Security Bulletin: IBM Security Guardium is affected by kernel vulnerabilities

2020-10-06T20:44:37

Description

## Summary IBM Security Guardium has addressed the following vulnerabilities. ## Vulnerability Details ** CVEID: **[CVE-2018-16871](<https://vulners.com/cve/CVE-2018-16871>) ** DESCRIPTION: **A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162047](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162047>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ## Affected Products and Versions Affected Product(s)| Version(s) ---|--- IBM Security Guardium| 11.0 ## Remediation/Fixes **Product** | **VRMF** | **Remediation / First Fix** ---|---|--- IBM Security Guardium| 11.0| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm>)/Information+Management/InfoSphere+Guardium&release=11.0&platform=All&function=fixId&fixids=SqlGuard_11.0p12_Bundle_Nov-05-2019&includeSupersedes=0&source=fc ## Workarounds and Mitigations None ##

Affected Software

CPE Name	Name	Version
	ibm security guardium	11.0

{"id": "270E7F8D6C0BA0C052D17A0F1714E8401CE49A076E5AA43582D8DA42ACFE3121", "vendorId": null, "type": "ibm", "bulletinFamily": "software", "title": "Security Bulletin: IBM Security Guardium is affected by kernel vulnerabilities", "description": "## Summary\n\nIBM Security Guardium has addressed the following vulnerabilities.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2018-16871](<https://vulners.com/cve/CVE-2018-16871>) \n** DESCRIPTION: **A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162047](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162047>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Security Guardium| 11.0 \n \n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**Remediation / First Fix** \n \n---|---|--- \nIBM Security Guardium| 11.0| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm>)/Information+Management/InfoSphere+Guardium&release=11.0&platform=All&function=fixId&fixids=SqlGuard_11.0p12_Bundle_Nov-05-2019&includeSupersedes=0&source=fc \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "published": "2020-10-06T20:44:37", "modified": "2020-10-06T20:44:37", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://www.ibm.com/support/pages/node/1106139", "reporter": "IBM", "references": [], "cvelist": ["CVE-2018-16871"], "immutableFields": [], "lastseen": "2023-02-24T01:36:54", "viewCount": 45, "enchantments": {"dependencies": {"references": [{"type": "centos", "idList": ["CESA-2019:1873"]}, {"type": "cve", "idList": ["CVE-2018-16871"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-16871"]}, {"type": "f5", "idList": ["F5:K18657134"]}, {"type": "ibm", "idList": ["4BB2759DF5CBB6BF54A7D60BF1046942C755D661255DAAC4EF3C0614D1A3AF9A"]}, {"type": "nessus", "idList": ["CENTOS8_RHSA-2020-1769.NASL", "CENTOS_RHSA-2019-1873.NASL", "EULEROS_SA-2019-1919.NASL", "EULEROS_SA-2019-1926.NASL", "EULEROS_SA-2020-1269.NASL", "NEWSTART_CGSL_NS-SA-2019-0180_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0183_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0247_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0253_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2020-0030_KERNEL.NASL", "NUTANIX_NXSA-AOS-5_10_10.NASL", "NUTANIX_NXSA-AOS-5_11_2_1.NASL", "NUTANIX_NXSA-AOS-5_11_3.NASL", "NUTANIX_NXSA-AOS-5_16_1.NASL", "OPENSUSE-2019-1716.NASL", "OPENSUSE-2019-1757.NASL", "ORACLELINUX_ELSA-2019-1873.NASL", "ORACLELINUX_ELSA-2019-4746.NASL", "REDHAT-RHSA-2019-1873.NASL", "REDHAT-RHSA-2019-1891.NASL", "REDHAT-RHSA-2019-2696.NASL", "REDHAT-RHSA-2019-2730.NASL", "REDHAT-RHSA-2020-0740.NASL", "REDHAT-RHSA-2020-1567.NASL", "REDHAT-RHSA-2020-1769.NASL", "SL_20190729_KERNEL_ON_SL7_X.NASL", "SUSE_SU-2019-1744-1.NASL", "SUSE_SU-2019-1829-1.NASL", "SUSE_SU-2019-1851-1.NASL", "SUSE_SU-2019-1855-1.NASL", "SUSE_SU-2019-2430-1.NASL", "VIRTUOZZO_VZA-2019-064.NASL", "VIRTUOZZO_VZA-2019-068.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310852611", "OPENVAS:1361412562310852917", "OPENVAS:1361412562310883095", "OPENVAS:1361412562311220191919", "OPENVAS:1361412562311220191926", "OPENVAS:1361412562311220201269"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-1873", "ELSA-2019-4746", "ELSA-2020-1769"]}, {"type": "redhat", "idList": ["RHSA-2019:1873", "RHSA-2019:1891", "RHSA-2019:2696", "RHSA-2019:2730", "RHSA-2020:0740", "RHSA-2020:1567", "RHSA-2020:1769"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-16871"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1716-1", "OPENSUSE-SU-2019:1757-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-16871"]}, {"type": "veracode", "idList": ["VERACODE:20974"]}, {"type": "virtuozzo", "idList": ["VZA-2019-064", "VZA-2019-068"]}]}, "score": {"value": 0.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2019:1873"]}, {"type": "cve", "idList": ["CVE-2018-16871"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-16871"]}, {"type": "f5", "idList": ["F5:K18657134"]}, {"type": "ibm", "idList": ["4BB2759DF5CBB6BF54A7D60BF1046942C755D661255DAAC4EF3C0614D1A3AF9A"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2018-16871/"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2019-1873.NASL", "EULEROS_SA-2019-1919.NASL", "EULEROS_SA-2019-1926.NASL", "NEWSTART_CGSL_NS-SA-2019-0180_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0183_KERNEL-RT.NASL", "OPENSUSE-2019-1716.NASL", "OPENSUSE-2019-1757.NASL", "ORACLELINUX_ELSA-2019-1873.NASL", "ORACLELINUX_ELSA-2019-4746.NASL", "REDHAT-RHSA-2019-1873.NASL", "REDHAT-RHSA-2019-1891.NASL", "REDHAT-RHSA-2019-2696.NASL", "REDHAT-RHSA-2019-2730.NASL", "SL_20190729_KERNEL_ON_SL7_X.NASL", "SUSE_SU-2019-1744-1.NASL", "SUSE_SU-2019-1829-1.NASL", "SUSE_SU-2019-1851-1.NASL", "SUSE_SU-2019-1855-1.NASL", "SUSE_SU-2019-2430-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310852611"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-1873"]}, {"type": "redhat", "idList": ["RHSA-2019:2696"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1716-1", "OPENSUSE-SU-2019:1757-1"]}, {"type": "symantec", "idList": ["SMNTC-111284"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-16871"]}, {"type": "virtuozzo", "idList": ["VZA-2019-064", "VZA-2019-068"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "ibm security guardium", "version": 11}]}, "epss": [{"cve": "CVE-2018-16871", "epss": "0.007780000", "percentile": "0.786190000", "modified": "2023-03-18"}], "vulnersScore": 0.4}, "_state": {"dependencies": 1677202661, "score": 1684013037, "affected_software_major_version": 1677355290, "epss": 1679165106}, "_internal": {"score_hash": "494f1e2a6d856b9757414458142c6430"}, "affectedSoftware": [{"version": "11.0", "operator": "eq", "name": "ibm security guardium"}]}

{"cve": [{"lastseen": "2023-06-23T14:37:30", "description": "A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-07-30T17:15:00", "type": "cve", "title": "CVE-2018-16871", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16871"], "modified": "2023-02-12T23:32:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:redhat:mrg_realtime:2.0", "cpe:/o:netapp:h300e_firmware:-", "cpe:/o:netapp:h500s_firmware:-", "cpe:/o:redhat:enterprise_linux_server_tus:7.4", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:redhat:enterprise_linux_server_tus:7.6", "cpe:/o:linux:linux_kernel:4.20", "cpe:/o:redhat:enterprise_linux_server_aus:7.6", "cpe:/o:redhat:enterprise_linux_server_eus:7.6", "cpe:/o:netapp:h700e_firmware:-", "cpe:/o:netapp:h500e_firmware:-", "cpe:/a:netapp:cloud_backup:-", "cpe:/o:netapp:h410c_firmware:-", "cpe:/o:netapp:h700s_firmware:-", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_server_aus:7.4", "cpe:/o:redhat:enterprise_linux_eus:7.4", "cpe:/o:netapp:h410s_firmware:-", "cpe:/a:redhat:developer_tools:1.0", "cpe:/o:netapp:h300s_firmware:-"], "id": "CVE-2018-16871", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16871", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:mrg_realtime:2.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.20:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*"]}], "veracode": [{"lastseen": "2023-04-18T13:48:07", "description": "kernel is vulnerable to denial of service. A NULL pointer dereference due to an anomalized NFS message sequence allows an attacker to cause a panic in the system and deny access to the NFS server.