfs: fix xattr id and id lookup sanity checks (bsc#1183750).\n\n - stop_machine: mark helpers __always_inline (git-fixes).\n\n - thermal/core: Add NULL pointer check before using cooling device stats (git-fixes).\n\n - udlfb: Fix memory leak in dlfb_usb_probe (git-fixes).\n\n - Update bug reference for USB-audio fixes (bsc#1182552 bsc#1183598)\n\n - USB: cdc-acm: downgrade message to debug (git-fixes).\n\n - USB: cdc-acm: fix double free on probe failure (git-fixes).\n\n - USB: cdc-acm: fix use-after-free after probe failure (git-fixes).\n\n - USB: cdc-acm: untangle a circular dependency between callback and softint (git-fixes).\n\n - USB: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board (git-fixes).\n\n - USB: dwc2: Prevent core suspend when port connection flag is 0 (git-fixes).\n\n - USB: dwc3: gadget: Fix dep->interval for fullspeed interrupt (git-fixes).\n\n - USB: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1 (git-fixes).\n\n - USB: dwc3: qcom: Add missing DWC3 OF node refcount decrement (git-fixes).\n\n - USB: dwc3: qcom: Honor wakeup enabled/disabled state (git-fixes).\n\n - USB: gadget: configfs: Fix KASAN use-after-free (git-fixes).\n\n - USB: gadget: f_uac1: stop playback on function disable (git-fixes).\n\n - USB: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot (git-fixes).\n\n - USB: gadget: udc: amd5536udc_pci fix null-ptr-dereference (git-fixes).\n\n - USB: gadget: u_ether: Fix a configfs return code (git-fixes).\n\n - USBip: Fix incorrect double assignment to udc->ud.tcp_rx (git-fixes).\n\n - USBip: fix stub_dev to check for stream socket (git-fixes).\n\n - USBip: fix stub_dev usbip_sockfd_store() races leading to gpf (git-fixes).\n\n - USBip: fix vhci_hcd attach_store() races leading to gpf (git-fixes).\n\n - USBip: fix vhci_hcd to check for stream socket (git-fixes).\n\n - USBip: fix vudc to check for stream socket (git-fixes).\n\n - USBip: fix vudc usbip_sockfd_store races leading to gpf (git-fixes).\n\n - USBip: tools: fix build error for multiple definition (git-fixes).\n\n - USBip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() (git-fixes).\n\n - USB: musb: Fix suspend with devices connected for a64 (git-fixes).\n\n - USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem (git-fixes).\n\n - USB: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM (git-fixes).\n\n - USB: replace hardcode maximum usb string length by definition (git-fixes).\n\n - USB: serial: ch341: add new Product ID (git-fixes).\n\n - USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter (git-fixes).\n\n - USB: serial: cp210x: add some more GE USB IDs (git-fixes).\n\n - USB: serial: ftdi_sio: fix FTX sub-integer prescaler (git-fixes).\n\n - USB: serial: io_edgeport: fix memory leak in edge_startup (git-fixes).\n\n - USB-storage: Add quirk to defeat Kindle's automatic unload (git-fixes).\n\n - USB: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy- (git-fixes).\n\n - USB: usblp: fix a hang in poll() if disconnected (git-fixes).\n\n - USB: xhci: do not perform Soft Retry for some xHCI hosts (git-fixes).\n\n - USB: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing (git-fixes).\n\n - USB: xhci-mtk: fix broken streams issue on 0.96 xHCI (git-fixes).\n\n - use __netdev_notify_peers in ibmvnic (bsc#1183871 ltc#192139).\n\n - video: fbdev: acornfb: remove free_unused_pages() (bsc#1152489)\n\n - video: hyperv_fb: Fix a double free in hvfb_probe (git-fixes).\n\n - VMCI: Use set_page_dirty_lock() when unregistering guest memory (git-fixes).\n\n - vt/consolemap: do font sum unsigned (git-fixes).\n\n - watchdog: mei_wdt: request stop on unregister (git-fixes).\n\n - wireguard: device: do not generate ICMP for non-IP packets (git-fixes).\n\n - wireguard: kconfig: use arm chacha even with no neon (git-fixes).\n\n - wireguard: selftests: test multiple parallel streams (git-fixes).\n\n - wlcore: Fix command execute failure 19 for wl12xx (git-fixes).\n\n - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1152489).\n\n - x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() (bsc#1152489).\n\n - x86/ioapic: Ignore IRQ2 again (bsc#1152489).\n\n - x86/mem_encrypt: Correct physical address calculation in\n __set_clr_pte_enc() (bsc#1152489).\n\n - xen/events: avoid handling the same event on two cpus at the same time (git-fixes).\n\n - xen/events: do not unmask an event channel when an eoi is pending (git-fixes).\n\n - xen/events: fix setting irq affinity (bsc#1184583).\n\n - xen/events: reset affinity of 2-level event when tearing it down (git-fixes).\n\n - xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367).\n\n - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367).\n\n - xfs: group quota should return EDQUOT when prj quota enabled (bsc#1180980).\n\n - xhci: Fix repeated xhci wake after suspend due to uncleared internal wake state (git-fixes).\n\n - xhci: Improve detection of device initiated wake signal (git-fixes).\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-05-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2021-758)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18814", "CVE-2019-19769", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-25673", "CVE-2020-27170", "CVE-2020-27171", "CVE-2020-27815", "CVE-2020-35519", "CVE-2020-36310", "CVE-2020-36311", "CVE-2020-36312", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-28038", "CVE-2021-28375", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972", "CVE-2021-29154", "CVE-2021-29264", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-30002", "CVE-2021-3428", "CVE-2021-3444", "CVE-2021-3483"], "modified": "2021-05-27T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:cluster-md-kmp-rt", "p-cpe:/a:novell:opensuse:cluster-md-kmp-rt-debuginfo", "p-cpe:/a:novell:opensuse:cluster-md-kmp-rt_debug", "p-cpe:/a:novell:opensuse:cluster-md-kmp-rt_debug-debuginfo", "p-cpe:/a:novell:opensuse:dlm-kmp-rt", "p-cpe:/a:novell:opensuse:dlm-kmp-rt-debuginfo", "p-cpe:/a:novell:opensuse:dlm-kmp-rt_debug", "p-cpe:/a:novell:opensuse:dlm-kmp-rt_debug-debuginfo", "p-cpe:/a:novell:opensuse:gfs2-kmp-rt", "p-cpe:/a:novell:opensuse:gfs2-kmp-rt-debuginfo", "p-cpe:/a:novell:opensuse:gfs2-kmp-rt_debug", "p-cpe:/a:novell:opensuse:gfs2-kmp-rt_debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel-rt", "p-cpe:/a:novell:opensuse:kernel-rt", "p-cpe:/a:novell:opensuse:kernel-rt-debuginfo", "p-cpe:/a:novell:opensuse:kernel-rt-debugsource", "p-cpe:/a:novell:opensuse:kernel-rt-devel", "p-cpe:/a:novell:opensuse:kernel-rt-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-rt-extra", "p-cpe:/a:novell:opensuse:kernel-rt-extra-debuginfo", "p-cpe:/a:novell:opensuse:kernel-rt_debug", "p-cpe:/a:novell:opensuse:kernel-rt_debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-rt_debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-rt_debug-devel", "p-cpe:/a:novell:opensuse:kernel-rt_debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-rt_debug-extra", "p-cpe:/a:novell:opensuse:kernel-rt_debug-extra-debuginfo", "p-cpe:/a:novell:opensuse:kernel-source-rt", "p-cpe:/a:novell:opensuse:kernel-syms-rt", "p-cpe:/a:novell:opensuse:kselftests-kmp-rt", "p-cpe:/a:novell:opensuse:kselftests-kmp-rt-debuginfo", "p-cpe:/a:novell:opensuse:kselftests-kmp-rt_debug", "p-cpe:/a:novell:opensuse:kselftests-kmp-rt_debug-debuginfo", "p-cpe:/a:novell:opensuse:ocfs2-kmp-rt", "p-cpe:/a:novell:opensuse:ocfs2-kmp-rt-debuginfo", "p-cpe:/a:novell:opensuse:ocfs2-kmp-rt_debug", "p-cpe:/a:novell:opensuse:ocfs2-kmp-rt_debug-debuginfo", "p-cpe:/a:novell:opensuse:reiserfs-kmp-rt", "p-cpe:/a:novell:opensuse:reiserfs-kmp-rt-debuginfo", "p-cpe:/a:novell:opensuse:reiserfs-kmp-rt_debug", "p-cpe:/a:novell:opensuse:reiserfs-kmp-rt_debug-debuginfo", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-758.NASL", "href": "https://www.tenable.com/plugins/nessus/149892", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-758.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(149892);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/27\");\n\n script_cve_id(\"CVE-2019-18814\", \"CVE-2019-19769\", \"CVE-2020-25670\", \"CVE-2020-25671\", \"CVE-2020-25672\", \"CVE-2020-25673\", \"CVE-2020-27170\", \"CVE-2020-27171\", \"CVE-2020-27815\", \"CVE-2020-35519\", \"CVE-2020-36310\", \"CVE-2020-36311\", \"CVE-2020-36312\", \"CVE-2021-27363\", \"CVE-2021-27364\", \"CVE-2021-27365\", \"CVE-2021-28038\", \"CVE-2021-28375\", \"CVE-2021-28660\", \"CVE-2021-28688\", \"CVE-2021-28950\", \"CVE-2021-28964\", \"CVE-2021-28971\", \"CVE-2021-28972\", \"CVE-2021-29154\", \"CVE-2021-29264\", \"CVE-2021-29265\", \"CVE-2021-29647\", \"CVE-2021-30002\", \"CVE-2021-3428\", \"CVE-2021-3444\", \"CVE-2021-3483\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2021-758)\");\n script_summary(english:\"Check for the openSUSE-2021-758 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 15 SP2 kernel RT was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2021-3444: Fixed an issue with the bpf verifier\n which did not properly handle mod32 destination register\n truncation when the source register was known to be 0\n leading to out of bounds read (bsc#1184170).\n\n - CVE-2021-3428: Fixed an integer overflow in\n ext4_es_cache_extent (bsc#1173485).\n\n - CVE-2021-29647: Fixed an issue in qrtr_recvmsg which\n could have allowed attackers to obtain sensitive\n information from kernel memory because of a partially\n uninitialized data structure (bsc#1184192 ).\n\n - CVE-2021-29265: Fixed an issue in usbip_sockfd_store\n which could have allowed attackers to cause a denial of\n service due to race conditions during an update of the\n local and shared status (bsc#1184167).\n\n - CVE-2021-29264: Fixed an issue in the Freescale Gianfar\n Ethernet driver which could have allowed attackers to\n cause a system crash due to a calculation of negative\n fragment size (bsc#1184168).\n\n - CVE-2021-28972: Fixed a user-tolerable buffer overflow\n when writing a new device name to the driver from\n userspace, allowing userspace to write data to the\n kernel stack frame directly (bsc#1184198).\n\n - CVE-2021-28971: Fixed an issue in\n intel_pmu_drain_pebs_nhm which could have caused a\n system crash because the PEBS status in a PEBS record\n was mishandled (bsc#1184196 ).\n\n - CVE-2021-28964: Fixed a race condition in get_old_root\n which could have allowed attackers to cause a denial of\n service (bsc#1184193).\n\n - CVE-2021-28688: Fixed an issue introduced by XSA-365\n (bsc#1183646).\n\n - CVE-2021-28660: Fixed an out of bounds write in\n rtw_wx_set_scan (bsc#1183593 ).\n\n - CVE-2021-28375: Fixed an issue in\n fastrpc_internal_invoke which did not prevent user\n applications from sending kernel RPC messages\n (bsc#1183596).\n\n - CVE-2021-28038: Fixed an issue with the netback driver\n which was lacking necessary treatment of errors such as\n failed memory allocations (bsc#1183022).\n\n - CVE-2021-27365: Fixed an issue where an unprivileged\n user can send a Netlink message that is associated with\n iSCSI, and has a length up to the maximum length of a\n Netlink message (bsc#1182715).\n\n - CVE-2021-27364: Fixed an issue where an attacker could\n craft Netlink messages (bsc#1182717).\n\n - CVE-2021-27363: Fixed a kernel pointer leak which could\n have been used to determine the address of the\n iscsi_transport structure (bsc#1182716).\n\n - CVE-2020-35519: Fixed an out-of-bounds memory access was\n found in x25_bind (bsc#1183696).\n\n - CVE-2020-27815: Fixed an issue in JFS filesystem where\n could have allowed an attacker to execute code\n (bsc#1179454).\n\n - CVE-2020-27171: Fixed an off-by-one error affecting\n out-of-bounds speculation on pointer arithmetic, leading\n to side-channel attacks that defeat Spectre mitigations\n and obtain sensitive information from kernel memory\n (bsc#1183775).\n\n - CVE-2020-27170: Fixed potential side-channel attacks\n that defeat Spectre mitigations and obtain sensitive\n information from kernel memory (bsc#1183686).\n\n - CVE-2019-19769: Fixed a use-after-free in the\n perf_trace_lock_acquire function (bsc#1159280 ).\n\n - CVE-2019-18814: Fixed a use-after-free when\n aa_label_parse() fails in aa_audit_rule_init()\n (bsc#1156256).\n\n - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672,\n CVE-2020-25673: Fixed multiple bugs in NFC subsytem\n (bsc#1178181).\n\n - CVE-2020-36311: Fixed a denial of service (soft lockup)\n by triggering destruction of a large SEV VM\n (bsc#1184511).\n\n - CVE-2021-29154: Fixed incorrect computation of branch\n displacements, allowing arbitrary code execution\n (bsc#1184391).\n\n - CVE-2021-30002: Fixed a memory leak for large arguments\n in video_usercopy (bsc#1184120).\n\n - CVE-2021-3483: Fixed a use-after-free in nosy.c\n (bsc#1184393).\n\n - CVE-2020-36310: Fixed infinite loop for certain nested\n page faults (bsc#1184512).\n\n - CVE-2020-36312: Fixed a memory leak upon a kmalloc\n failure (bsc#1184509 ).\n\n - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due\n to a retry loop continually was finding the same bad\n inode (bsc#1184194).\n\nThe following non-security bugs were fixed :\n\n -\n 0007-block-add-docs-for-gendisk-request_queue-refcount-h\n e.patch: (bsc#1171295, git fixes (block drivers)).\n\n -\n 0008-block-revert-back-to-synchronous-request_queue-remo\n v.patch: (bsc#1171295, git fixes (block drivers)).\n\n - 0009-blktrace-fix-debugfs-use-after-free.patch:\n (bsc#1171295, git fixes (block drivers)). \n\n - ACPI: bus: Constify is_acpi_node() and friends (part 2)\n (git-fixes).\n\n - ACPICA: Always create namespace nodes using\n acpi_ns_create_node() (git-fixes).\n\n - ACPICA: Enable sleep button on ACPI legacy wake\n (bsc#1181383).\n\n - ACPICA: Fix race in generic_serial_bus (I2C) and GPIO\n op_region parameter handling (git-fixes).\n\n - ACPI: scan: Rearrange memory allocation in\n acpi_device_add() (git-fixes).\n\n - ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807\n (git-fixes).\n\n - ACPI: video: Add missing callback back for Sony\n VPCEH3U1E (git-fixes).\n\n - ALSA: aloop: Fix initialization of controls (git-fixes).\n\n - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits\n (git-fixes).\n\n - ALSA: hda: Avoid spurious unsol event handling during\n S3/S4 (git-fixes).\n\n - ALSA: hda: Drop the BATCH workaround for AMD controllers\n (git-fixes).\n\n - ALSA: hda: generic: Fix the micmute led init state\n (git-fixes).\n\n - ALSA: hda/hdmi: Cancel pending works before suspend\n (git-fixes).\n\n - ALSA: hda/realtek: Add quirk for Clevo NH55RZQ\n (git-fixes).\n\n - ALSA: hda/realtek: Add quirk for Intel NUC 10\n (git-fixes).\n\n - ALSA: hda/realtek: Apply dual codec quirks for MSI\n Godlike X570 board (git-fixes).\n\n - ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi\n Redmibook Air (git-fixes).\n\n - ALSA: hda/realtek: apply pin quirk for XiaomiNotebook\n Pro (git-fixes).\n\n - ALSA: hda/realtek: Enable headset mic of Acer SWIFT with\n ALC256 (git-fixes).\n\n - ALSA: hda/realtek: fix a determine_headset_type issue\n for a Dell AIO (git-fixes).\n\n - ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire\n E1 (git-fixes).\n\n - ALSA: usb: Add Plantronics C320-M USB ctrl msg delay\n quirk (bsc#1182552).\n\n - ALSA: usb-audio: Allow modifying parameters with\n succeeding hw_params calls (bsc#1182552).\n\n - ALSA: usb-audio: Apply sample rate quirk to Logitech\n Connect (git-fixes).\n\n - ALSA: usb-audio: Apply the control quirk to Plantronics\n headsets (bsc#1182552).\n\n - ALSA: usb-audio: Disable USB autosuspend properly in\n setup_disable_autosuspend() (bsc#1182552).\n\n - ALSA: usb-audio: Do not abort even if the clock rate\n differs (bsc#1182552).\n\n - ALSA: usb-audio: Drop bogus dB range in too low level\n (bsc#1182552).\n\n - ALSA: usb-audio: Fix 'cannot get freq eq' errors on Dell\n AE515 sound bar (bsc#1182552).\n\n - ALSA: usb-audio: fix NULL ptr dereference in\n usb_audio_probe (bsc#1182552).\n\n - ALSA: usb-audio: Fix 'RANGE setting not yet supported'\n errors (git-fixes).\n\n - ALSA: usb-audio: fix use after free in\n usb_audio_disconnect (bsc#1182552).\n\n - ALSA: usb-audio: Skip the clock selector inquiry for\n single connections (git-fixes).\n\n - ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it\n (git-fixes).\n\n - amd/amdgpu: Disable VCN DPG mode for Picasso\n (git-fixes).\n\n - apparmor: check/put label on\n apparmor_sk_clone_security() (git-fixes).\n\n - appletalk: Fix skb allocation size in loopback case\n (git-fixes).\n\n - arm64: make STACKPROTECTOR_PER_TASK configurable\n (bsc#1181862).\n\n - ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes).\n\n - ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes).\n\n - ASoC: cs42l42: Always wait at least 3ms after reset\n (git-fixes).\n\n - ASoC: cs42l42: Do not enable/disable regulator at Bias\n Level (git-fixes).\n\n - ASoC: cs42l42: Fix Bitclock polarity inversion\n (git-fixes).\n\n - ASoC: cs42l42: Fix channel width support (git-fixes).\n\n - ASoC: cs42l42: Fix mixer volume control (git-fixes).\n\n - ASoC: cygnus: fix for_each_child.cocci warnings\n (git-fixes).\n\n - ASoC: es8316: Simplify adc_pga_gain_tlv table\n (git-fixes).\n\n - ASoC: fsl_esai: Fix TDM slot setup for I2S mode\n (git-fixes).\n\n - ASoC: fsl_ssi: Fix TDM slot setup for I2S mode\n (git-fixes).\n\n - ASoC: Intel: Add DMI quirk table to\n soc_intel_is_byt_cr() (git-fixes).\n\n - ASoC: intel: atom: Remove 44100 sample-rate from the\n media and deep-buffer DAI descriptions (git-fixes).\n\n - ASoC: intel: atom: Stop advertising non working S24LE\n support (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium\n 140 (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One\n S1002 tablet (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for the Estar\n Beauty HD MID 7316R tablet (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad\n A15 tablet (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX\n OVCD current threshold (git-fixes).