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-08-05T00:16:14", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16871"], "modified": "2023-02-13T01:46:51", "id": "VERACODE:20974", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-20974/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhatcve": [{"lastseen": "2023-06-23T20:28:48", "description": "A flaw was found in the Linux kernel's NFS implementation. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-09T10:13:43", "type": "redhatcve", "title": "CVE-2018-16871", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16871"], "modified": "2023-05-12T21:24:01", "id": "RH:CVE-2018-16871", "href": "https://access.redhat.com/security/cve/cve-2018-16871", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "virtuozzo": [{"lastseen": "2023-06-23T14:46:44", "description": "The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to the kernels 3.10.0-957.12.2.vz7.96.21 (Virtuozzo 7.0.11 and Virtuozzo Infrastructure Platform 3.0).\n**Vulnerability id:** CVE-2018-16871\nnfs: NULL pointer dereference due to an anomalized NFS message sequence. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-08-13T00:00:00", "type": "virtuozzo", "title": "Kernel security update: Virtuozzo ReadyKernel patch 85.0 for Virtuozzo 7.0 and Virtuozzo Infrastructure Platform 3.0", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16871"], "modified": "2019-08-13T00:00:00", "id": "VZA-2019-064", "href": "https://help.virtuozzo.com/s/article/VZA-2019-064", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-08-25T03:19:11", "description": "The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to the kernels 3.10.0-693.17.1.vz7.43.10 (Virtuozzo 7.0.7), 3.10.0-693.21.1.vz7.46.7 (Virtuozzo 7.0.7 HF2), 3.10.0-693.21.1.vz7.48.2 (Virtuozzo 7.0.7 HF3), 3.10.0-862.9.1.vz7.63.3 (Virtuozzo 7.0.8), 3.10.0-862.11.6.vz7.64.7 (Virtuozzo 7.0.8 HF1), 3.10.0-862.20.2.vz7.73.24 (Virtuozzo 7.0.9 and Virtuozzo Infrastructure Platform 2.5), 3.10.0-862.20.2.vz7.73.29 (Virtuozzo 7.0.9 and Virtuozzo Infrastructure Platform 2.5), 3.10.0-957.10.1.vz7.85.17 (Virtuozzo 7.0.10), 3.10.0-957.12.2.vz7.86.2 (Virtuozzo 7.0.10 HF1).\n**Vulnerability id:** CVE-2019-11477\ntcp: integer overflow while processing SACK blocks allows remote denial of service. An integer overflow was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service.\n\n**Vulnerability id:** CVE-2018-16871\nnfs: NULL pointer dereference due to an anomalized NFS message sequence. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-08-20T00:00:00", "type": "virtuozzo", "title": "Important kernel security update: Virtuozzo ReadyKernel patch 85.0 for Virtuozzo 7.0.7 to 7.0.10 HF1 and Virtuozzo Infrastructure Platform 2.5", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16871", "CVE-2019-11477"], "modified": "2019-08-20T00:00:00", "id": "VZA-2019-068", "href": "https://help.virtuozzo.com/s/article/VZA-2019-068", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "debiancve": [{"lastseen": "2023-06-23T14:39:03", "description": "A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-07-30T17:15:00", "type": "debiancve", "title": "CVE-2018-16871", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16871"], "modified": "2019-07-30T17:15:00", "id": "DEBIANCVE:CVE-2018-16871", "href": "https://security-tracker.debian.org/tracker/CVE-2018-16871", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "f5": [{"lastseen": "2020-04-06T22:39:53", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-10-07T19:16:00", "type": "f5", "title": "Linux kernel vulnerability CVE-2018-16871", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16871"], "modified": "2019-10-07T19:16:00", "id": "F5:K18657134", "href": "https://support.f5.com/csp/article/K18657134", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2023-05-18T14:55:53", "description": "According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerability :\n\n - nfs: NULL pointer dereference due to an anomalized NFS message sequence. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence.\n This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-02-04T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : readykernel-patch (VZA-2019-064)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16871"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:readykernel", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZA-2019-064.NASL", "href": "https://www.tenable.com/plugins/nessus/133457", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133457);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2018-16871\"\n );\n\n script_name(english:\"Virtuozzo 7 : readykernel-patch (VZA-2019-064)\");\n script_summary(english:\"Checks the readykernel output for the updated patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerability :\n\n - nfs: NULL pointer dereference due to an anomalized NFS\n message sequence. An attacker, who is able to mount an\n exported NFS filesystem, is able to trigger a null\n pointer dereference by using an invalid NFS sequence.\n This can panic the machine and deny access to the NFS\n server. Any outstanding disk writes to the NFS server\n will be lost.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://virtuozzosupport.force.com/s/article/VZA-2019-064\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-96.21-85.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?61420692\");\n script_set_attribute(attribute:\"solution\", value:\"Update the readykernel patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:readykernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\", \"Host/readykernel-info\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"readykernel.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nrk_info = get_kb_item(\"Host/readykernel-info\");\nif (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\n\nchecks = make_list2(\n make_array(\n \"kernel\",\"vzkernel-3.10.0-957.12.2.vz7.96.21\",\n \"patch\",\"readykernel-patch-96.21-85.0-1.vl7\"\n )\n);\nreadykernel_execute_checks(checks:checks, severity:SECURITY_WARNING, release:\"Virtuozzo-7\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:56:11", "description": "According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities :\n\n - tcp: integer overflow while processing SACK blocks allows remote denial of service. An integer overflow was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service.\n\n - nfs: NULL pointer dereference due to an anomalized NFS message sequence. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence.\n This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-02-04T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : readykernel-patch (VZA-2019-068)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16871", "CVE-2019-11477"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:readykernel", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZA-2019-068.NASL", "href": "https://www.tenable.com/plugins/nessus/133458", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133458);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2018-16871\", \"CVE-2019-11477\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0456\");\n\n script_name(english:\"Virtuozzo 7 : readykernel-patch (VZA-2019-068)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - tcp: integer overflow while processing SACK blocks\n allows remote denial of service. An integer overflow\n was found in the way the Linux kernel's networking\n subsystem processed TCP Selective Acknowledgment (SACK)\n segments. While processing SACK segments, the Linux\n kernel's socket buffer (SKB) data structure becomes\n fragmented. Each fragment is about TCP maximum segment\n size (MSS) bytes. To efficiently process SACK blocks,\n the Linux kernel merges multiple fragmented SKBs into\n one, potentially overflowing the variable holding the\n number of segments. A remote attacker could use this\n flaw to crash the Linux kernel by sending a crafted\n sequence of SACK segments on a TCP connection with\n small value of TCP MSS, resulting in a denial of\n service.\n\n - nfs: NULL pointer dereference due to an anomalized NFS\n message sequence. An attacker, who is able to mount an\n exported NFS filesystem, is able to trigger a null\n pointer dereference by using an invalid NFS sequence.\n This can panic the machine and deny access to the NFS\n server. Any outstanding disk writes to the NFS server\n will be lost.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://virtuozzosupport.force.com/s/article/VZA-2019-068\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-43.10-85.