\n\n - ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper\n EZpad 7 tablet (git-fixes).\n\n - ASoC: max98373: Added 30ms turn on/off time delay\n (git-fixes).\n\n - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off\n by a factor of 10 (git-fixes).\n\n - ASoC: rt5651: Fix dac- and adc- vol-tlv values being off\n by a factor of 10 (git-fixes).\n\n - ASoC: rt5670: Add emulated 'DAC1 Playback Switch'\n control (git-fixes).\n\n - ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from\n Sto1 ADC mixer settings (git-fixes).\n\n - ASoC: rt5670: Remove 'HP Playback Switch' control\n (git-fixes).\n\n - ASoC: rt5670: Remove 'OUT Channel Switch' control\n (git-fixes).\n\n - ASoC: sgtl5000: set DAP_AVC_CTRL register to correct\n default value on probe (git-fixes).\n\n - ASoC: simple-card-utils: Do not handle device clock\n (git-fixes).\n\n - ASoC: sunxi: sun4i-codec: fill ASoC card owner\n (git-fixes).\n\n - ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled\n for some chips (git-fixes).\n\n - ath10k: fix wmi mgmt tx queue full due to race condition\n (git-fixes).\n\n - ath10k: hold RCU lock when calling\n ieee80211_find_sta_by_ifaddr() (git-fixes).\n\n - ath9k: fix transmitting to stations in dynamic SMPS mode\n (git-fixes).\n\n - atl1c: fix error return code in atl1c_probe()\n (git-fixes).\n\n - atl1e: fix error return code in atl1e_probe()\n (git-fixes).\n\n - batman-adv: initialize 'struct\n batadv_tvlv_tt_vlan_data'->reserved field (git-fixes).\n\n - binfmt_misc: fix possible deadlock in bm_register_write\n (git-fixes).\n\n - binfmt_misc: fix possible deadlock in bm_register_write\n (git-fixes).\n\n -\n blktrace-annotate-required-lock-on-do_blk_trace_setu.pat\n ch: (bsc#1171295).\n\n -\n blktrace-Avoid-sparse-warnings-when-assigning-q-blk_.pat\n ch: (bsc#1171295).\n\n -\n blktrace-break-out-of-blktrace-setup-on-concurrent-c.pat\n ch: (bsc#1171295).\n\n -\n block-clarify-context-for-refcount-increment-helpers.pat\n ch: (bsc#1171295).\n\n - block: rsxx: fix error return code of rsxx_pci_probe()\n (git-fixes).\n\n - Bluetooth: Fix NULL pointer dereference in\n amp_read_loc_assoc_final_data (git-fixes).\n\n - Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY\n for btrtl (git-fixes).\n\n - bnxt_en: reliably allocate IRQ table on reset to avoid\n crash (jsc#SLE-8371 bsc#1153274).\n\n - bpf: Add sanity check for upper ptr_limit (bsc#1183686\n bsc#1183775).\n\n - bpf: Avoid warning when re-casting __bpf_call_base into\n __bpf_call_base_args (bsc#1155518).\n\n - bpf: Declare __bpf_free_used_maps() unconditionally\n (bsc#1155518).\n\n - bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp\n programs (bsc#1155518).\n\n - bpf: Fix 32 bit src register truncation on div/mod\n (bsc#1184170).\n\n - bpf_lru_list: Read double-checked variable once without\n lock (bsc#1155518).\n\n - bpf: Remove MTU check in __bpf_skb_max_len\n (bsc#1155518).\n\n - bpf: Simplify alu_limit masking for pointer arithmetic\n (bsc#1183686 bsc#1183775).\n\n - bpf,x64: Pad NOPs to make images converge more easily\n (bsc#1178163).\n\n - brcmfmac: Add DMI nvram filename quirk for Predia Basic\n tablet (git-fixes).\n\n - brcmfmac: Add DMI nvram filename quirk for Voyo winpad\n A15 tablet (git-fixes).\n\n - brcmfmac: clear EAP/association status bits on linkdown\n events (git-fixes).\n\n - btrfs: abort the transaction if we fail to inc ref in\n btrfs_copy_root (bsc#1184217).\n\n - btrfs: always pin deleted leaves when there are active\n tree mod log users (bsc#1184224).\n\n - btrfs: fix exhaustion of the system chunk array due to\n concurrent allocations (bsc#1183386).\n\n - btrfs: fix extent buffer leak on failure to copy root\n (bsc#1184218).\n\n - btrfs: fix race when cloning extent buffer during rewind\n of an old root (bsc#1184193).\n\n - btrfs: fix stale data exposure after cloning a hole with\n NO_HOLES enabled (bsc#1184220).\n\n - btrfs: fix subvolume/snapshot deletion not triggered on\n mount (bsc#1184219).\n\n - bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD\n (git-fixes).\n\n - bus: ti-sysc: Fix warning on unbind if reset is not\n deasserted (git-fixes).\n\n - can: c_can: move runtime PM enable/disable to\n c_can_platform (git-fixes).\n\n - can: c_can_pci: c_can_pci_remove(): fix use-after-free\n (git-fixes).\n\n - can: flexcan: assert FRZ bit in flexcan_chip_freeze()\n (git-fixes).\n\n - can: flexcan: enable RX FIFO after FRZ/HALT valid\n (git-fixes).\n\n - can: flexcan: flexcan_chip_freeze(): fix chip freeze for\n missing bitrate (git-fixes).\n\n - can: flexcan: invoke flexcan_chip_freeze() to enter\n freeze mode (git-fixes).\n\n - can: m_can: m_can_do_rx_poll(): fix extraneous msg loss\n warning (git-fixes).\n\n - can: peak_usb: add forgotten supported devices\n (git-fixes).\n\n - can: peak_usb: Revert 'can: peak_usb: add forgotten\n supported devices' (git-fixes).\n\n - can: skb: can_skb_set_owner(): fix ref counting if\n socket was closed before setting skb ownership\n (git-fixes).\n\n - cdc-acm: fix BREAK rx code path adding necessary calls\n (git-fixes).\n\n - certs: Fix blacklist flag type confusion (git-fixes).\n\n - cifs: change noisy error message to FYI (bsc#1181507).\n\n - cifs: check pointer before freeing (bsc#1183534).\n\n - cifs_debug: use %pd instead of messing with ->d_name\n (bsc#1181507).\n\n - cifs: do not send close in compound create+close\n requests (bsc#1181507).\n\n - cifs: New optype for session operations (bsc#1181507).\n\n - cifs: print MIDs in decimal notation (bsc#1181507).\n\n - cifs: return proper error code in statfs(2)\n (bsc#1181507).\n\n - cifs: Tracepoints and logs for tracing credit changes\n (bsc#1181507).\n\n - clk: fix invalid usage of list cursor in register\n (git-fixes).\n\n - clk: fix invalid usage of list cursor in unregister\n (git-fixes).\n\n - clk: socfpga: fix iomem pointer cast on 64-bit\n (git-fixes).\n\n - completion: Drop init_completion define (git-fixes).\n\n - configfs: fix a use-after-free in __configfs_open_file\n (git-fixes).\n\n - config: net: freescale: change xgmac-mdio to built-in\n References: bsc#1183015,bsc#1182595\n\n - crypto: aesni - prevent misaligned buffers on the stack\n (git-fixes).\n\n - crypto: arm64/sha - add missing module aliases\n (git-fixes).\n\n - crypto: bcm - Rename struct device_private to\n bcm_device_private (git-fixes).\n\n - crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires\n the manager (git-fixes).\n\n - crypto: tcrypt - avoid signed overflow in byte count\n (git-fixes).\n\n - Delete\n patches.suse/sched-Reenable-interrupts-in-do_sched_yield\n .patch (bsc#1183530) \n\n - drivers/misc/vmw_vmci: restrict too big queue size in\n qp_host_alloc_queue (git-fixes).\n\n - drivers: video: fbcon: fix NULL dereference in\n fbcon_cursor() (git-fixes).\n\n - drm/amd/display: Guard against NULL pointer deref when\n get_i2c_info fails (git-fixes).\n\n - drm/amdgpu: Add check to prevent IH overflow\n (git-fixes).\n\n - drm/amdgpu: check alignment on CPU page for bo map\n (git-fixes).\n\n - drm/amdgpu: fix offset calculation in\n amdgpu_vm_bo_clear_mappings() (git-fixes).\n\n - drm/amdgpu: fix parameter error of RREG32_PCIE() in\n amdgpu_regs_pcie (git-fixes).\n\n - drm/amdkfd: Put ACPI table after using it (bsc#1152489)\n Backporting notes: 	* context changes\n\n - drm/amd/powerplay: fix spelling mistake\n 'smu_state_memroy_block' -> (bsc#1152489) Backporting\n notes: 	* rename amd/pm to amd/powerplay 	*\n context changes\n\n - drm/compat: Clear bounce structures (git-fixes).\n\n - drm/hisilicon: Fix use-after-free (git-fixes).\n\n - drm/i915: Fix invalid access to ACPI _DSM objects\n (bsc#1184074).\n\n - drm/i915: Reject 446-480MHz HDMI clock on GLK\n (git-fixes).\n\n - drm/mediatek: Fix aal size config (bsc#1152489) \n\n - drm: meson_drv add shutdown function (git-fixes).\n\n - drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL\n register (git-fixes).\n\n - drm/msm/adreno: a5xx_power: Do not apply A540 lm_setup\n to other GPUs (git-fixes).\n\n - drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY)\n (git-fixes).\n\n - drm/msm: Fix races managing the OOB state for timestamp\n vs (bsc#1152489) \n\n - drm/msm: fix shutdown hook in case GPU components failed\n to bind (git-fixes).\n\n - drm/msm: Fix use-after-free in msm_gem with carveout\n (bsc#1152489) \n\n - drm/msm: Fix WARN_ON() splat in _free_object()\n (bsc#1152489) \n\n - drm/msm/gem: Add obj->lock wrappers (bsc#1152489) \n\n - drm/msm: Ratelimit invalid-fence message (git-fixes).\n\n - drm/msm: Set drvdata to NULL when msm_drm_init() fails\n (git-fixes).\n\n - drm/nouveau: bail out of nouveau_channel_new if channel\n init fails (bsc#1152489) \n\n - drm/nouveau/kms: handle mDP connectors (git-fixes).\n\n - drm/panfrost: Do not corrupt the queue mutex on\n open/close (bsc#1152472) \n\n - drm/panfrost: Fix job timeout handling (bsc#1152472) \n\n - drm/panfrost: Remove unused variables in\n panfrost_job_close() (bsc#1152472)\n\n - drm/radeon: fix AGP dependency (git-fixes).\n\n - drm: rcar-du: Fix crash when using LVDS1 clock for CRTC\n (bsc#1152489) \n\n - drm/sched: Cancel and flush all outstanding jobs before\n finish (git-fixes).\n\n - drm/sun4i: tcon: fix inverted DCLK polarity\n (bsc#1152489) \n\n - drm/tegra: sor: Grab runtime PM reference across reset\n (git-fixes).\n\n - drm/vc4: hdmi: Restore cec physical address on reconnect\n (bsc#1152472) \n\n - efi: use 32-bit alignment for efi_guid_t literals\n (git-fixes).\n\n - enetc: Fix reporting of h/w packet counters (git-fixes).\n\n - epoll: check for events when removing a timed out thread\n from the wait queue (git-fixes).\n\n - ethernet: alx: fix order of calls on resume (git-fixes).\n\n - exec: Move would_dump into flush_old_exec (git-fixes).\n\n - exfat: add missing MODULE_ALIAS_FS() (bsc#1182989).\n\n - exfat: add the dummy mount options to be backward\n compatible with staging/exfat (bsc#1182989).\n\n - extcon: Add stubs for extcon_register_notifier_all()\n functions (git-fixes).\n\n - extcon: Fix error handling in extcon_dev_register\n (git-fixes).\n\n - fbdev: aty: SPARC64 requires FB_ATY_CT (git-fixes).\n\n - firmware/efi: Fix a use after bug in\n efi_mem_reserve_persistent (git-fixes).\n\n - flow_dissector: fix byteorder of dissected ICMP ID\n (bsc#1154353).\n\n - fsl/fman: check dereferencing NULL pointer (git-fixes).\n\n - fsl/fman: fix dereference null return value (git-fixes).\n\n - fsl/fman: fix eth hash table allocation (git-fixes).\n\n - fsl/fman: fix unreachable code (git-fixes).\n\n - fsl/fman: use 32-bit unsigned integer (git-fixes).\n\n - fuse: fix bad inode (bsc#1184211).\n\n - fuse: fix live lock in fuse_iget() (bsc#1184211).\n\n - fuse: verify write return (git-fixes).\n\n - gcc-plugins: drop support for GCC <= 4.7 (bcs#1181862).\n\n - gcc-plugins: make it possible to disable\n CONFIG_GCC_PLUGINS again (bcs#1181862).\n\n - gcc-plugins: simplify GCC plugin-dev capability test\n (bsc#1181862).\n\n - gianfar: Account for Tx PTP timestamp in the skb\n headroom (git-fixes).\n\n - gianfar: Fix TX timestamping with a stacked DSA driver\n (git-fixes).\n\n - gianfar: Handle error code at MAC address change\n (git-fixes).\n\n - gianfar: Replace skb_realloc_headroom with skb_cow_head\n for PTP (git-fixes).\n\n - Goodix Fingerprint device is not a modem (git-fixes).\n\n - gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes).\n\n - gpio: pca953x: Set IRQ type when handle Intel Galileo\n Gen 2 (git-fixes).\n\n - gpio: zynq: fix reference leak in zynq_gpio functions\n (git-fixes).\n\n - HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for\n ITE8568 EC on Voyo Winpad A15 (git-fixes).\n\n - HID: mf: add support for 0079:1846 Mayflash/Dragonrise\n USB Gamecube Adapter (git-fixes).\n\n - HSI: Fix PM usage counter unbalance in ssi_hw_init\n (git-fixes).\n\n - hwmon: (ina3221) Fix PM usage counter unbalance in\n ina3221_write_enable (git-fixes).\n\n - i2c: rcar: faster irq code to minimize HW race condition\n (git-fixes).\n\n - i2c: rcar: optimize cacheline to minimize HW race\n condition (git-fixes).\n\n - i40e: Fix parameters in aq_get_phy_register()\n (jsc#SLE-8025).\n\n - i40e: Fix sparse error: 'vsi->netdev' could be null\n (jsc#SLE-8025).\n\n - iavf: Fix incorrect adapter get in iavf_resume\n (git-fixes).\n\n - iavf: use generic power management (git-fixes).\n\n - ibmvnic: add comments for spinlock_t definitions\n (bsc#1183871 ltc#192139).\n\n - ibmvnic: always store valid MAC address (bsc#1182011\n ltc#191844).\n\n - ibmvnic: avoid multiple line dereference (bsc#1183871\n ltc#192139).\n\n - ibmvnic: fix block comments (bsc#1183871 ltc#192139).\n\n - ibmvnic: fix braces (bsc#1183871 ltc#192139).\n\n - ibmvnic: fix miscellaneous checks (bsc#1183871\n ltc#192139).\n\n - ibmvnic: Fix possibly uninitialized old_num_tx_queues\n variable warning (jsc#SLE-17268).\n\n - ibmvnic: merge do_change_param_reset into do_reset\n (bsc#1183871 ltc#192139).\n\n - ibmvnic: prefer strscpy over strlcpy (bsc#1183871\n ltc#192139).\n\n - ibmvnic: prefer 'unsigned long' over 'unsigned long int'\n (bsc#1183871 ltc#192139).\n\n - ibmvnic: remove excessive irqsave (bsc#1182485\n ltc#191591).\n\n - ibmvnic: remove unnecessary rmb() inside ibmvnic_poll\n (bsc#1183871 ltc#192139).\n\n - ibmvnic: remove unused spinlock_t stats_lock definition\n (bsc#1183871 ltc#192139).\n\n - ibmvnic: rework to ensure SCRQ entry reads are properly\n ordered (bsc#1183871 ltc#192139).\n\n - ibmvnic: simplify reset_long_term_buff function\n (bsc#1183023 ltc#191791).\n\n - ibmvnic: substitute mb() with dma_wmb() for send_*crq*\n functions (bsc#1183023 ltc#191791).\n\n - ice: fix memory leak if register_netdev_fails\n (git-fixes).\n\n - ice: fix memory leak in ice_vsi_setup (git-fixes).\n\n - ice: Fix state bits on LLDP mode switch (jsc#SLE-7926).\n\n - ice: remove DCBNL_DEVRESET bit from PF state\n (jsc#SLE-7926).\n\n - ice: renegotiate link after FW DCB on (jsc#SLE-8464).\n\n - ice: report correct max number of TCs (jsc#SLE-7926).\n\n - ice: update the number of available RSS queues\n (jsc#SLE-7926).\n\n - igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634).\n\n - iio: adc: ad7949: fix wrong ADC result due to incorrect\n bit mask (git-fixes).\n\n - iio:adc:qcom-spmi-vadc: add default scale to\n LR_MUX2_BAT_ID channel (git-fixes).\n\n - iio: adis16400: Fix an error code in\n adis16400_initial_setup() (git-fixes).\n\n - iio: gyro: mpu3050: Fix error handling in\n mpu3050_trigger_handler (git-fixes).\n\n - iio: hid-sensor-humidity: Fix alignment issue of\n timestamp channel (git-fixes).\n\n - iio: hid-sensor-prox: Fix scale not correct issue\n (git-fixes).\n\n - iio: hid-sensor-temperature: Fix issues of timestamp\n channel (git-fixes).\n\n - include/linux/sched/mm.h: use rcu_dereference in\n in_vfork() (git-fixes).\n\n - Input: applespi - do not wait for responses to commands\n indefinitely (git-fixes).\n\n - Input: elantech - fix protocol errors for some\n trackpoints in SMBus mode (git-fixes).\n\n - Input: i8042 - add ASUS Zenbook Flip to noselftest list\n (git-fixes).\n\n - Input: raydium_ts_i2c - do not send zero length\n (git-fixes).\n\n - Input: xpad - add support for PowerA Enhanced Wired\n Controller for Xbox Series X|S (git-fixes).\n\n - iommu/amd: Fix sleeping in atomic in\n increase_address_space() (bsc#1183277).\n\n - iommu/intel: Fix memleak in intel_irq_remapping_alloc\n (bsc#1183278).\n\n - iommu/qcom: add missing put_device() call in\n qcom_iommu_of_xlate() (bsc#1183637).\n\n - iommu/vt-d: Add get_domain_info() helper (bsc#1183279).\n\n - iommu/vt-d: Avoid panic if iommu init fails in tboot\n system (bsc#1183280).\n\n - iommu/vt-d: Correctly check addr alignment in\n qi_flush_dev_iotlb_pasid() (bsc#1183281).\n\n - iommu/vt-d: Do not use flush-queue when caching-mode is\n on (bsc#1183282).\n\n - iommu/vt-d: Fix general protection fault in\n aux_detach_device() (bsc#1183283).\n\n - iommu/vt-d: Fix ineffective devTLB invalidation for\n subdevices (bsc#1183284).\n\n - iommu/vt-d: Fix unaligned addresses for\n intel_flush_svm_range_dev() (bsc#1183285).\n\n - iommu/vt-d: Move intel_iommu info from struct intel_svm\n to struct intel_svm_dev (bsc#1183286).\n\n - ionic: linearize tso skb with too many frags\n (bsc#1167773).\n\n - kABI: powerpc/pmem: Include pmem prototypes (bsc#1113295\n git-fixes).\n\n - kbuild: add dummy toolchains to enable all cc-option\n etc. in Kconfig (bcs#1181862).\n\n - kbuild: change *FLAGS_<basetarget>.o to take the path\n relative to $(obj) (bcs#1181862).\n\n - kbuild: dummy-tools, fix inverted tests for gcc\n (bcs#1181862).\n\n - kbuild: dummy-tools, support MPROFILE_KERNEL checks for\n ppc (bsc#1181862).\n\n - kbuild: Fail if gold linker is detected (bcs#1181862).\n\n - kbuild: improve cc-option to clean up all temporary\n files (bsc#1178330).\n\n - kbuild: include scripts/Makefile.* only when relevant\n CONFIG is enabled (bcs#1181862).\n\n - kbuild: simplify GCC_PLUGINS enablement in\n dummy-tools/gcc (bcs#1181862).\n\n - kbuild: stop filtering out $(GCC_PLUGINS_CFLAGS) from\n cc-option base (bcs#1181862).\n\n - kbuild: use -S instead of -E for precise cc-option test\n in Kconfig (bsc#1178330).\n\n - kconfig: introduce m32-flag and m64-flag (bcs#1181862).\n\n - KVM: nVMX: Properly handle userspace interrupt window\n request (bsc#1183427).\n\n - KVM: SVM: Clear the CR4 register on reset (bsc#1183252).\n\n - KVM: x86: Add helpers to perform CPUID-based guest\n vendor check (bsc#1183445). \n\n - KVM: x86: Add RIP to the kvm_entry, i.e. VM-Enter,\n tracepoint Needed as a dependency of 0b40723a827 ('kvm:\n tracing: Fix unmatched kvm_entry and kvm_exit events',\n bsc#1182770).\n\n - KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if\n tsx=off (bsc#1183287).\n\n - KVM: x86: do not reset microcode version on INIT or\n RESET (bsc#1183412).\n\n - KVM x86: Extend AMD specific guest behavior to Hygon\n virtual CPUs (bsc#1183447).\n\n - KVM: x86: list MSR_IA32_UCODE_REV as an emulated MSR\n (bsc#1183369).\n\n - KVM: x86: Return -E2BIG when KVM_GET_SUPPORTED_CPUID\n hits max entries (bsc#1183428).\n\n - KVM: x86: Set so called 'reserved CR3 bits in LM mask'\n at vCPU reset (bsc#1183288).\n\n - libbpf: Clear map_info before each\n bpf_obj_get_info_by_fd (bsc#1155518).\n\n - libbpf: Fix BTF dump of pointer-to-array-of-struct\n (bsc#1155518).\n\n - libbpf: Fix INSTALL flag order (bsc#1155518).\n\n - libbpf: Use SOCK_CLOEXEC when opening the netlink socket\n (bsc#1155518).\n\n - lib/syscall: fix syscall registers retrieval on 32-bit\n platforms (git-fixes).\n\n - locking/mutex: Fix non debug version of\n mutex_lock_io_nested() (git-fixes).\n\n -\n loop-be-paranoid-on-exit-and-prevent-new-additions-r.pat\n ch: (bsc#1171295).\n\n - mac80211: choose first enabled channel for monitor\n (git-fixes).\n\n - mac80211: fix double free in ibss_leave (git-fixes).\n\n - mac80211: fix rate mask reset (git-fixes).\n\n - mac80211: fix TXQ AC confusion (git-fixes).\n\n - mdio: fix mdio-thunder.c dependency & build error\n (git-fixes).\n\n - media: cros-ec-cec: do not bail on device_init_wakeup\n failure (git-fixes).\n\n - media: cx23885: add more quirks for reset DMA on some\n AMD IOMMU (git-fixes).\n\n - media: mceusb: Fix potential out-of-bounds shift\n (git-fixes).\n\n - media: mceusb: sanity check for prescaler value\n (git-fixes).\n\n - media: rc: compile rc-cec.c into rc-core (git-fixes).\n\n - media: usbtv: Fix deadlock on suspend (git-fixes).\n\n - media: uvcvideo: Allow entities with no pads\n (git-fixes).\n\n - media: v4l2-ctrls.c: fix shift-out-of-bounds in\n std_validate (git-fixes).\n\n - media: v4l: vsp1: Fix bru NULL pointer access\n (git-fixes).\n\n - media: v4l: vsp1: Fix uif NULL pointer access\n (git-fixes).\n\n - media: vicodec: add missing v4l2_ctrl_request_hdl_put()\n (git-fixes).\n\n - misc: eeprom_93xx46: Add quirk to support Microchip\n 93LC46B eeprom (git-fixes).\n\n - misc: fastrpc: restrict user apps from sending kernel\n RPC messages (git-fixes).\n\n - misc/pvpanic: Export module FDT device table\n (git-fixes).\n\n - misc: rtsx: init of rts522a add OCP power off when no\n card is present (git-fixes).\n\n - mISDN: fix crash in fritzpci (git-fixes).\n\n - mmc: core: Fix partition switch time for eMMC\n (git-fixes).\n\n - mmc: cqhci: Fix random crash when remove mmc module/card\n (git-fixes).\n\n - mmc: mxs-mmc: Fix a resource leak in an error handling\n path in 'mxs_mmc_probe()' (git-fixes).\n\n - mmc: sdhci-esdhc-imx: fix kernel panic when remove\n module (git-fixes).\n\n - mmc: sdhci-of-dwcmshc: set\n SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes).\n\n - mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB\n page (git-fixes).\n\n - mm, numa: fix bad pmd by atomically check for\n pmd_trans_huge when marking page tables prot_numa\n (bsc#1168777).\n\n - mount: fix mounting of detached mounts onto targets that\n reside on shared mounts (git-fixes).\n\n - mt76: dma: do not report truncated frames to mac80211\n (git-fixes).\n\n - mwifiex: pcie: skip cancel_work_sync() on reset failure\n path (git-fixes).\n\n - net: arc_emac: Fix memleak in arc_mdio_probe\n (git-fixes).\n\n - net: atheros: switch from 'pci_' to 'dma_' API\n (git-fixes).\n\n - net: b44: fix error return code in b44_init_one()\n (git-fixes).\n\n - net: bonding: fix error return code of bond_neigh_init()\n (bsc#1154353).\n\n - net: cdc-phonet: fix data-interface release on probe\n failure (git-fixes).\n\n - net: core: introduce __netdev_notify_peers (bsc#1183871\n ltc#192139).\n\n - netdevsim: init u64 stats for 32bit hardware\n (git-fixes).\n\n - net: dsa: rtl8366: Fix VLAN semantics (git-fixes).\n\n - net: dsa: rtl8366: Fix VLAN set-up (git-fixes).\n\n - net: dsa: rtl8366rb: Support all 4096 VLANs (git-fixes).\n\n - net: enic: Cure the enic api locking trainwreck\n (git-fixes).\n\n - net: ethernet: aquantia: Fix wrong return value\n (git-fixes).\n\n - net: ethernet: cavium: octeon_mgmt: use phy_start and\n phy_stop (git-fixes).\n\n - net: ethernet: ibm: ibmvnic: Fix some kernel-doc\n misdemeanours (bsc#1183871 ltc#192139).\n\n - net: ethernet: ti: cpsw: fix clean up of vlan mc entries\n for host port (git-fixes).\n\n - net: ethernet: ti: cpsw: fix error return code in\n cpsw_probe() (git-fixes).\n\n - net: fec: Fix phy_device lookup for\n phy_reset_after_clk_enable() (git-fixes).\n\n - net: fec: Fix PHY init after\n phy_reset_after_clk_enable() (git-fixes).\n\n - net: fec: Fix reference count leak in fec series ops\n (git-fixes).\n\n - net: gemini: Fix another missing clk_disable_unprepare()\n in probe (git-fixes).\n\n - net: gemini: Fix missing free_netdev() in error path of\n gemini_ethernet_port_probe() (git-fixes).\n\n - net: gianfar: Add of_node_put() before goto statement\n (git-fixes).\n\n - net: hdlc: In hdlc_rcv, check to make sure dev is an\n HDLC device (git-fixes).\n\n - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag\n after calling ether_setup (git-fixes).\n\n - net: hns3: Remove the left over redundant check &\n assignment (bsc#1154353).\n\n - net: korina: cast KSEG0 address to pointer in kfree\n (git-fixes).\n\n - net: korina: fix kfree of rx/tx descriptor array\n (git-fixes).\n\n - net: lantiq: Wait for the GPHY firmware to be ready\n (git-fixes).\n\n - net/mlx5: Disable devlink reload for lag devices\n (jsc#SLE-8464).\n\n - net/mlx5: Disable devlink reload for multi port slave\n device (jsc#SLE-8464).\n\n - net/mlx5: Disallow RoCE on lag device (jsc#SLE-8464).\n\n - net/mlx5: Disallow RoCE on multi port slave device\n (jsc#SLE-8464).\n\n - net/mlx5e: E-switch, Fix rate calculation division\n (jsc#SLE-8464).\n\n - net/mlx5e: E-switch, Fix rate calculation for overflow\n (jsc#SLE-8464).\n\n - net/mlx5: Fix PPLM register mapping (jsc#SLE-8464).\n\n - net: mvneta: fix double free of txq->buf (git-fixes).\n\n - net: mvneta: make tx buffer array agnostic (git-fixes).\n\n - net: pasemi: fix error return code in pasemi_mac_open()\n (git-fixes).\n\n - net: phy: broadcom: Only advertise EEE for supported\n modes (git-fixes).\n\n - net: qcom/emac: add missed clk_disable_unprepare in\n error path of emac_clks_phase1_init (git-fixes).\n\n - net: qualcomm: rmnet: Fix incorrect receive packet\n handling during cleanup (git-fixes).\n\n - net: sched: disable TCQ_F_NOLOCK for pfifo_fast\n (bsc#1183405)\n\n - netsec: restore phy power state after controller reset\n (bsc#1183757).\n\n - net: spider_net: Fix the size used in a\n 'dma_free_coherent()' call (git-fixes).\n\n - net: stmmac: Fix incorrect location to set\n real_num_rx|tx_queues (git-fixes).\n\n - net: stmmac: removed enabling eee in EEE set callback\n (git-fixes).\n\n - net: stmmac: use netif_tx_start|stop_all_queues()\n function (git-fixes).\n\n - net: stmmac: Use rtnl_lock/unlock on\n netif_set_real_num_rx_queues() call (git-fixes).\n\n - net: usb: ax88179_178a: fix missing stop entry in\n driver_info (git-fixes).\n\n - net: usb: qmi_wwan: allow qmimux add/del with master up\n (git-fixes).\n\n - net: usb: qmi_wwan: support ZTE P685M modem (git-fixes).\n\n - net: wan/lmc: unregister device when no matching device\n is found (git-fixes).\n\n - nfp: flower: fix pre_tun mask id allocation\n (bsc#1154353).\n\n - nvme: allocate the keep alive request using\n BLK_MQ_REQ_NOWAIT (bsc#1182077).\n\n - nvme-fabrics: fix kato initialization (bsc#1182591).\n\n - nvme-fabrics: only reserve a single tag (bsc#1182077).\n\n - nvme-fc: fix racing controller reset and create\n association (bsc#1183048).\n\n - nvme-hwmon: Return error code when registration fails\n (bsc#1177326).\n\n - nvme: merge nvme_keep_alive into nvme_keep_alive_work\n (bsc#1182077).\n\n - nvme: return an error if nvme_set_queue_count() fails\n (bsc#1180197).\n\n - nvmet-rdma: Fix list_del corruption on queue\n establishment failure (bsc#1183501).\n\n - objtool: Fix '.cold' section suffix check for newer\n versions of GCC (bsc#1169514).\n\n - objtool: Fix error handling for STD/CLD warnings\n (bsc#1169514).\n\n - objtool: Fix retpoline detection in asm code\n (bsc#1169514).\n\n - ovl: fix dentry leak in ovl_get_redirect (bsc#1184176).\n\n - ovl: fix out of date comment and unreachable code\n (bsc#1184176).\n\n - ovl: fix regression with re-formatted lower squashfs\n (bsc#1184176).\n\n - ovl: fix unneeded call to ovl_change_flags()\n (bsc#1184176).\n\n - ovl: fix value of i_ino for lower hardlink corner case\n (bsc#1184176).\n\n - ovl: initialize error in ovl_copy_xattr (bsc#1184176).\n\n - ovl: relax WARN_ON() when decoding lower directory file\n handle (bsc#1184176).\n\n - PCI: Add a REBAR size quirk for Sapphire RX 5600 XT\n Pulse (git-fixes).\n\n - PCI: Add function 1 DMA alias quirk for Marvell 9215\n SATA controller (git-fixes).\n\n - PCI: Align checking of syscall user config accessors\n (git-fixes).\n\n - PCI: Decline to resize resources if boot config must be\n preserved (git-fixes).\n\n - PCI: Fix pci_register_io_range() memory leak\n (git-fixes).\n\n - PCI: mediatek: Add missing of_node_put() to fix\n reference leak (git-fixes).\n\n - PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064\n (git-fixes).\n\n - PCI: xgene-msi: Fix race in installing chained irq\n handler (git-fixes).\n\n - pinctrl: rockchip: fix restore error in resume\n (git-fixes).\n\n - Platform: OLPC: Fix probe error handling (git-fixes).\n\n - platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for\n the Aspire Switch 10E SW3-016 (git-fixes).\n\n - platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE\n capability flag (git-fixes).\n\n - platform/x86: acer-wmi: Add new force_caps module\n parameter (git-fixes).\n\n - platform/x86: acer-wmi: Add support for SW_TABLET_MODE\n on Switch devices (git-fixes).\n\n - platform/x86: acer-wmi: Cleanup accelerometer device\n handling (git-fixes).\n\n - platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines\n (git-fixes).\n\n - platform/x86: intel-hid: Support Lenovo ThinkPad X1\n Tablet Gen 2 (git-fixes).\n\n - platform/x86: intel-vbtn: Stop reporting SW_DOCK events\n (git-fixes).\n\n - platform/x86: thinkpad_acpi: Allow the FnLock LED to\n change state (git-fixes).\n\n - PM: EM: postpone creating the debugfs dir till\n fs_initcall (git-fixes).\n\n - PM: runtime: Add pm_runtime_resume_and_get to deal with\n usage counter (bsc#1183366).\n\n - PM: runtime: Fix ordering in pm_runtime_get_suppliers()\n (git-fixes).\n\n - PM: runtime: Fix race getting/putting suppliers at probe\n (git-fixes).\n\n - post.sh: Return an error when module update fails\n (bsc#1047233 bsc#1184388).\n\n - powerpc/64s: Fix instruction encoding for lis in\n ppc_function_entry() (bsc#1065729).\n\n - powerpc/book3s64/radix: Remove WARN_ON in\n destroy_context() (bsc#1183692 ltc#191963).\n\n - powerpc/pmem: Include pmem prototypes (bsc#1113295\n git-fixes).\n\n - powerpc/pseries/mobility: handle premature return from\n H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662\n ltc#191922).\n\n - powerpc/pseries/mobility: use struct for shared state\n (bsc#1181674 ltc#189159 git-fixes bsc#1183662\n ltc#191922).\n\n - powerpc/pseries/ras: Remove unused variable 'status'\n (bsc#1065729).\n\n - powerpc/sstep: Check instruction validity against ISA\n version before emulation (bsc#1156395).\n\n - powerpc/sstep: Fix darn emulation (bsc#1156395).\n\n - powerpc/sstep: Fix incorrect return from analyze_instr()\n (bsc#1156395).\n\n - powerpc/sstep: Fix load-store and update emulation\n (bsc#1156395).\n\n - printk: fix deadlock when kernel panic (bsc#1183018).\n\n - proc: fix lookup in /proc/net subdirectories after\n setns(2) (git-fixes).\n\n - pwm: rockchip: rockchip_pwm_probe(): Remove superfluous\n clk_unprepare() (git-fixes).\n\n - qlcnic: fix error return code in\n qlcnic_83xx_restart_hw() (git-fixes).\n\n - qxl: Fix uninitialised struct field head.surface_id\n (git-fixes).\n\n - random: fix the RNDRESEEDCRNG ioctl (git-fixes).\n\n - RAS/CEC: Correct ce_add_elem()'s returned values\n (bsc#1152489).\n\n - RDMA/hns: Disable RQ inline by default (jsc#SLE-8449).\n\n - RDMA/hns: Fix type of sq_signal_bits (jsc#SLE-8449).\n\n - RDMA/srp: Fix support for unpopulated and unbalanced\n NUMA nodes (bsc#1169709)\n\n - regulator: bd9571mwv: Fix AVS and DVFS voltage range\n (git-fixes).\n\n - Revert 'net: bonding: fix error return code of\n bond_neigh_init()' (bsc#1154353).\n\n - rpadlpar: fix potential drc_name corruption in store\n functions (bsc#1183416 ltc#191079).\n\n - rpm/check-for-config-changes: add -mrecord-mcount ignore\n Added by 3b15cdc15956 (tracing: move function tracer\n options to Kconfig) upstream.\n\n - rpm/check-for-config-changes: Also ignore AS_VERSION\n added in 5.12.\n\n - rpm/check-for-config-changes: comment on the list To\n explain what it actually is.\n\n - rpm/check-for-config-changes: declare sed args as an\n array So that we can reuse it in both seds. This also\n introduces IGNORED_CONFIGS_RE array which can be easily\n extended.\n\n - rpm/check-for-config-changes: define ignores more\n strictly * search for whole words, so make wildcards\n explicit * use ' for quoting * prepend CONFIG_\n dynamically, so it need not be in the list\n\n - rpm/check-for-config-changes: sort the ignores They are\n growing so to make them searchable by humans.\n\n - rpm/kernel-binary.spec.in: Fix dependency of\n kernel-*-devel package (bsc#1184514) The devel package\n requires the kernel binary package itself for building\n modules externally.\n\n - rsi: Fix TX EAPOL packet handling against iwlwifi AP\n (git-fixes).\n\n - rsi: Move card interrupt handling to RX thread\n (git-fixes).\n\n - rsxx: Return -EFAULT if copy_to_user() fails\n (git-fixes).\n\n - s390/cio: return -EFAULT if copy_to_user() fails\n (git-fixes).\n\n - s390/cio: return -EFAULT if copy_to_user() fails\n (git-fixes).\n\n - s390/crypto: return -EFAULT if copy_to_user() fails\n (git-fixes).\n\n - s390/dasd: fix hanging IO request during DASD driver\n unbind (git-fixes).\n\n - s390/qeth: fix memory leak after failed TX Buffer\n allocation (git-fixes).\n\n - s390/qeth: fix notification for pending buffers during\n teardown (git-fixes).\n\n - s390/qeth: improve completion of pending TX buffers\n (git-fixes).\n\n - s390/qeth: schedule TX NAPI on QAOB completion\n (git-fixes).\n\n - s390/vtime: fix increased steal time accounting\n (bsc#1183859).\n\n - samples, bpf: Add missing munmap in xdpsock\n (bsc#1155518).\n\n - scsi: ibmvfc: Fix invalid state machine BUG_ON()\n (bsc#1184647 ltc#191231).\n\n - scsi: lpfc: Change wording of invalid pci reset log\n message (bsc#1182574).\n\n - scsi: lpfc: Correct function header comments related to\n ndlp reference counting (bsc#1182574).\n\n - scsi: lpfc: Fix ADISC handling that never frees nodes\n (bsc#1182574).\n\n - scsi: lpfc: Fix crash caused by switch reboot\n (bsc#1182574).\n\n - scsi: lpfc: Fix dropped FLOGI during pt2pt discovery\n recovery (bsc#1182574).\n\n - scsi: lpfc: Fix FLOGI failure due to accessing a freed\n node (bsc#1182574).\n\n - scsi: lpfc: Fix incorrect dbde assignment when building\n target abts wqe (bsc#1182574).\n\n - scsi: lpfc: Fix lpfc_els_retry() possible NULL pointer\n dereference (bsc#1182574).\n\n - scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574).\n\n - scsi: lpfc: Fix NULL pointer dereference in\n lpfc_prep_els_iocb() (bsc#1182574).\n\n - scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN\n (bsc#1182574).\n\n - scsi: lpfc: Fix pt2pt connection does not recover after\n LOGO (bsc#1182574).\n\n - scsi: lpfc: Fix pt2pt state transition causing rmmod\n hang (bsc#1182574).\n\n - scsi: lpfc: Fix reftag generation sizing errors\n (bsc#1182574).\n\n - scsi: lpfc: Fix stale node accesses on stale RRQ request\n (bsc#1182574).\n\n - scsi: lpfc: Fix status returned in lpfc_els_retry()\n error exit path (bsc#1182574).\n\n - scsi: lpfc: Fix unnecessary null check in\n lpfc_release_scsi_buf (bsc#1182574).\n\n - scsi: lpfc: Fix use after free in lpfc_els_free_iocb\n (bsc#1182574).\n\n - scsi: lpfc: Fix vport indices in\n lpfc_find_vport_by_vpid() (bsc#1182574).\n\n - scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports\n (bsc#1182574).\n\n - scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8\n changes (bsc#1182574).\n\n - scsi: lpfc: Update lpfc version to 12.8.0.8\n (bsc#1182574).\n\n - scsi: target: pscsi: Avoid OOM in pscsi_map_sg()\n (bsc#1183843).\n\n - scsi: target: pscsi: Clean up after failure in\n pscsi_map_sg() (bsc#1183843).\n\n - selftests/bpf: Mask bpf_csum_diff() return value to 16\n bits in test_verifier (bsc#1155518).\n\n - selftests/bpf: No need to drop the packet when there is\n no geneve opt (bsc#1155518).\n\n - selftests/bpf: Set gopt opt_class to 0 if get tunnel opt\n failed (bsc#1155518).\n\n - selinux: fix error initialization in\n inode_doinit_with_dentry() (git-fixes).\n\n - selinux: Fix error return code in sel_ib_pkey_sid_slow()\n (git-fixes).\n\n - selinux: fix inode_doinit_with_dentry() LABEL_INVALID\n error handling (git-fixes).\n\n - smb3: add dynamic trace point to trace when credits\n obtained (bsc#1181507).\n\n - smb3: fix crediting for compounding when only one\n request in flight (bsc#1181507).\n\n - smb3: Fix out-of-bounds bug in SMB2_negotiate()\n (bsc#1183540).\n\n - soc/fsl: qbman: fix conflicting alignment attributes\n (git-fixes).\n\n - software node: Fix node registration (git-fixes).\n\n - spi: stm32: make spurious and overrun interrupts visible\n (git-fixes).\n\n - squashfs: fix inode lookup sanity checks (bsc#1183750).\n\n - squashfs: fix xattr id and id lookup sanity checks\n (bsc#1183750).\n\n - stop_machine: mark helpers __always_inline (git-fixes).\n\n - thermal/core: Add NULL pointer check before using\n cooling device stats (git-fixes).\n\n - udlfb: Fix memory leak in dlfb_usb_probe (git-fixes).\n\n - Update bug reference for USB-audio fixes (bsc#1182552\n bsc#1183598)\n\n - USB: cdc-acm: downgrade message to debug (git-fixes).\n\n - USB: cdc-acm: fix double free on probe failure\n (git-fixes).