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f75313dd\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-46.7-85.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a6382ef0\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-48.2-85.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fce0b0f5\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-63.3-85.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1193994a\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-64.7-85.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d0f897ef\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-73.24-85.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3f4cb69c\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-73.29-85.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7e46c367\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-85.17-85.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a97adc25\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-86.2-85.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?34a0ef2a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the readykernel patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:readykernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\", \"Host/readykernel-info\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"readykernel.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nrk_info = get_kb_item(\"Host/readykernel-info\");\nif (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\n\nchecks = make_list2(\n make_array(\n \"kernel\",\"vzkernel-3.10.0-693.17.1.vz7.43.10\",\n \"patch\",\"readykernel-patch-43.10-85.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-693.21.1.vz7.46.7\",\n \"patch\",\"readykernel-patch-46.7-85.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-693.21.1.vz7.48.2\",\n \"patch\",\"readykernel-patch-48.2-85.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-862.11.6.vz7.64.7\",\n \"patch\",\"readykernel-patch-63.3-85.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-862.20.2.vz7.73.24\",\n \"patch\",\"readykernel-patch-64.7-85.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-862.20.2.vz7.73.29\",\n \"patch\",\"readykernel-patch-73.24-85.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-862.9.1.vz7.63.3\",\n \"patch\",\"readykernel-patch-73.29-85.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-957.10.1.vz7.85.17\",\n \"patch\",\"readykernel-patch-85.17-85.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-957.12.2.vz7.86.2\",\n \"patch\",\"readykernel-patch-86.2-85.0-1.vl7\"\n )\n);\nreadykernel_execute_checks(checks:checks, severity:SECURITY_HOLE, release:\"Virtuozzo-7\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:25:39", "description": "The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.\n\nThis update adds support for the Hygon Dhyana CPU (fate#327735).\n\nThe following security bugs were fixed :\n\nCVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c. There was an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash) (bnc#1137194).\n\nCVE-2018-16871: A NULL pointer dereference due to an anomalized NFS message sequence was fixed. (bnc#1137103).\n\nCVE-2019-12817: On the PowerPC architecture, local attackers could access other users processes memory (bnc#1138263).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-07-05T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1744-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16871", "CVE-2019-12614", "CVE-2019-12817"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-debug", "p-cpe:/a:novell:suse_linux:kernel-debug-base", "p-cpe:/a:novell:suse_linux:kernel-debug-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-debug-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-debug-debugsource", "p-cpe:/a:novell:suse_linux:kernel-debug-devel", "p-cpe:/a:novell:suse_linux:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-debug-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-base", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-devel", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-devel", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-vanilla-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-vanilla-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump", "p-cpe:/a:novell:suse_linux:kernel-obs-qa", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-man", "p-cpe:/a:novell:suse_linux:kselftests-kmp-default", "p-cpe:/a:novell:suse_linux:kselftests-kmp-default-debuginfo", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-1744-1.NASL", "href": "https://www.tenable.com/plugins/nessus/126499", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1744-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126499);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-16871\", \"CVE-2019-12614\", \"CVE-2019-12817\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1744-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various\nsecurity and bugfixes.\n\nThis update adds support for the Hygon Dhyana CPU (fate#327735).\n\nThe following security bugs were fixed :\n\nCVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in\narch/powerpc/platforms/pseries/dlpar.c. There was an unchecked kstrdup\nof prop->name, which might allow an attacker to cause a denial of\nservice (NULL pointer dereference and system crash) (bnc#1137194).\n\nCVE-2018-16871: A NULL pointer dereference due to an anomalized NFS\nmessage sequence was fixed. (bnc#1137103).\n\nCVE-2019-12817: On the PowerPC architecture, local attackers could\naccess other users processes memory (bnc#1138263).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128432\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135642\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136156\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136157\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137366\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137884\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137985\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138375\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138681\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16871/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-12614/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-12817/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191744-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b2c9bf18\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15-SP1:zypper in -t patch\nSUSE-SLE-Product-WE-15-SP1-2019-1744=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1744=1\n\nSUSE Linux Enterprise Module for Live Patching 15-SP1:zypper in -t\npatch SUSE-SLE-Module-Live-Patching-15-SP1-2019-1744=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP1:zypper in -t\npatch SUSE-SLE-Module-Legacy-15-SP1-2019-1744=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP1:zypper in -t\npatch SUSE-SLE-Module-Development-Tools-15-SP1-2019-1744=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-SP1-2019-1744=1\n\nSUSE Linux Enterprise High Availability 15-SP1:zypper in -t