\n\n - USB: cdc-acm: fix use-after-free after probe failure\n (git-fixes).\n\n - USB: cdc-acm: untangle a circular dependency between\n callback and softint (git-fixes).\n\n - USB: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960\n board (git-fixes).\n\n - USB: dwc2: Prevent core suspend when port connection\n flag is 0 (git-fixes).\n\n - USB: dwc3: gadget: Fix dep->interval for fullspeed\n interrupt (git-fixes).\n\n - USB: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1\n (git-fixes).\n\n - USB: dwc3: qcom: Add missing DWC3 OF node refcount\n decrement (git-fixes).\n\n - USB: dwc3: qcom: Honor wakeup enabled/disabled state\n (git-fixes).\n\n - USB: gadget: configfs: Fix KASAN use-after-free\n (git-fixes).\n\n - USB: gadget: f_uac1: stop playback on function disable\n (git-fixes).\n\n - USB: gadget: f_uac2: always increase endpoint\n max_packet_size by one audio slot (git-fixes).\n\n - USB: gadget: udc: amd5536udc_pci fix\n null-ptr-dereference (git-fixes).\n\n - USB: gadget: u_ether: Fix a configfs return code\n (git-fixes).\n\n - USBip: Fix incorrect double assignment to udc->ud.tcp_rx\n (git-fixes).\n\n - USBip: fix stub_dev to check for stream socket\n (git-fixes).\n\n - USBip: fix stub_dev usbip_sockfd_store() races leading\n to gpf (git-fixes).\n\n - USBip: fix vhci_hcd attach_store() races leading to gpf\n (git-fixes).\n\n - USBip: fix vhci_hcd to check for stream socket\n (git-fixes).\n\n - USBip: fix vudc to check for stream socket (git-fixes).\n\n - USBip: fix vudc usbip_sockfd_store races leading to gpf\n (git-fixes).\n\n - USBip: tools: fix build error for multiple definition\n (git-fixes).\n\n - USBip: vhci_hcd fix shift out-of-bounds in\n vhci_hub_control() (git-fixes).\n\n - USB: musb: Fix suspend with devices connected for a64\n (git-fixes).\n\n - USB: quirks: ignore remote wake-up on Fibocom L850-GL\n LTE modem (git-fixes).\n\n - USB: renesas_usbhs: Clear PIPECFG for re-enabling pipe\n with other EPNUM (git-fixes).\n\n - USB: replace hardcode maximum usb string length by\n definition (git-fixes).\n\n - USB: serial: ch341: add new Product ID (git-fixes).\n\n - USB: serial: cp210x: add ID for Acuity Brands nLight Air\n Adapter (git-fixes).\n\n - USB: serial: cp210x: add some more GE USB IDs\n (git-fixes).\n\n - USB: serial: ftdi_sio: fix FTX sub-integer prescaler\n (git-fixes).\n\n - USB: serial: io_edgeport: fix memory leak in\n edge_startup (git-fixes).\n\n - USB-storage: Add quirk to defeat Kindle's automatic\n unload (git-fixes).\n\n - USB: typec: tcpm: Invoke power_supply_changed for\n tcpm-source-psy- (git-fixes).\n\n - USB: usblp: fix a hang in poll() if disconnected\n (git-fixes).\n\n - USB: xhci: do not perform Soft Retry for some xHCI hosts\n (git-fixes).\n\n - USB: xhci: Fix ASMedia ASM1042A and ASM3242 DMA\n addressing (git-fixes).\n\n - USB: xhci-mtk: fix broken streams issue on 0.96 xHCI\n (git-fixes).\n\n - use __netdev_notify_peers in ibmvnic (bsc#1183871\n ltc#192139).\n\n - video: fbdev: acornfb: remove free_unused_pages()\n (bsc#1152489)\n\n - video: hyperv_fb: Fix a double free in hvfb_probe\n (git-fixes).\n\n - VMCI: Use set_page_dirty_lock() when unregistering guest\n memory (git-fixes).\n\n - vt/consolemap: do font sum unsigned (git-fixes).\n\n - watchdog: mei_wdt: request stop on unregister\n (git-fixes).\n\n - wireguard: device: do not generate ICMP for non-IP\n packets (git-fixes).\n\n - wireguard: kconfig: use arm chacha even with no neon\n (git-fixes).\n\n - wireguard: selftests: test multiple parallel streams\n (git-fixes).\n\n - wlcore: Fix command execute failure 19 for wl12xx\n (git-fixes).\n\n - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task\n (bsc#1152489).\n\n - x86: Introduce TS_COMPAT_RESTART to fix\n get_nr_restart_syscall() (bsc#1152489).\n\n - x86/ioapic: Ignore IRQ2 again (bsc#1152489).\n\n - x86/mem_encrypt: Correct physical address calculation in\n __set_clr_pte_enc() (bsc#1152489).\n\n - xen/events: avoid handling the same event on two cpus at\n the same time (git-fixes).\n\n - xen/events: do not unmask an event channel when an eoi\n is pending (git-fixes).\n\n - xen/events: fix setting irq affinity (bsc#1184583).\n\n - xen/events: reset affinity of 2-level event when tearing\n it down (git-fixes).\n\n - xen/gnttab: handle p2m update errors on a per-slot basis\n (bsc#1183022 XSA-367).\n\n - xen-netback: respect gnttab_map_refs()'s return value\n (bsc#1183022 XSA-367).\n\n - xfs: group quota should return EDQUOT when prj quota\n enabled (bsc#1180980).\n\n - xhci: Fix repeated xhci wake after suspend due to\n uncleared internal wake state (git-fixes).\n\n - xhci: Improve detection of device initiated wake signal\n (git-fixes).\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1047233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113295\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152489\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153274\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1155518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1156256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1156395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1159280\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1160634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1167773\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1168777\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171295\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177326\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1180197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1180980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181383\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181862\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182011\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182552\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182574\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182591\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182595\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182989\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183015\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183277\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183280\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183282\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183283\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183284\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183287\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183288\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183366\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183530\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183696\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183757\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183859\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184196\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184217\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184218\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184219\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184220\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184224\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184391\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184647\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cluster-md-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cluster-md-kmp-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cluster-md-kmp-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dlm-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dlm-kmp-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dlm-kmp-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gfs2-kmp-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gfs2-kmp-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt_debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt_debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt_debug-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt_debug-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ocfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ocfs2-kmp-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ocfs2-kmp-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:reiserfs-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:reiserfs-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:reiserfs-kmp-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:reiserfs-kmp-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"cluster-md-kmp-rt-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"cluster-md-kmp-rt-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"cluster-md-kmp-rt_debug-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"cluster-md-kmp-rt_debug-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"dlm-kmp-rt-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"dlm-kmp-rt-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"dlm-kmp-rt_debug-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"dlm-kmp-rt_debug-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"gfs2-kmp-rt-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"gfs2-kmp-rt-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"gfs2-kmp-rt_debug-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"gfs2-kmp-rt_debug-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-devel-rt-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt-debugsource-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt-devel-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt-devel-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt-extra-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt-extra-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt_debug-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt_debug-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt_debug-debugsource-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt_debug-devel-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt_debug-devel-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt_debug-extra-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt_debug-extra-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-source-rt-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-syms-rt-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kselftests-kmp-rt-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kselftests-kmp-rt-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kselftests-kmp-rt_debug-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kselftests-kmp-rt_debug-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ocfs2-kmp-rt-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ocfs2-kmp-rt-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ocfs2-kmp-rt_debug-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ocfs2-kmp-rt_debug-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"reiserfs-kmp-rt-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"reiserfs-kmp-rt-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"reiserfs-kmp-rt_debug-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"reiserfs-kmp-rt_debug-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cluster-md-kmp-rt / cluster-md-kmp-rt-debuginfo / dlm-kmp-rt / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-18T14:40:30", "description": "The SUSE Linux Enterprise 15 SP2 kernel RT was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170).\n\nCVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485).\n\nCVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167).\n\nCVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168).\n\nCVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198).\n\nCVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ).\n\nCVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193).\n\nCVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).\n\nCVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ).\n\nCVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not prevent user applications from sending kernel RPC messages (bsc#1183596).\n\nCVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022).\n\nCVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715).\n\nCVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717).\n\nCVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716).\n\nCVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696).\n\nCVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454).\n\nCVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775).\n\nCVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686).\n\nCVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire function (bsc#1159280 ).\n\nCVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in aa_audit_rule_init() (bsc#1156256).\n\nCVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181).\n\nCVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511).\n\nCVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391).\n\nCVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120).\n\nCVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393).\n\nCVE-2020-36310: Fixed infinite loop for certain nested page faults (bsc#1184512).\n\nCVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509 ).\n\nCVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop continually was finding the same bad inode (bsc#1184194).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-04-16T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1211-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18814", "CVE-2019-19769", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-25673", "CVE-2020-27170", "CVE-2020-27171", "CVE-2020-27815", "CVE-2020-35519", "CVE-2020-36310", "CVE-2020-36311", "CVE-2020-36312", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-28038", "CVE-2021-28375", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972", "CVE-2021-29154", "CVE-2021-29264", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-30002", "CVE-2021-3428", "CVE-2021-3444", "CVE-2021-3483"], "modified": "2021-04-20T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt", "p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt-devel", "p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-1211-1.NASL", "href": "https://www.tenable.com/plugins/nessus/148698", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:1211-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(148698);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/20\");\n\n script_cve_id(\"CVE-2019-18814\", \"CVE-2019-19769\", \"CVE-2020-25670\", \"CVE-2020-25671\", \"CVE-2020-25672\", \"CVE-2020-25673\", \"CVE-2020-27170\", \"CVE-2020-27171\", \"CVE-2020-27815\", \"CVE-2020-35519\", \"CVE-2020-36310\", \"CVE-2020-36311\", \"CVE-2020-36312\", \"CVE-2021-27363\", \"CVE-2021-27364\", \"CVE-2021-27365\", \"CVE-2021-28038\", \"CVE-2021-28375\", \"CVE-2021-28660\", \"CVE-2021-28688\", \"CVE-2021-28950\", \"CVE-2021-28964\", \"CVE-2021-28971\", \"CVE-2021-28972\", \"CVE-2021-29154\", \"CVE-2021-29264\", \"CVE-2021-29265\", \"CVE-2021-29647\", \"CVE-2021-30002\", \"CVE-2021-3428\", \"CVE-2021-3444\", \"CVE-2021-3483\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1211-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 15 SP2 kernel RT was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3444: Fixed an issue with the bpf verifier which did not\nproperly handle mod32 destination register truncation when the source\nregister was known to be 0 leading to out of bounds read\n(bsc#1184170).\n\nCVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent\n(bsc#1173485).\n\nCVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have\nallowed attackers to obtain sensitive information from kernel memory\nbecause of a partially uninitialized data structure (bsc#1184192 ).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have\nallowed attackers to cause a denial of service due to race conditions\nduring an update of the local and shared status (bsc#1184167).\n\nCVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet\ndriver which could have allowed attackers to cause a system crash due\nto a calculation of negative fragment size (bsc#1184168).\n\nCVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a\nnew device name to the driver from userspace, allowing userspace to\nwrite data to the kernel stack frame directly (bsc#1184198).\n\nCVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could\nhave caused a system crash because the PEBS status in a PEBS record\nwas mishandled (bsc#1184196 ).\n\nCVE-2021-28964: Fixed a race condition in get_old_root which could\nhave allowed attackers to cause a denial of service (bsc#1184193).\n\nCVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).\n\nCVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan\n(bsc#1183593 ).\n\nCVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did\nnot prevent user applications from sending kernel RPC messages\n(bsc#1183596).\n\nCVE-2021-28038: Fixed an issue with the netback driver which was\nlacking necessary treatment of errors such as failed memory\nallocations (bsc#1183022).\n\nCVE-2021-27365: Fixed an issue where an unprivileged user can send a\nNetlink message that is associated with iSCSI, and has a length up to\nthe maximum length of a Netlink message (bsc#1182715).\n\nCVE-2021-27364: Fixed an issue where an attacker could craft Netlink\nmessages (bsc#1182717).\n\nCVE-2021-27363: Fixed a kernel pointer leak which could have been used\nto determine the address of the iscsi_transport structure\n(bsc#1182716).\n\nCVE-2020-35519: Fixed an out-of-bounds memory access was found in\nx25_bind (bsc#1183696).\n\nCVE-2020-27815: Fixed an issue in JFS filesystem where could have\nallowed an attacker to execute code (bsc#1179454).\n\nCVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds\nspeculation on pointer arithmetic, leading to side-channel attacks\nthat defeat Spectre mitigations and obtain sensitive information from\nkernel memory (bsc#1183775).\n\nCVE-2020-27170: Fixed potential side-channel attacks that defeat\nSpectre mitigations and obtain sensitive information from kernel\nmemory (bsc#1183686).\n\nCVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire\nfunction (bsc#1159280 ).\n\nCVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in\naa_audit_rule_init() (bsc#1156256).\n\nCVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed\nmultiple bugs in NFC subsytem (bsc#1178181).\n\nCVE-2020-36311: Fixed a denial of service (soft lockup) by triggering\ndestruction of a large SEV VM (bsc#1184511).\n\nCVE-2021-29154: Fixed incorrect computation of branch displacements,\nallowing arbitrary code execution (bsc#1184391).\n\nCVE-2021-30002: Fixed a memory leak for large arguments in\nvideo_usercopy (bsc#1184120).\n\nCVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393).\n\nCVE-2020-36310: Fixed infinite loop for certain nested page faults\n(bsc#1184512).\n\nCVE-2020-36312: Fixed a memory leak upon a kmalloc failure\n(bsc#1184509 ).\n\nCVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop\ncontinually was finding the same bad inode (bsc#1184194).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113295\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152489\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153274\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159280\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167773\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168777\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171295\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177326\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181383\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181862\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182011\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182552\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182574\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182591\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182595\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182989\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183015\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183277\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183280\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183282\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183283\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183284\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183287\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183288\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183366\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183530\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183696\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183757\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183859\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184196\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184217\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184218\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184219\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184220\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184224\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184391\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-18814/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19769/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25670/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25671/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25672/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25673/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27170/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27171/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27815/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-35519/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-36310/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-36311/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-36312/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-27363/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-27364/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-27365/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28038/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28375/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28660/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28688/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28950/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28964/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28971/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28972/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-29154/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-29264/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-29265/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-29647/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-30002/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-3428/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-3444/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-3483/\"\n );\n # https://www.suse.com/support/update/announcement/2021/suse-su-20211211-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3f6d73a2\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Realtime 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-RT-15-SP2-2021-1211=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-debuginfo-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-debuginfo-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-debuginfo-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-debugsource-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-devel-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-devel-debuginfo-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debuginfo-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debugsource-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-debuginfo-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-syms-rt-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-debuginfo-5.3.18-33.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-18T14:41:00", "description": "The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170).\n\nCVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485).\n\nCVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167).\n\nCVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168).\n\nCVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198).\n\nCVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ).\n\nCVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193).\n\nCVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).\n\nCVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ).\n\nCVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022).\n\nCVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715).\n\nCVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717).\n\nCVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716).\n\nCVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747).\n\nCVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753).\n\nCVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843).\n\nCVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696).\n\nCVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access (bsc#1179660, bsc#1179428).\n\nCVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454).\n\nCVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775).\n\nCVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686).\n\nCVE-2020-0433: Fixed a use after free due to improper locking which could have led to local escalation of privilege (bsc#1176720).\n\nCVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393).\n\nCVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120).\n\nCVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391).\n\nCVE-2021-20219: Fixed a denial of service in n_tty_receive_char_special (bsc#1184397).\n\nCVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511).\n\nCVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-04-16T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1210-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0433", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-25673", "CVE-2020-27170", "CVE-2020-27171", "CVE-2020-27815", "CVE-2020-29368", "CVE-2020-29374", "CVE-2020-35519", "CVE-2020-36311", "CVE-2021-20219", "CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-28038", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972", "CVE-2021-29154", "CVE-2021-29264", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-30002", "CVE-2021-3428", "CVE-2021-3444", "CVE-2021-3483"], "modified": "2021-04-20T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-1210-1.NASL", "href": "https://www.tenable.com/plugins/nessus/148700", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:1210-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(148700);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/20\");\n\n script_cve_id(\"CVE-2020-0433\", \"CVE-2020-25670\", \"CVE-2020-25671\", \"CVE-2020-25672\", \"CVE-2020-25673\", \"CVE-2020-27170\", \"CVE-2020-27171\", \"CVE-2020-27815\", \"CVE-2020-29368\", \"CVE-2020-29374\", \"CVE-2020-35519\", \"CVE-2020-36311\", \"CVE-2021-20219\", \"CVE-2021-26930\", \"CVE-2021-26931\", \"CVE-2021-26932\", \"CVE-2021-27363\", \"CVE-2021-27364\", \"CVE-2021-27365\", \"CVE-2021-28038\", \"CVE-2021-28660\", \"CVE-2021-28688\", \"CVE-2021-28964\", \"CVE-2021-28971\", \"CVE-2021-28972\", \"CVE-2021-29154\", \"CVE-2021-29264\", \"CVE-2021-29265\", \"CVE-2021-29647\", \"CVE-2021-30002\", \"CVE-2021-3428\", \"CVE-2021-3444\", \"CVE-2021-3483\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1210-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3444: Fixed an issue with the bpf verifier which did not\nproperly handle mod32 destination register truncation when the source\nregister was known to be 0 leading to out of bounds read\n(bsc#1184170).\n\nCVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent\n(bsc#1173485).\n\nCVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have\nallowed attackers to obtain sensitive information from kernel memory\nbecause of a partially uninitialized data structure (bsc#1184192 ).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have\nallowed attackers to cause a denial of service due to race conditions\nduring an update of the local and shared status (bsc#1184167).\n\nCVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet\ndriver which could have allowed attackers to cause a system crash due\nto a calculation of negative fragment size (bsc#1184168).\n\nCVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a\nnew device name to the driver from userspace, allowing userspace to\nwrite data to the kernel stack frame directly (bsc#1184198).\n\nCVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could\nhave caused a system crash because the PEBS status in a PEBS record\nwas mishandled (bsc#1184196 ).\n\nCVE-2021-28964: Fixed a race condition in get_old_root which could\nhave allowed attackers to cause a denial of service (bsc#1184193).\n\nCVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).\n\nCVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan\n(bsc#1183593 ).\n\nCVE-2021-28038: Fixed an issue with the netback driver which was\nlacking necessary treatment of errors such as failed memory\nallocations (bsc#1183022).\n\nCVE-2021-27365: Fixed an issue where an unprivileged user can send a\nNetlink message that is associated with iSCSI, and has a length up to\nthe maximum length of a Netlink message (bsc#1182715).\n\nCVE-2021-27364: Fixed an issue where an attacker could craft Netlink\nmessages (bsc#1182717).\n\nCVE-2021-27363: Fixed a kernel pointer leak which could have been used\nto determine the address of the iscsi_transport structure\n(bsc#1182716).\n\nCVE-2021-26932: Fixed improper error handling issues in Linux grant\nmapping (XSA-361 bsc#1181747).\n\nCVE-2021-26931: Fixed an issue where Linux kernel was treating grant\nmapping errors as bugs (XSA-362 bsc#1181753).\n\nCVE-2021-26930: Fixed an improper error handling in blkback's grant\nmapping (XSA-365 bsc#1181843).\n\nCVE-2020-35519: Fixed an out-of-bounds memory access was found in\nx25_bind (bsc#1183696).\n\nCVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write\nimplementation which could have granted unintended write access\n(bsc#1179660, bsc#1179428).\n\nCVE-2020-27815: Fixed an issue in JFS filesystem where could have\nallowed an attacker to execute code (bsc#1179454).\n\nCVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds\nspeculation on pointer arithmetic, leading to side-channel attacks\nthat defeat Spectre mitigations and obtain sensitive information from\nkernel memory (bsc#1183775).\n\nCVE-2020-27170: Fixed potential side-channel attacks that defeat\nSpectre mitigations and obtain sensitive information from kernel\nmemory (bsc#1183686).\n\nCVE-2020-0433: Fixed a use after free due to improper locking which\ncould have led to local escalation of privilege (bsc#1176720).\n\nCVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393).\n\nCVE-2021-30002: Fixed a memory leak for large arguments in\nvideo_usercopy (bsc#1184120).\n\nCVE-2021-29154: Fixed incorrect computation of branch displacements,\nallowing arbitrary code execution (bsc#1184391).\n\nCVE-2021-20219: Fixed a denial of service in\nn_tty_receive_char_special (bsc#1184397).\n\nCVE-2020-36311: Fixed a denial of service (soft lockup) by triggering\ndestruction of a large SEV VM (bsc#1184511).\n\nCVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed\nmultiple bugs in NFC subsytem (bsc#1178181).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103991\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104270\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111981\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113295\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119113\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172455\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175165\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176720\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181515\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181747\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182011\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182574\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183379\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183696\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184114\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184196\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184391\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184397\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184494\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-0433/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25670/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25671/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25672/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25673/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27170/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27171/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27815/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-29368/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-29374/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-35519/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-36311/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-20219/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-26930/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-26931/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-26932/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-27363/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-27364/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-27365/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28038/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28660/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28688/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28964/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28971/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28972/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-29154/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-29264/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-29265/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-29647/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-30002/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-3428/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-3444/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-3483/\"\n );\n # https://www.suse.com/support/update/announcement/2021/suse-su-20211210-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?07418a12\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP5 :\n\nzypper in -t patch SUSE-SLE-WE-12-SP5-2021-1210=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1210=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1210=1\n\nSUSE Linux Enterprise Live Patching 12-SP5 :\n\nzypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-1210=1\n\nSUSE Linux Enterprise High Availability 12-SP5 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP5-2021-1210=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-122.66.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-122.66.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-4.12.14-122.66.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-base-4.12.14-122.66.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-base-debuginfo-4.12.14-122.66.