patch\nSUSE-SLE-Product-HA-15-SP1-2019-1744=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-12817\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-base-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-livepatch-devel-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-base-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-debugsource-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-devel-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-livepatch-devel-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-livepatch-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-man-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debugsource-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-debugsource-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-qa-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-syms-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-base-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-debugsource-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-devel-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-livepatch-devel-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kselftests-kmp-default-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kselftests-kmp-default-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-base-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-livepatch-devel-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-base-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-debugsource-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-devel-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-livepatch-devel-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-livepatch-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-man-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-base-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-base-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-debugsource-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-devel-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-devel-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-obs-build-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-obs-build-debugsource-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-obs-qa-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-syms-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-base-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-debugsource-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-devel-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-livepatch-devel-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kselftests-kmp-default-4.12.14-197.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kselftests-kmp-default-debuginfo-4.12.14-197.7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:09", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)\n\n* kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation (CVE-2019-11085)\n\n* kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871)\n\n* kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) and Enhancement(s) :\n\nThese updated kernel packages include also numerous bug fixes and add several enhancements. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article: https:// access.redhat.com/articles/4309211", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2019:1873)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16871", "CVE-2018-16884", "CVE-2019-11085", "CVE-2019-11811"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.6"], "id": "REDHAT-RHSA-2019-1873.NASL", "href": "https://www.tenable.com/plugins/nessus/127618", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1873. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127618);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2018-16871\",\n \"CVE-2018-16884\",\n \"CVE-2019-11085\",\n \"CVE-2019-11811\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1873\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2019:1873)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)\n\n* kernel: insufficient input validation in kernel mode driver in Intel\ni915 graphics leads to privilege escalation (CVE-2019-11085)\n\n* kernel: nfs: NULL pointer dereference due to an anomalized NFS\nmessage sequence (CVE-2018-16871)\n\n* kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c,\nipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) and Enhancement(s) :\n\nThese updated kernel packages include also numerous bug fixes and add\nseveral enhancements. Space precludes documenting all of the bug fixes\nin this advisory. See the descriptions in the related Knowledge\nArticle: https:// access.redhat.com/articles/4309211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/articles/4309211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:1873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-16871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-16884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-11085\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-11811\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11811\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-16884\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-16871\", \"CVE-2018-16884\", \"CVE-2019-11085\", \"CVE-2019-11811\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:1873\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1873\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-abi-whitelists-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-devel-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-devel-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-doc-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-headers-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-devel-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-debuginfo-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-debuginfo-3.10.0-957.27.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-957.27.2.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:42", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)\n\n* kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation (CVE-2019-11085)\n\n* kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871)\n\n* kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) and Enhancement(s) :\n\nThese updated kernel packages include also numerous bug fixes and add several enhancements. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article: https:// access.redhat.com/articles/4309211", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "CentOS 7 : kernel (CESA-2019:1873)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16871", "CVE-2018-16884", "CVE-2019-11085", "CVE-2019-11811"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel"], "id": "CENTOS_RHSA-2019-1873.NASL", "href": "https://www.tenable.com/plugins/nessus/127469", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1873 and \n# CentOS Errata and Security Advisory 2019:1873 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127469);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2018-16871\",\n \"CVE-2018-16884\",\n \"CVE-2019-11085\",\n \"CVE-2019-11811\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1873\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2019:1873)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)\n\n* kernel: insufficient input validation in kernel mode driver in Intel\ni915 graphics leads to privilege escalation (CVE-2019-11085)\n\n* kernel: nfs: NULL pointer dereference due to an anomalized NFS\nmessage sequence (CVE-2018-16871)\n\n* kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c,\nipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) and Enhancement(s) :\n\nThese updated kernel packages include also numerous bug fixes and add\nseveral enhancements. Space precludes documenting all of the bug fixes\nin this advisory. See the descriptions in the related Knowledge\nArticle: https:// access.redhat.com/articles/4309211\");\n # https://lists.centos.org/pipermail/centos-announce/2019-July/023374.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8757c05d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11811\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-16884\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perf-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-957.27.2.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:28:18", "description": "Security Fix(es) :\n\n - kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)\n\n - kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation (CVE-2019-11085)\n\n - kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871)\n\n - kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL7.x x86_64 (20190729)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16871", "CVE-2018-16884", "CVE-2019-11085", "CVE-2019-11811"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:bpftool", "p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:kernel-tools", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20190729_KERNEL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/127726", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127726);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\"CVE-2018-16871\", \"CVE-2018-16884\", \"CVE-2019-11085\", \"CVE-2019-11811\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL7.x x86_64 (20190729)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - kernel: nfs: use-after-free in svc_process_common()\n (CVE-2018-16884)\n\n - kernel: insufficient input validation in kernel mode\n driver in Intel i915 graphics leads to privilege\n escalation (CVE-2019-11085)\n\n - kernel: nfs: NULL pointer dereference due to an\n anomalized NFS message sequence (CVE-2018-16871)\n\n - kernel: use-after-free in\n drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c,\n ipmi_si_port_io.c (CVE-2019-11811)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1907&L=SCIENTIFIC-LINUX-ERRATA&P=10631\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8234bf94\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11811\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-abi-whitelists-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-doc-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-957.27.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-957.27.2.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:19", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-1873 advisory.\n\n - A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost. (CVE-2018-16871)\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after- free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2018-16884)\n\n - Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.\n (CVE-2019-11085)\n\n - An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : kernel (ELSA-2019-1873)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16871", "CVE-2018-16884", "CVE-2019-11085", "CVE-2019-11811"], "modified": "2022-05-19T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2019-1873.NASL", "href": "https://www.tenable.com/plugins/nessus/127603", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-1873.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127603);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2018-16871\",\n \"CVE-2018-16884\",\n \"CVE-2019-11085\",\n \"CVE-2019-11811\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1873\");\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2019-1873)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2019-1873 advisory.\n\n - A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to\n 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer\n dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS\n server. Any outstanding disk writes to the NFS server will be lost. (CVE-2018-16871)\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network\n namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-\n free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system\n panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2018-16884)\n\n - Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0\n may allow an authenticated user to potentially enable escalation of privilege via local access.\n (CVE-2019-11085)\n\n - An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read\n access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c,\n drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-1873.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11811\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-16884\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.10.0-957.27.2.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-1873');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.10';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-3.10.0-957.27.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.27.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-3.10.0'},\n {'reference':'kernel-abi-whitelists-3.10.0-957.27.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-3.10.0'},\n {'reference':'kernel-debug-3.10.0-957.27.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-3.10.0'},\n {'reference':'kernel-debug-devel-3.10.0-957.27.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-3.10.0'},\n {'reference':'kernel-devel-3.10.0-957.27.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-3.10.0'},\n {'reference':'kernel-headers-3.10.0-957.27.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-3.10.0'},\n {'reference':'kernel-tools-3.10.0-957.27.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-3.10.0'},\n {'reference':'kernel-tools-libs-3.10.0-957.27.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-3.10.0'},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.27.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-3.10.0'},\n {'reference':'perf-3.10.0-957.27.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.27.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:20", "description": "An update for kernel-rt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es) :\n\n* kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)\n\n* kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation (CVE-2019-11085)\n\n* kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871)\n\n* kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* kernel-rt: update to the RHEL7.6.z batch#6 source tree (BZ#1718400)", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-rt (RHSA-2019:1891)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16871", "CVE-2018-16884", "CVE-2019-11085", "CVE-2019-11811"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-1891.NASL", "href": "https://www.tenable.com/plugins/nessus/127623", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1891. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127623);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2018-16871\",\n \"CVE-2018-16884\",\n \"CVE-2019-11085\",\n \"CVE-2019-11811\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1891\");\n\n script_name(english:\"RHEL 7 : kernel-rt (RHSA-2019:1891)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel-rt is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)\n\n* kernel: insufficient input validation in kernel mode driver in Intel\ni915 graphics leads to privilege escalation (CVE-2019-11085)\n\n* kernel: nfs: NULL pointer dereference due to an anomalized NFS\nmessage sequence (CVE-2018-16871)\n\n* kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c,\nipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* kernel-rt: update to the RHEL7.6.z batch#6 source tree (BZ#1718400)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:1891\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-16871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-16884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-11085\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-11811\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11811\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-16884\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-16871\", \"CVE-2018-16884\", \"CVE-2019-11085\", \"CVE-2019-11811\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:1891\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1891\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-3.10.0-957.27.2.rt56.940.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.10.0-957.27.2.rt56.940.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.10.0-957.27.2.rt56.940.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.10.0-957.27.2.rt56.940.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-3.10.0-957.27.2.rt56.940.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-debuginfo-3.10.0-957.27.2.rt56.940.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.10.0-957.27.2.rt56.940.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.10.0-957.27.2.rt56.940.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.10.0-957.27.2.rt56.940.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-rt-doc-3.10.0-957.27.2.rt56.940.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-3.10.0-957.27.2.rt56.940.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-debuginfo-3.10.0-957.27.2.rt56.940.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.10.0-957.27.2.rt56.940.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.10.0-957.27.2.rt56.940.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.10.0-957.27.2.rt56.940.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-3.10.0-957.27.2.rt56.940.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-debuginfo-3.10.0-957.27.2.rt56.940.