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-debuginfo-4.12.14-122.66.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-debugsource-4.12.14-122.66.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-devel-4.12.14-122.66.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-syms-4.12.14-122.66.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-18T14:41:00", "description": "The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170).\n\nCVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485).\n\nCVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167).\n\nCVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168).\n\nCVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198).\n\nCVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ).\n\nCVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193).\n\nCVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).\n\nCVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ).\n\nCVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not prevent user applications from sending kernel RPC messages (bsc#1183596).\n\nCVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022).\n\nCVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715).\n\nCVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717).\n\nCVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716).\n\nCVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696).\n\nCVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454).\n\nCVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775).\n\nCVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686).\n\nCVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire function (bsc#1159280 ).\n\nCVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in aa_audit_rule_init() (bsc#1156256).\n\nCVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393).\n\nCVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120).\n\nCVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391).\n\nCVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop continually was finding the same bad inode (bsc#1184194).\n\nCVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509 ).\n\nCVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511).\n\nCVE-2020-36310: Fixed infinite loop for certain nested page faults (bsc#1184512).\n\nCVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181).\n\nCVE-2020-36322: Fixed an issue was discovered in FUSE filesystem implementation which could have caused a system crash (bsc#1184211).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-04-19T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:1238-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18814", "CVE-2019-19769", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-25673", "CVE-2020-27170", "CVE-2020-27171", "CVE-2020-27815", "CVE-2020-35519", "CVE-2020-36310", "CVE-2020-36311", "CVE-2020-36312", "CVE-2020-36322", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-28038", "CVE-2021-28375", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972", "CVE-2021-29154", "CVE-2021-29264", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-30002", "CVE-2021-3428", "CVE-2021-3444", "CVE-2021-3483"], "modified": "2021-04-21T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-preempt", "p-cpe:/a:novell:suse_linux:kernel-preempt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-preempt-debugsource", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-1238-1.NASL", "href": "https://www.tenable.com/plugins/nessus/148747", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:1238-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(148747);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/21\");\n\n script_cve_id(\"CVE-2019-18814\", \"CVE-2019-19769\", \"CVE-2020-25670\", \"CVE-2020-25671\", \"CVE-2020-25672\", \"CVE-2020-25673\", \"CVE-2020-27170\", \"CVE-2020-27171\", \"CVE-2020-27815\", \"CVE-2020-35519\", \"CVE-2020-36310\", \"CVE-2020-36311\", \"CVE-2020-36312\", \"CVE-2020-36322\", \"CVE-2021-27363\", \"CVE-2021-27364\", \"CVE-2021-27365\", \"CVE-2021-28038\", \"CVE-2021-28375\", \"CVE-2021-28660\", \"CVE-2021-28688\", \"CVE-2021-28950\", \"CVE-2021-28964\", \"CVE-2021-28971\", \"CVE-2021-28972\", \"CVE-2021-29154\", \"CVE-2021-29264\", \"CVE-2021-29265\", \"CVE-2021-29647\", \"CVE-2021-30002\", \"CVE-2021-3428\", \"CVE-2021-3444\", \"CVE-2021-3483\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:1238-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3444: Fixed an issue with the bpf verifier which did not\nproperly handle mod32 destination register truncation when the source\nregister was known to be 0 leading to out of bounds read\n(bsc#1184170).\n\nCVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent\n(bsc#1173485).\n\nCVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have\nallowed attackers to obtain sensitive information from kernel memory\nbecause of a partially uninitialized data structure (bsc#1184192 ).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have\nallowed attackers to cause a denial of service due to race conditions\nduring an update of the local and shared status (bsc#1184167).\n\nCVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet\ndriver which could have allowed attackers to cause a system crash due\nto a calculation of negative fragment size (bsc#1184168).\n\nCVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a\nnew device name to the driver from userspace, allowing userspace to\nwrite data to the kernel stack frame directly (bsc#1184198).\n\nCVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could\nhave caused a system crash because the PEBS status in a PEBS record\nwas mishandled (bsc#1184196 ).\n\nCVE-2021-28964: Fixed a race condition in get_old_root which could\nhave allowed attackers to cause a denial of service (bsc#1184193).\n\nCVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).\n\nCVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan\n(bsc#1183593 ).\n\nCVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did\nnot prevent user applications from sending kernel RPC messages\n(bsc#1183596).\n\nCVE-2021-28038: Fixed an issue with the netback driver which was\nlacking necessary treatment of errors such as failed memory\nallocations (bsc#1183022).\n\nCVE-2021-27365: Fixed an issue where an unprivileged user can send a\nNetlink message that is associated with iSCSI, and has a length up to\nthe maximum length of a Netlink message (bsc#1182715).\n\nCVE-2021-27364: Fixed an issue where an attacker could craft Netlink\nmessages (bsc#1182717).\n\nCVE-2021-27363: Fixed a kernel pointer leak which could have been used\nto determine the address of the iscsi_transport structure\n(bsc#1182716).\n\nCVE-2020-35519: Fixed an out-of-bounds memory access was found in\nx25_bind (bsc#1183696).\n\nCVE-2020-27815: Fixed an issue in JFS filesystem where could have\nallowed an attacker to execute code (bsc#1179454).\n\nCVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds\nspeculation on pointer arithmetic, leading to side-channel attacks\nthat defeat Spectre mitigations and obtain sensitive information from\nkernel memory (bsc#1183775).\n\nCVE-2020-27170: Fixed potential side-channel attacks that defeat\nSpectre mitigations and obtain sensitive information from kernel\nmemory (bsc#1183686).\n\nCVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire\nfunction (bsc#1159280 ).\n\nCVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in\naa_audit_rule_init() (bsc#1156256).\n\nCVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393).\n\nCVE-2021-30002: Fixed a memory leak for large arguments in\nvideo_usercopy (bsc#1184120).\n\nCVE-2021-29154: Fixed incorrect computation of branch displacements,\nallowing arbitrary code execution (bsc#1184391).\n\nCVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop\ncontinually was finding the same bad inode (bsc#1184194).\n\nCVE-2020-36312: Fixed a memory leak upon a kmalloc failure\n(bsc#1184509 ).\n\nCVE-2020-36311: Fixed a denial of service (soft lockup) by triggering\ndestruction of a large SEV VM (bsc#1184511).\n\nCVE-2020-36310: Fixed infinite loop for certain nested page faults\n(bsc#1184512).\n\nCVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed\nmultiple bugs in NFC subsytem (bsc#1178181).\n\nCVE-2020-36322: Fixed an issue was discovered in FUSE filesystem\nimplementation which could have caused a system crash (bsc#1184211).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113295\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152489\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153274\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159280\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167574\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167773\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168777\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171295\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177326\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181383\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181862\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182011\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182552\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182574\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182591\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182595\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182989\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183015\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183277\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183280\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183282\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183283\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183284\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183287\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183288\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183366\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183530\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183696\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183757\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183859\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184196\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184217\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184218\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184219\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184220\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184224\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184391\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-18814/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-19769/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25670/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25671/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25672/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25673/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27170/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27171/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27815/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-35519/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-36310/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-36311/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-36312/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-36322/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-27363/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-27364/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-27365/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28038/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28375/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28660/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28688/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28950/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28964/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28971/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28972/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-29154/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-29264/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-29265/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-29647/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-30002/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-3428/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-3444/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-3483/\"\n );\n # https://www.suse.com/support/update/announcement/2021/suse-su-20211238-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4eff8d90\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE MicroOS 5.0 :\n\nzypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1238=1\n\nSUSE Linux Enterprise Workstation Extension 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-1238=1\n\nSUSE Linux Enterprise Module for Live Patching 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-1238=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2021-1238=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Development-Tools-15-SP2-2021-1238=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1238=1\n\nSUSE Linux Enterprise High Availability 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-1238=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debuginfo-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debugsource-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-debuginfo-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-base-5.3.18-24.61.1.9.26.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-debuginfo-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-debugsource-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-devel-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-devel-debuginfo-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-obs-build-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-obs-build-debugsource-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-syms-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"reiserfs-kmp-default-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"reiserfs-kmp-default-debuginfo-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debuginfo-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debugsource-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-debuginfo-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-base-5.3.18-24.61.1.9.26.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-debuginfo-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-debugsource-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-devel-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-devel-debuginfo-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-obs-build-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-obs-build-debugsource-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-syms-5.3.18-24.61.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-18T14:41:47", "description": "The SUSE Linux Enterprise 15 SP1 LTSS kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509).\n\nCVE-2021-29650: Fixed an issue inside the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208).\n\nCVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations (bnc#1184942).\n\nCVE-2020-36310: Fixed an issue in arch/x86/kvm/svm/svm.c that allowed a set_memory_region_test infinite loop for certain nested page faults (bnc#1184512).\n\nCVE-2020-27673: Fixed an issue in Xen where a guest OS users could have caused a denial of service (host OS hang) via a high rate of events to dom0 (bnc#1177411, bnc#1184583).\n\nCVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bnc#1184391).\n\nCVE-2020-25673: Fixed NFC endless loops caused by repeated llcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind() (bsc#1178181).\n\nCVE-2020-36311: Fixed an issue in arch/x86/kvm/svm/sev.c that allowed attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions) (bnc#1184511).\n\nCVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a 'stall on CPU' could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211).\n\nCVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211).\n\nCVE-2021-30002: Fixed a memory leak issue when a webcam device exists (bnc#1184120).\n\nCVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl() (bsc#1184393).\n\nCVE-2021-20219: Fixed a denial of service vulnerability in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could have delayed the loop and cause a threat to the system availability (bnc#1184397).\n\nCVE-2021-28964: Fixed a race condition in fs/btrfs/ctree.c that could have caused a denial of service because of a lack of locking on an extent buffer before a cloning operation (bnc#1184193).\n\nCVE-2021-3444: Fixed the bpf verifier as it did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution (bnc#1184170).\n\nCVE-2021-28971: Fixed a potential local denial of service in intel_pmu_drain_pebs_nhm where userspace applications can cause a system crash because the PEBS status in a PEBS record is mishandled (bnc#1184196).\n\nCVE-2021-28688: Fixed XSA-365 that includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up.\nThe lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains (bnc#1183646).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store in drivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status (bnc#1184167).\n\nCVE-2021-29264: Fixed an issue in drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver that allowed attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled (bnc#1184168).\n\nCVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c where the RPA PCI Hotplug driver had a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\\0' termination (bnc#1184198).