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:29:38", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* kernel: Memory corruption due to incorrect socket cloning (CVE-2018-9568)\n\n* kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405)\n\n* kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)\n\n* kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871)\n\n* kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* fragmented packets timing out (BZ#1729411)\n\n* kernel build: speed up debuginfo extraction (BZ#1731462)\n\n* TCP packets are segmented when sent to the VM (TAP) (BZ#1732744)\n\n* TCP packets are segmented when sent to the VLAN device when coming from VXLAN dev. (BZ#1732809)\n\n* skb head copy occurs when sending traffic over OVS managed VXLAN tunnel (BZ #1733626)\n\n* [mlx4] VXLAN over VLAN TCP segmentation (BZ#1734160)\n\n* use 'make -jN' for modules_install (BZ#1735081)\n\n* shmem: consider shm_mnt as a long-term mount (BZ#1737376)\n\n* [ESXi][RHEL7]use-after-free of scsi_cmnd on VMware virtual guest with vmw_pvscsi and ata_piix (BZ#1737377)\n\n* Backport TCP follow-up for small buffers (BZ#1739127)", "cvss3": {}, "published": "2019-09-11T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2019:2696)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-13405", "CVE-2018-16871", "CVE-2018-16884", "CVE-2018-9568", "CVE-2019-1125"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:7.4"], "id": "REDHAT-RHSA-2019-2696.NASL", "href": "https://www.tenable.com/plugins/nessus/128662", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2696. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128662);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2018-9568\",\n \"CVE-2018-13405\",\n \"CVE-2018-16871\",\n \"CVE-2018-16884\",\n \"CVE-2019-1125\"\n );\n script_xref(name:\"RHSA\", value:\"2019:2696\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2019:2696)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.4\nExtended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* kernel: Memory corruption due to incorrect socket cloning\n(CVE-2018-9568)\n\n* kernel: Missing check in fs/inode.c:inode_init_owner() does not\nclear SGID bit on non-directories for non-members (CVE-2018-13405)\n\n* kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)\n\n* kernel: nfs: NULL pointer dereference due to an anomalized NFS\nmessage sequence (CVE-2018-16871)\n\n* kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* fragmented packets timing out (BZ#1729411)\n\n* kernel build: speed up debuginfo extraction (BZ#1731462)\n\n* TCP packets are segmented when sent to the VM (TAP) (BZ#1732744)\n\n* TCP packets are segmented when sent to the VLAN device when coming\nfrom VXLAN dev. (BZ#1732809)\n\n* skb head copy occurs when sending traffic over OVS managed VXLAN\ntunnel (BZ #1733626)\n\n* [mlx4] VXLAN over VLAN TCP segmentation (BZ#1734160)\n\n* use 'make -jN' for modules_install (BZ#1735081)\n\n* shmem: consider shm_mnt as a long-term mount (BZ#1737376)\n\n* [ESXi][RHEL7]use-after-free of scsi_cmnd on VMware virtual guest\nwith vmw_pvscsi and ata_piix (BZ#1737377)\n\n* Backport TCP follow-up for small buffers (BZ#1739127)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/articles/4329821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:2696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-9568\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-13405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-16871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-16884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-1125\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-9568\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-16884\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7\\.4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.4\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-13405\", \"CVE-2018-16871\", \"CVE-2018-16884\", \"CVE-2018-9568\", \"CVE-2019-1125\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:2696\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:2696\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-3.10.0-693.58.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-3.10.0-693.58.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", reference:\"kernel-abi-whitelists-3.10.0-693.58.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-debug-3.10.0-693.58.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-693.58.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-3.10.0-693.58.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-693.58.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-debug-devel-3.10.0-693.58.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-693.58.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-debuginfo-3.10.0-693.58.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-693.58.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-3.10.0-693.58.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-693.58.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-devel-3.10.0-693.58.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-693.58.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", reference:\"kernel-doc-3.10.0-693.58.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-headers-3.10.0-693.58.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-693.58.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-kdump-3.10.0-693.58.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-3.10.0-693.58.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-kdump-devel-3.10.0-693.58.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-693.58.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-693.58.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-693.58.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-693.58.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"s390x\", reference:\"perf-3.10.0-693.58.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"perf-3.10.0-693.58.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"s390x\", reference:\"perf-debuginfo-3.10.0-693.58.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-693.58.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"s390x\", reference:\"python-perf-3.10.0-693.58.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-693.58.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"s390x\", reference:\"python-perf-debuginfo-3.10.0-693.58.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-693.58.1.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:29:09", "description": "An update for kernel-rt is now available for Red Hat Enterprise MRG 2.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es) :\n\n* kernel: Memory corruption due to incorrect socket cloning (CVE-2018-9568)\n\n* kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405)\n\n* kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)\n\n* kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871)\n\n* kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* Backport TCP follow-up for small buffers [mrg-r] (BZ#1732110)\n\n* update the MRG 2.5.z 3.10 realtime-kernel sources (BZ#1734469)", "cvss3": {}, "published": "2019-09-16T00:00:00", "type": "nessus", "title": "RHEL 6 : MRG (RHSA-2019:2730)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-13405", "CVE-2018-16871", "CVE-2018-16884", "CVE-2018-9568", "CVE-2019-1125"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2019-2730.NASL", "href": "https://www.tenable.com/plugins/nessus/128854", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2730. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128854);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2018-9568\",\n \"CVE-2018-13405\",\n \"CVE-2018-16871\",\n \"CVE-2018-16884\",\n \"CVE-2019-1125\"\n );\n script_xref(name:\"RHSA\", value:\"2019:2730\");\n\n script_name(english:\"RHEL 6 : MRG (RHSA-2019:2730)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel-rt is now available for Red Hat Enterprise MRG 2.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* kernel: Memory corruption due to incorrect socket cloning\n(CVE-2018-9568)\n\n* kernel: Missing check in fs/inode.c:inode_init_owner() does not\nclear SGID bit on non-directories for non-members (CVE-2018-13405)\n\n* kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)\n\n* kernel: nfs: NULL pointer dereference due to an anomalized NFS\nmessage sequence (CVE-2018-16871)\n\n* kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* Backport TCP follow-up for small buffers [mrg-r] (BZ#1732110)\n\n* update the MRG 2.5.z 3.10 realtime-kernel sources (BZ#1734469)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/articles/4329821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:2730\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-9568\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-13405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-16871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-16884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-1125\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-9568\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-16884\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-13405\", \"CVE-2018-16871\", \"CVE-2018-16884\", \"CVE-2018-9568\", \"CVE-2019-1125\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:2730\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:2730\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"mrg-release\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MRG\");\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-3.10.0-693.58.1.rt56.652.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.10.0-693.58.1.rt56.652.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.10.0-693.58.1.rt56.652.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.10.0-693.58.1.rt56.652.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.10.0-693.58.1.rt56.652.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.10.0-693.58.1.rt56.652.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.10.0-693.58.1.rt56.652.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-doc-3.10.0-693.58.1.rt56.652.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-firmware-3.10.0-693.58.1.rt56.652.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.10.0-693.58.1.rt56.652.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.10.0-693.58.1.rt56.652.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.10.0-693.58.1.rt56.652.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-3.10.0-693.58.1.rt56.652.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-debuginfo-3.10.0-693.58.1.rt56.652.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-devel-3.10.0-693.58.1.rt56.652.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:25:33", "description": "The openSUSE Leap 15.0 was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2019-10638: A device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses (bnc#1140575).\n\n - CVE-2019-10639: The Linux kernel allowed Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image is exposed.\n This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping).\n For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable in 4.1 because IP ID generation was changed to have a dependency on an address associated with a network namespace (bnc#1140577).\n\n - CVE-2018-20836: There was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free (bnc#1134395).\n\n - CVE-2019-10126: A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences (bnc#1136935).\n\n - CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c (bnc#1131645 1133738).\n\n - CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c where there was an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash) (bnc#1137194).\n\n - CVE-2018-16871: A flaw was found in NFS where an attacker who is able to mount an exported NFS filesystem was able to trigger a NULL pointer dereference by an invalid NFS sequence. (bnc#1137103).\n\nThe following non-security bugs were fixed :\n\n - 6lowpan: Off by one handling ->nexthdr (bsc#1051510).\n\n - added De0-Nanos-SoC board support (and others based on Altera SOC).\n\n - Add sample kernel-default-base spec file (FATE#326579, jsc#SLE-4117, jsc#SLE-3853, bsc#1128910).\n\n - Add sample kernel-default-base spec file (jsc#SLE-4117, jsc#SLE-3853, bsc#1128910).\n\n - af_key: unconditionally clone on broadcast (bsc#1051510).\n\n - alsa: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510).\n\n - alsa: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510).\n\n - alsa: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510).\n\n - alsa: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510).\n\n - alsa: line6: Fix write on zero-sized buffer (bsc#1051510).\n\n - alsa: seq: fix incorrect order of dest_client/dest_ports arguments (bsc#1051510).\n\n - alsa: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510).\n\n - apparmor: enforce nullbyte at end of tag string (bsc#1051510).\n\n - audit: fix a memory leak bug (bsc#1051510).\n\n - ax25: fix inconsistent lock state in ax25_destroy_timer (bsc#1051510).\n\n - blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637).\n\n - block: Fix a NULL pointer dereference in generic_make_request() (bsc#1139771).\n\n - bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328).\n\n - can: af_can: Fix error path of can_init() (bsc#1051510).\n\n - can: flexcan: fix timeout when set small bitrate (bsc#1051510).\n\n - can: purge socket error queue on sock destruct (bsc#1051510).\n\n - ceph: flush dirty inodes before proceeding with remount (bsc#1140405).\n\n - cfg80211: fix memory leak of wiphy device name (bsc#1051510).\n\n - clk: rockchip: Turn on 'aclk_dmac1' for suspend on rk3288 (bsc#1051510).\n\n - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510).\n\n - coresight: etb10: Fix handling of perf mode (bsc#1051510).\n\n - coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510).\n\n - cpu/topology: Export die_id (jsc#SLE-5454).\n\n - crypto: algapi - guard against uninitialized spawn list in crypto_remove_spawns (bsc#1133401).\n\n - crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510).\n\n - crypto: user - prevent operating on larval algorithms (bsc#1133401).\n\n - device core: Consolidate locking and unlocking of parent and device (bsc#1106383).\n\n - dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510).\n\n - dm, dax: Fix detection of DAX support (bsc#1139782).\n\n - doc: Cope with the deprecation of AutoReporter (bsc#1051510).\n\n - Do not provide kernel-default from kernel-default-base (boo#1132154, bsc#1106751).\n\n - Do not provide kernel-default-srchash from kernel-default-base.\n\n - Do not restrict NFSv4.2 on openSUSE (bsc#1138719).\n\n - driver core: Establish order of operations for device_add and device_del via bitflag (bsc#1106383).\n\n - driver core: Probe devices asynchronously instead of the driver (bsc#1106383).\n\n - drivers/base: Introduce kill_device() (bsc#1139865).\n\n - drivers/base: kABI fixes for struct device_private (bsc#1106383).\n\n - drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var (bsc#1051510).\n\n - drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' (bsc#1051510).\n\n - drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() (bsc#1051510).\n\n - drivers: thermal: tsens: Do not print error message on\n -EPROBE_DEFER (bsc#1051510).\n\n - drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510).\n\n - drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510).\n\n - EDAC/mc: Fix edac_mc_find() in case no device is found (bsc#1114279).\n\n - ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995).\n\n - ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995 fate#323487).\n\n - genirq: Prevent use-after-free and work list corruption (bsc#1051510).\n\n - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bsc#1051510).\n\n - genwqe: Prevent an integer overflow in the ioctl (bsc#1051510).\n\n - hwmon/coretemp: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454).\n\n - hwmon/coretemp: Support multi-die/package (jsc#SLE-5454).\n\n - hwmon: (k10temp) 27C Offset needed for Threadripper2 (FATE#327735).\n\n - hwmon: (k10temp) Add Hygon Dhyana support (FATE#327735).\n\n - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics (FATE#327735).\n\n - hwmon: (k10temp) Add support for family 17h (FATE#327735).\n\n - hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs (FATE#327735).\n\n - hwmon: (k10temp) Add support for temperature offsets (FATE#327735).\n\n - hwmon: (k10temp) Add temperature offset for Ryzen 1900X (FATE#327735).\n\n - hwmon: (k10temp) Add temperature offset for Ryzen 2700X (FATE#327735).\n\n - hwmon: (k10temp) Correct model name for Ryzen 1600X (FATE#327735).\n\n - hwmon: (k10temp) Display both Tctl and Tdie (FATE#327735).\n\n - hwmon: (k10temp) Fix reading critical temperature register (FATE#327735).\n\n - hwmon: (k10temp) Make function get_raw_temp static (FATE#327735).\n\n - hwmon: (k10temp) Move chip specific code into probe function (FATE#327735).\n\n - hwmon: (k10temp) Only apply temperature offset if result is positive (FATE#327735).\n\n - hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors (FATE#327735).