\n\nCVE-2021-29647: Fixed an issue in kernel qrtr_recvmsg in net/qrtr/qrtr.c that allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bnc#1184192).\n\nCVE-2020-27171: Fixed an issue in kernel/bpf/verifier.c that had an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bnc#1183686, bnc#1183775).\n\nCVE-2020-27170: Fixed an issue in kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. This affects pointer types that do not define a ptr_limit (bnc#1183686 bnc#1183775).\n\nCVE-2021-28660: Fixed rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing beyond the end of the ssid array (bnc#1183593).\n\nCVE-2020-35519: Update patch reference for x25 fix (bsc#1183696).\n\nCVE-2021-3428: Fixed ext4 integer overflow in ext4_es_cache_extent (bsc#1173485, bsc#1183509).\n\nCVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where a possible use after free due to improper locking could have happened.\nThis could have led to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176720).\n\nCVE-2021-28038: Fixed an issue with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931 (bnc#1183022, bnc#1183069).\n\nCVE-2020-27815: Fixed jfs array index bounds check in dbAdjTree (bsc#1179454).\n\nCVE-2021-27365: Fixed an issue inside the iSCSI data structures that does not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bnc#1182715).\n\nCVE-2021-27363: Fixed an issue with a kernel pointer leak that could have been used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables (bnc#1182716).\n\nCVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c where an unprivileged user can craft Netlink messages (bnc#1182717).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-05-19T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1624-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0433", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-25673", "CVE-2020-27170", "CVE-2020-27171", "CVE-2020-27673", "CVE-2020-27815", "CVE-2020-35519", "CVE-2020-36310", "CVE-2020-36311", "CVE-2020-36312", "CVE-2020-36322", "CVE-2021-20219", "CVE-2021-26931", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-28038", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972", "CVE-2021-29154", "CVE-2021-29155", "CVE-2021-29264", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-29650", "CVE-2021-30002", "CVE-2021-3428", "CVE-2021-3444", "CVE-2021-3483"], "modified": "2021-05-24T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-1624-1.NASL", "href": "https://www.tenable.com/plugins/nessus/149717", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:1624-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(149717);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/24\");\n\n script_cve_id(\"CVE-2020-0433\", \"CVE-2020-25670\", \"CVE-2020-25671\", \"CVE-2020-25672\", \"CVE-2020-25673\", \"CVE-2020-27170\", \"CVE-2020-27171\", \"CVE-2020-27673\", \"CVE-2020-27815\", \"CVE-2020-35519\", \"CVE-2020-36310\", \"CVE-2020-36311\", \"CVE-2020-36312\", \"CVE-2020-36322\", \"CVE-2021-20219\", \"CVE-2021-26931\", \"CVE-2021-27363\", \"CVE-2021-27364\", \"CVE-2021-27365\", \"CVE-2021-28038\", \"CVE-2021-28660\", \"CVE-2021-28688\", \"CVE-2021-28950\", \"CVE-2021-28964\", \"CVE-2021-28971\", \"CVE-2021-28972\", \"CVE-2021-29154\", \"CVE-2021-29155\", \"CVE-2021-29264\", \"CVE-2021-29265\", \"CVE-2021-29647\", \"CVE-2021-29650\", \"CVE-2021-30002\", \"CVE-2021-3428\", \"CVE-2021-3444\", \"CVE-2021-3483\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1624-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 15 SP1 LTSS kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a\nkvm_io_bus_unregister_dev memory leak upon a kmalloc failure\n(bnc#1184509).\n\nCVE-2021-29650: Fixed an issue inside the netfilter subsystem that\nallowed attackers to cause a denial of service (panic) because\nnet/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a\nfull memory barrier upon the assignment of a new table value\n(bnc#1184208).\n\nCVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that\nperformed undesirable out-of-bounds speculation on pointer arithmetic,\nleading to side-channel attacks that defeat Spectre mitigations and\nobtain sensitive information from kernel memory. Specifically, for\nsequences of pointer arithmetic operations, the pointer modification\nperformed by the first operation is not correctly accounted for when\nrestricting subsequent operations (bnc#1184942).\n\nCVE-2020-36310: Fixed an issue in arch/x86/kvm/svm/svm.c that allowed\na set_memory_region_test infinite loop for certain nested page faults\n(bnc#1184512).\n\nCVE-2020-27673: Fixed an issue in Xen where a guest OS users could\nhave caused a denial of service (host OS hang) via a high rate of\nevents to dom0 (bnc#1177411, bnc#1184583).\n\nCVE-2021-29154: Fixed BPF JIT compilers that allowed to execute\narbitrary code within the kernel context (bnc#1184391).\n\nCVE-2020-25673: Fixed NFC endless loops caused by repeated\nllcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect()\n(bsc#1178181).\n\nCVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect()\n(bsc#1178181).\n\nCVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind()\n(bsc#1178181).\n\nCVE-2020-36311: Fixed an issue in arch/x86/kvm/svm/sev.c that allowed\nattackers to cause a denial of service (soft lockup) by triggering\ndestruction of a large SEV VM (which requires unregistering many\nencrypted regions) (bnc#1184511).\n\nCVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a 'stall on\nCPU' could have occured because a retry loop continually finds the\nsame bad inode (bnc#1184194, bnc#1184211).\n\nCVE-2020-36322: Fixed an issue inside the FUSE filesystem\nimplementation where fuse_do_getattr() calls make_bad_inode() in\ninappropriate situations, could have caused a system crash. NOTE: the\noriginal fix for this vulnerability was incomplete, and its\nincompleteness is tracked as CVE-2021-28950 (bnc#1184211).\n\nCVE-2021-30002: Fixed a memory leak issue when a webcam device exists\n(bnc#1184120).\n\nCVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl()\n(bsc#1184393).\n\nCVE-2021-20219: Fixed a denial of service vulnerability in\ndrivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker\nwith a normal user privilege could have delayed the loop and cause a\nthreat to the system availability (bnc#1184397).\n\nCVE-2021-28964: Fixed a race condition in fs/btrfs/ctree.c that could\nhave caused a denial of service because of a lack of locking on an\nextent buffer before a cloning operation (bnc#1184193).\n\nCVE-2021-3444: Fixed the bpf verifier as it did not properly handle\nmod32 destination register truncation when the source register was\nknown to be 0. A local attacker with the ability to load bpf programs\ncould use this gain out-of-bounds reads in kernel memory leading to\ninformation disclosure (kernel memory), and possibly out-of-bounds\nwrites that could potentially lead to code execution (bnc#1184170).\n\nCVE-2021-28971: Fixed a potential local denial of service in\nintel_pmu_drain_pebs_nhm where userspace applications can cause a\nsystem crash because the PEBS status in a PEBS record is mishandled\n(bnc#1184196).\n\nCVE-2021-28688: Fixed XSA-365 that includes initialization of pointers\nsuch that subsequent cleanup code wouldn't use uninitialized or stale\nvalues. This initialization went too far and may under certain\nconditions also overwrite pointers which are in need of cleaning up.\nThe lack of cleanup would result in leaking persistent grants. The\nleak in turn would prevent fully cleaning up after a respective guest\nhas died, leaving around zombie domains (bnc#1183646).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store in\ndrivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial\nof service (GPF) because the stub-up sequence has race conditions\nduring an update of the local and shared status (bnc#1184167).\n\nCVE-2021-29264: Fixed an issue in\ndrivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar\nEthernet driver that allowed attackers to cause a system crash because\na negative fragment size is calculated in situations involving an rx\nqueue overrun when jumbo packets are used and NAPI is enabled\n(bnc#1184168).\n\nCVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c\nwhere the RPA PCI Hotplug driver had a user-tolerable buffer overflow\nwhen writing a new device name to the driver from userspace, allowing\nuserspace to write data to the kernel stack frame directly. This\noccurs because add_slot_store and remove_slot_store mishandle drc_name\n'\\0' termination (bnc#1184198).\n\nCVE-2021-29647: Fixed an issue in kernel qrtr_recvmsg in\nnet/qrtr/qrtr.c that allowed attackers to obtain sensitive information\nfrom kernel memory because of a partially uninitialized data structure\n(bnc#1184192).\n\nCVE-2020-27171: Fixed an issue in kernel/bpf/verifier.c that had an\noff-by-one error (with a resultant integer underflow) affecting\nout-of-bounds speculation on pointer arithmetic, leading to\nside-channel attacks that defeat Spectre mitigations and obtain\nsensitive information from kernel memory (bnc#1183686, bnc#1183775).\n\nCVE-2020-27170: Fixed an issue in kernel/bpf/verifier.c that performed\nundesirable out-of-bounds speculation on pointer arithmetic, leading\nto side-channel attacks that defeat Spectre mitigations and obtain\nsensitive information from kernel memory. This affects pointer types\nthat do not define a ptr_limit (bnc#1183686 bnc#1183775).\n\nCVE-2021-28660: Fixed rtw_wx_set_scan in\ndrivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing\nbeyond the end of the ssid array (bnc#1183593).\n\nCVE-2020-35519: Update patch reference for x25 fix (bsc#1183696).\n\nCVE-2021-3428: Fixed ext4 integer overflow in ext4_es_cache_extent\n(bsc#1173485, bsc#1183509).\n\nCVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where\na possible use after free due to improper locking could have happened.\nThis could have led to local escalation of privilege with no\nadditional execution privileges needed. User interaction is not needed\nfor exploitation (bnc#1176720).\n\nCVE-2021-28038: Fixed an issue with Xen PV. A certain part of the\nnetback driver lacks necessary treatment of errors such as failed\nmemory allocations (as a result of changes to the handling of grant\nmapping errors). A host OS denial of service may occur during\nmisbehavior of a networking frontend driver. NOTE: this issue exists\nbecause of an incomplete fix for CVE-2021-26931 (bnc#1183022,\nbnc#1183069).\n\nCVE-2020-27815: Fixed jfs array index bounds check in dbAdjTree\n(bsc#1179454).\n\nCVE-2021-27365: Fixed an issue inside the iSCSI data structures that\ndoes not have appropriate length constraints or checks, and can exceed\nthe PAGE_SIZE value. An unprivileged user can send a Netlink message\nthat is associated with iSCSI, and has a length up to the maximum\nlength of a Netlink message (bnc#1182715).\n\nCVE-2021-27363: Fixed an issue with a kernel pointer leak that could\nhave been used to determine the address of the iscsi_transport\nstructure. When an iSCSI transport is registered with the iSCSI\nsubsystem, the transport's handle is available to unprivileged users\nvia the sysfs file system, at\n/sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the\nshow_transport_handle function (in\ndrivers/scsi/scsi_transport_iscsi.c) is called, which leaks the\nhandle. This handle is actually the pointer to an iscsi_transport\nstruct in the kernel module's global variables (bnc#1182716).\n\nCVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c\nwhere an unprivileged user can craft Netlink messages (bnc#1182717).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172455\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176720\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177411\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181960\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182011\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182672\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183696\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184196\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184208\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184391\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184397\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184650\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184942\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185113\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-0433/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25670/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25671/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25672/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25673/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27170/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27171/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27673/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27815/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-35519/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-36310/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-36311/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-36312/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-36322/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-20219/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-27363/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-27364/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-27365/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28038/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28660/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28688/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28950/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28964/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28971/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28972/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-29154/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-29155/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-29264/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-29265/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-29647/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-29650/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-30002/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-3428/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-3444/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-3483/\"\n );\n # https://www.suse.com/support/update/announcement/2021/suse-su-20211624-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?38d85273\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Manager Server 4.0 :\n\nzypper in -t patch\nSUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1624=1\n\nSUSE Manager Retail Branch Server 4.0 :\n\nzypper in -t patch\nSUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1624=1\n\nSUSE Manager Proxy 4.0 :\n\nzypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1624=1\n\nSUSE Linux Enterprise Server for SAP 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1624=1\n\nSUSE Linux Enterprise Server 15-SP1-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1624=1\n\nSUSE Linux Enterprise Server 15-SP1-BCL :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1624=1\n\nSUSE Linux Enterprise Module for Live Patching 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-1624=1\n\nSUSE Linux Enterprise High Performance Computing 15-SP1-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1624=1\n\nSUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1624=1\n\nSUSE Linux Enterprise High Availability 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-1624=1\n\nSUSE Enterprise Storage 6 :\n\nzypper in -t patch SUSE-Storage-6-2021-1624=1\n\nSUSE CaaS Platform 4.0 :\n\nTo install this update, use the SUSE CaaS Platform 'skuba' tool. I\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-debuginfo-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debuginfo-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debugsource-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-debuginfo-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-debugsource-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-syms-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-debuginfo-4.12.14-197.89.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-18T14:42:09", "description": "The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509).\n\nCVE-2021-29650: Fixed an issue inside the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208).\n\nCVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations (bnc#1184942).\n\nCVE-2020-36310: Fixed an issue in arch/x86/kvm/svm/svm.c that allowed a set_memory_region_test infinite loop for certain nested page faults (bnc#1184512).\n\nCVE-2020-27673: Fixed an issue in Xen where a guest OS users could have caused a denial of service (host OS hang) via a high rate of events to dom0 (bnc#1177411, bnc#1184583).\n\nCVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bnc#1184391).\n\nCVE-2020-25673: Fixed NFC endless loops caused by repeated llcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind() (bsc#1178181).\n\nCVE-2020-36311: Fixed an issue in arch/x86/kvm/svm/sev.c that allowed attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions) (bnc#1184511).\n\nCVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a 'stall on CPU' could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211).\n\nCVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211).\n\nCVE-2021-30002: Fixed a memory leak issue when a webcam device exists (bnc#1184120).\n\nCVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl() (bsc#1184393).\n\nCVE-2021-20219: Fixed a denial of service vulnerability in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could have delayed the loop and cause a threat to the system availability (bnc#1184397).\n\nCVE-2021-28964: Fixed a race condition in fs/btrfs/ctree.c that could have caused a denial of service because of a lack of locking on an extent buffer before a cloning operation (bnc#1184193).\n\nCVE-2021-3444: Fixed the bpf verifier as it did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution (bnc#1184170).\n\nCVE-2021-28971: Fixed a potential local denial of service in intel_pmu_drain_pebs_nhm where userspace applications can cause a system crash because the PEBS status in a PEBS record is mishandled (bnc#1184196).\n\nCVE-2021-28688: Fixed XSA-365 that includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up.\nThe lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains (bnc#1183646).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store in drivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status (bnc#1184167).\n\nCVE-2021-29264: Fixed an issue in drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver that allowed attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled (bnc#1184168).\n\nCVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c where the RPA PCI Hotplug driver had a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\\0' termination (bnc#1184198).\n\nCVE-2021-29647: Fixed an issue in kernel qrtr_recvmsg in net/qrtr/qrtr.c that allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bnc#1184192).\n\nCVE-2020-27171: Fixed an issue in kernel/bpf/verifier.c that had an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bnc#1183686, bnc#1183775).\n\nCVE-2020-27170: Fixed an issue in kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. This affects pointer types that do not define a ptr_limit (bnc#1183686 bnc#1183775).\n\nCVE-2021-28660: Fixed rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing beyond the end of the ssid array (bnc#1183593).\n\nCVE-2020-35519: Update patch reference for x25 fix (bsc#1183696).\n\nCVE-2021-3428: Fixed ext4 integer overflow in ext4_es_cache_extent (bsc#1173485, bsc#1183509).\n\nCVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where a possible use after free due to improper locking could have happened.\nThis could have led to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176720).\n\nCVE-2021-28038: Fixed an issue with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931 (bnc#1183022, bnc#1183069).\n\nCVE-2020-27815: Fixed jfs array index bounds check in dbAdjTree (bsc#1179454).\n\nCVE-2021-27365: Fixed an issue inside the iSCSI data structures that does not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bnc#1182715).\n\nCVE-2021-27363: Fixed an issue with a kernel pointer leak that could have been used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables (bnc#1182716).\n\nCVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c where an unprivileged user can craft Netlink messages (bnc#1182717).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-05-14T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1596-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0433", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-25673", "CVE-2020-27170", "CVE-2020-27171", "CVE-2020-27673", "CVE-2020-27815", "CVE-2020-35519", "CVE-2020-36310", "CVE-2020-36311", "CVE-2020-36312", "CVE-2020-36322", "CVE-2021-20219", "CVE-2021-26931", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-28038", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972", "CVE-2021-29154", "CVE-2021-29155", "CVE-2021-29264", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-29650", "CVE-2021-30002", "CVE-2021-3428", "CVE-2021-3444", "CVE-2021-3483"], "modified": "2021-05-18T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-1596-1.NASL", "href": "https://www.tenable.com/plugins/nessus/149491", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:1596-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(149491);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/18\");\n\n script_cve_id(\"CVE-2020-0433\", \"CVE-2020-25670\", \"CVE-2020-25671\", \"CVE-2020-25672\", \"CVE-2020-25673\", \"CVE-2020-27170\", \"CVE-2020-27171\", \"CVE-2020-27673\", \"CVE-2020-27815\", \"CVE-2020-35519\", \"CVE-2020-36310\", \"CVE-2020-36311\", \"CVE-2020-36312\", \"CVE-2020-36322\", \"CVE-2021-20219\", \"CVE-2021-26931\", \"CVE-2021-27363\", \"CVE-2021-27364\", \"CVE-2021-27365\", \"CVE-2021-28038\", \"CVE-2021-28660\", \"CVE-2021-28688\", \"CVE-2021-28950\", \"CVE-2021-28964\", \"CVE-2021-28971\", \"CVE-2021-28972\", \"CVE-2021-29154\", \"CVE-2021-29155\", \"CVE-2021-29264\", \"CVE-2021-29265\", \"CVE-2021-29647\", \"CVE-2021-29650\", \"CVE-2021-30002\", \"CVE-2021-3428\", \"CVE-2021-3444\", \"CVE-2021-3483\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1596-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a\nkvm_io_bus_unregister_dev memory leak upon a kmalloc failure\n(bnc#1184509).\n\nCVE-2021-29650: Fixed an issue inside the netfilter subsystem that\nallowed attackers to cause a denial of service (panic) because\nnet/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a\nfull memory barrier upon the assignment of a new table value\n(bnc#1184208).\n\nCVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that\nperformed undesirable out-of-bounds speculation on pointer arithmetic,\nleading to side-channel attacks that defeat Spectre mitigations and\nobtain sensitive information from kernel memory. Specifically, for\nsequences of pointer arithmetic operations, the pointer modification\nperformed by the first operation is not correctly accounted for when\nrestricting subsequent operations (bnc#1184942).\n\nCVE-2020-36310: Fixed an issue in arch/x86/kvm/svm/svm.c that allowed\na set_memory_region_test infinite loop for certain nested page faults\n(bnc#1184512).\n\nCVE-2020-27673: Fixed an issue in Xen where a guest OS users could\nhave caused a denial of service (host OS hang) via a high rate of\nevents to dom0 (bnc#1177411, bnc#1184583).\n\nCVE-2021-29154: Fixed BPF JIT compilers that allowed to execute\narbitrary code within the kernel context (bnc#1184391).\n\nCVE-2020-25673: Fixed NFC endless loops caused by repeated\nllcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect()\n(bsc#1178181).\n\nCVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect()\n(bsc#1178181).\n\nCVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind()\n(bsc#1178181).\n\nCVE-2020-36311: Fixed an issue in arch/x86/kvm/svm/sev.c that allowed\nattackers to cause a denial of service (soft lockup) by triggering\ndestruction of a large SEV VM (which requires unregistering many\nencrypted regions) (bnc#1184511).\n\nCVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a 'stall on\nCPU' could have occured because a retry loop continually finds the\nsame bad inode (bnc#1184194, bnc#1184211).\n\nCVE-2020-36322: Fixed an issue inside the FUSE filesystem\nimplementation where fuse_do_getattr() calls make_bad_inode() in\ninappropriate situations, could have caused a system crash. NOTE: the\noriginal fix for this vulnerability was incomplete, and its\nincompleteness is tracked as CVE-2021-28950 (bnc#1184211).\n\nCVE-2021-30002: Fixed a memory leak issue when a webcam device exists\n(bnc#1184120).\n\nCVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl()\n(bsc#1184393).\n\nCVE-2021-20219: Fixed a denial of service vulnerability in\ndrivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker\nwith a normal user privilege could have delayed the loop and cause a\nthreat to the system availability (bnc#1184397).\n\nCVE-2021-28964: Fixed a race condition in fs/btrfs/ctree.c that could\nhave caused a denial of service because of a lack of locking on an\nextent buffer before a cloning operation (bnc#1184193).\n\nCVE-2021-3444: Fixed the bpf verifier as it did not properly handle\nmod32 destination register truncation when the source register was\nknown to be 0. A local attacker with the ability to load bpf programs\ncould use this gain out-of-bounds reads in kernel memory leading to\ninformation disclosure (kernel memory), and possibly out-of-bounds\nwrites that could potentially lead to code execution (bnc#1184170).\n\nCVE-2021-28971: Fixed a potential local denial of service in\nintel_pmu_drain_pebs_nhm where userspace applications can cause a\nsystem crash because the PEBS status in a PEBS record is mishandled\n(bnc#1184196).\n\nCVE-2021-28688: Fixed XSA-365 that includes initialization of pointers\nsuch that subsequent cleanup code wouldn't use uninitialized or stale\nvalues. This initialization went too far and may under certain\nconditions also overwrite pointers which are in need of cleaning up.\nThe lack of cleanup would result in leaking persistent grants. The\nleak in turn would prevent fully cleaning up after a respective guest\nhas died, leaving around zombie domains (bnc#1183646).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store in\ndrivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial\nof service (GPF) because the stub-up sequence has race conditions\nduring an update of the local and shared status (bnc#1184167).\n\nCVE-2021-29264: Fixed an issue in\ndrivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar\nEthernet driver that allowed attackers to cause a system crash because\na negative fragment size is calculated in situations involving an rx\nqueue overrun when jumbo packets are used and NAPI is enabled\n(bnc#1184168).\n\nCVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c\nwhere the RPA PCI Hotplug driver had a user-tolerable buffer overflow\nwhen writing a new device name to the driver from userspace, allowing\nuserspace to write data to the kernel stack frame directly. This\noccurs because add_slot_store and remove_slot_store mishandle drc_name\n'\\0' termination (bnc#1184198).\n\nCVE-2021-29647: Fixed an issue in kernel qrtr_recvmsg in\nnet/qrtr/qrtr.c that allowed attackers to obtain sensitive information\nfrom kernel memory because of a partially uninitialized data structure\n(bnc#1184192).\n\nCVE-2020-27171: Fixed an issue in kernel/bpf/verifier.c that had an\noff-by-one error (with a resultant integer underflow) affecting\nout-of-bounds speculation on pointer arithmetic, leading to\nside-channel attacks that defeat Spectre mitigations and obtain\nsensitive information from kernel memory (bnc#1183686, bnc#1183775).\n\nCVE-2020-27170: Fixed an issue in kernel/bpf/verifier.c that performed\nundesirable out-of-bounds speculation on pointer arithmetic, leading\nto side-channel attacks that defeat Spectre mitigations and obtain\nsensitive information from kernel memory. This affects pointer types\nthat do not define a ptr_limit (bnc#1183686 bnc#1183775).\n\nCVE-2021-28660: Fixed rtw_wx_set_scan in\ndrivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing\nbeyond the end of the ssid array (bnc#1183593).\n\nCVE-2020-35519: Update patch reference for x25 fix (bsc#1183696).\n\nCVE-2021-3428: Fixed ext4 integer overflow in ext4_es_cache_extent\n(bsc#1173485, bsc#1183509).\n\nCVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where\na possible use after free due to improper locking could have happened.\nThis could have led to local escalation of privilege with no\nadditional execution privileges needed. User interaction is not needed\nfor exploitation (bnc#1176720).\n\nCVE-2021-28038: Fixed an issue with Xen PV. A certain part of the\nnetback driver lacks necessary treatment of errors such as failed\nmemory allocations (as a result of changes to the handling of grant\nmapping errors). A host OS denial of service may occur during\nmisbehavior of a networking frontend driver. NOTE: this issue exists\nbecause of an incomplete fix for CVE-2021-26931 (bnc#1183022,\nbnc#1183069).\n\nCVE-2020-27815: Fixed jfs array index bounds check in dbAdjTree\n(bsc#1179454).\n\nCVE-2021-27365: Fixed an issue inside the iSCSI data structures that\ndoes not have appropriate length constraints or checks, and can exceed\nthe PAGE_SIZE value. An unprivileged user can send a Netlink message\nthat is associated with iSCSI, and has a length up to the maximum\nlength of a Netlink message (bnc#1182715).\n\nCVE-2021-27363: Fixed an issue with a kernel pointer leak that could\nhave been used to determine the address of the iscsi_transport\nstructure. When an iSCSI transport is registered with the iSCSI\nsubsystem, the transport's handle is available to unprivileged users\nvia the sysfs file system, at\n/sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the\nshow_transport_handle function (in\ndrivers/scsi/scsi_transport_iscsi.c) is called, which leaks the\nhandle. This handle is actually the pointer to an iscsi_transport\nstruct in the kernel module's global variables (bnc#1182716).\n\nCVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c\nwhere an unprivileged user can craft Netlink messages (bnc#1182717).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175873\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176720\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177411\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181960\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182672\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183696\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184196\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184208\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184391\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184397\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184650\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184942\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185113\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185248\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-0433/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25670/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25671/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25672/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25673/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27170/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27171/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27673/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27815/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-35519/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-36310/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-36311/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-36312/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-36322/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-20219/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-27363/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-27364/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-27365/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28038/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28660/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28688/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28950/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28964/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28971/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28972/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-29154/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-29155/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-29264/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-29265/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-29647/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-29650/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-30002/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-3428/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-3444/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-3483/\"\n );\n # https://www.suse.com/support/update/announcement/2021/suse-su-20211596-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5a2d3ed3\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1596=1\n\nSUSE OpenStack Cloud 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-9-2021-1596=1\n\nSUSE Linux Enterprise Server for SAP 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1596=1\n\nSUSE Linux Enterprise Server 12-SP4-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1596=1\n\nSUSE Linux Enterprise Live Patching 12-SP4 :\n\nzypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-1596=1\n\nSUSE Linux Enterprise High Availability 12-SP4 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP4-2021-1596=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-95.74.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-95.74.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-4.12.14-95.74.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-base-4.12.14-95.74.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-base-debuginfo-4.12.14-95.74.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-debuginfo-4.12.14-95.74.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-debugsource-4.12.14-95.74.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-devel-4.12.14-95.74.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-syms-4.12.14-95.74.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-18T14:42:36", "description": "The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509).\n\nCVE-2021-29650: Fixed an issue inside the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208).\n\nCVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations (bnc#1184942).\n\nCVE-2020-36310: Fixed an issue in arch/x86/kvm/svm/svm.c that allowed a set_memory_region_test infinite loop for certain nested page faults (bnc#1184512).\n\nCVE-2020-27673: Fixed an issue in Xen where a guest OS users could have caused a denial of service (host OS hang) via a high rate of events to dom0 (bnc#1177411, bnc#1184583).\n\nCVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the ker
[SECURITY] Fedora 33 Update: kernel-5.11.9-200.fc33