\n\n - hwmon: k10temp: Support Threadripper 2920X, 2970WX;\n simplify offset table (FATE#327735).\n\n - hwmon: (k10temp) Use API function to access System Management Network (FATE#327735).\n\n - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs ().\n\n - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (FATE#327735).\n\n - i2c: acorn: fix i2c warning (bsc#1135642).\n\n - i2c-piix4: Add Hygon Dhyana SMBus support (FATE#327735).\n\n - ibmveth: Update ethtool settings to reflect virtual properties (bsc#1136157, LTC#177197).\n\n - input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510).\n\n - input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD (bsc#1051510).\n\n - Install extra rpm scripts for kernel subpackaging (FATE#326579, jsc#SLE-4117, jsc#SLE-3853, bsc#1128910).\n\n - Install extra rpm scripts for kernel subpackaging (jsc#SLE-4117, jsc#SLE-3853, bsc#1128910).\n\n - kabi fixup blk_mq_register_dev() (bsc#1140637).\n\n - kabi: x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454).\n\n - kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454).\n\n - kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID (bsc#1114279).\n\n - kvm: x86: Include multiple indices with CPUID leaf 0x8000001d (bsc#1114279).\n\n - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510).\n\n - libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865).\n\n - libnvdimm, pfn: Fix over-trim in trim_pfn_device() (bsc#1140719).\n\n - mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510).\n\n - mac80211: drop robust management frames from unknown TA (bsc#1051510).\n\n - mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510).\n\n - media: v4l2-ioctl: clear fields in s_parm (bsc#1051510).\n\n - mISDN: make sure device name is NUL terminated (bsc#1051510).\n\n - mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510).\n\n - module: Fix livepatch/ftrace module text permissions race (bsc#1071995).\n\n - module: Fix livepatch/ftrace module text permissions race (bsc#1071995 fate#323487).\n\n - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633).\n\n - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633).\n\n - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633).\n\n - nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814).\n\n - nfit/ars: Avoid stale ARS results (jsc#SLE-5433).\n\n - nfit/ars: Introduce scrub_flags (jsc#SLE-5433).\n\n - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642).\n\n - nvme: copy MTFA field from identify controller (bsc#1140715).\n\n - nvme-rdma: fix double freeing of async event data (bsc#1120423).\n\n - nvme-rdma: fix possible double free of controller async event buffer (bsc#1120423).\n\n - ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902).\n\n - pci: PM: Skip devices in D0 for suspend-to-idle (bsc#1051510).\n\n - pci: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510).\n\n - perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454).\n\n - perf/x86/intel/rapl: Cosmetic rename internal variables in response to multi-die/pkg support (jsc#SLE-5454).\n\n - perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454).\n\n - perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg support (jsc#SLE-5454).\n\n - perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454).\n\n - powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454).\n\n - powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454).\n\n - powercap/intel_rapl: Update RAPL domain name and debug messages (jsc#SLE-5454).\n\n - powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list (bsc#1137728, LTC#178106).\n\n - powerpc/perf: Add POWER9 alternate PM_RUN_CYC and PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106).\n\n - powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808).\n\n - ppp: mppe: Add softdep to arc4 (bsc#1088047).\n\n - qmi_wwan: add network device usage statistics for qmimux devices (bsc#1051510).\n\n - qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510).\n\n - qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode (bsc#1051510).\n\n - qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510).\n\n - rapidio: fix a NULL pointer dereference when create_workqueue() fails (bsc#1051510).\n\n - ras/CEC: Convert the timer callback to a workqueue (bsc#1114279).\n\n - ras/CEC: Fix binary search function (bsc#1114279).\n\n - Refresh patches.fixes/scsi-Introduce-scsi_start_queue.patch (bsc#1119532).\n\n - Remove the previous subpackage infrastructure. This partially reverts commit 9b3ca32c11854156b2f950ff5e26131377d8445e ('Add kernel-subpackage-build.spec (FATE#326579).')\n\n - Replace the bluetooth fix with the upstream commit (bsc#1135556)\n\n - Revert 'Drop multiversion(kernel) from the KMP template ()' (bsc#1109137).\n\n - Revert 'Drop multiversion(kernel) from the KMP template (fate#323189)' (bsc#1109137). This reverts commit 71504d805c1340f68715ad41958e5ef35da2c351.\n\n - Revert 'KMPs: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137).'\n\n - Revert 'KMPs: provide and conflict a kernel version specific KMP name'\n\n - Revert 'Revert 'Drop multiversion(kernel) from the KMP template ()''\n\n - Revert 'Revert 'Drop multiversion(kernel) from the KMP template (fate#323189)'' This feature was requested for SLE15 but aws reverted in packaging and master.\n\n - Revert 's390/jump_label: Use 'jdd' constraint on gcc9 (bsc#1138589).'\n\n - Revert 'Sign non-x86 kernels when possible (boo#1134303)' This reverts commit bac621c6704610562ebd9e74ae5ad85ca8025681.\n\n - Revert 'svm: Fix AVIC incomplete IPI emulation' (bsc#1140133).\n\n - rpm: Add arm64 dtb-allwinner subpackage 4.10 added arch/arm64/boot/dts/allwinner/.\n\n - rpm: Add arm64 dtb-zte subpackage 4.9 added arch/arm64/boot/dts/zte/.\n\n - rpm/kernel-binary.spec.in: Add back kernel-binary-base subpackage (jsc#SLE-3853).\n\n - rpm/kernel-binary.spec.in: Build livepatch support in SUSE release projects (bsc#1124167).\n\n - rpm/kernel-subpackage-build: handle arm kernel zImage.\n\n - rpm/kernel-subpackage-spec: only provide firmware actually present in subpackage.\n\n - rpm/package-descriptions: fix typo in kernel-azure\n\n - rpm/post.sh: correct typo in err msg (bsc#1137625)\n\n - s390/dasd: fix using offset into zero size array error (bsc#1051510).\n\n - s390/jump_label: Use 'jdd' constraint on gcc9 (bsc#1138589).\n\n - s390/qeth: fix race when initializing the IP address table (bsc#1051510).\n\n - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event (bsc#1051510).\n\n - s390/setup: fix early warning messages (bsc#1051510).\n\n - s390/virtio: handle find on invalid queue gracefully (bsc#1051510).\n\n - sbitmap: fix improper use of smp_mb__before_atomic() (bsc#1140658).\n\n - scripts/git_sort/git_sort.py: add djbw/nvdimm nvdimm-pending.\n\n - scripts/git_sort/git_sort.py: add nvdimm/libnvdimm-fixes\n\n - scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390).\n\n - scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() (bsc#1140727).\n\n - scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555).\n\n - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bsc#1140728).\n\n - scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555).\n\n - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424).\n\n - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296).\n\n - scsi: zfcp: fix missing zfcp_port reference put on\n -EBUSY from port_remove (bsc#1051510).\n\n - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bsc#1051510).\n\n - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bsc#1051510).\n\n - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bsc#1051510).\n\n - smb3: Fix endian warning (bsc#1137884).\n\n - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bsc#1051510).\n\n - soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510).\n\n - staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest (bsc#1051510).\n\n - svm: Add warning message for AVIC IPI invalid target (bsc#1140133).\n\n - svm: Fix AVIC incomplete IPI emulation (bsc#1140133).\n\n - sysctl: handle overflow in proc_get_long (bsc#1051510).\n\n - thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510).\n\n - thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454).\n\n - thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454).\n\n - tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510).\n\n - tmpfs: fix uninitialized return value in shmem_link (bsc#1051510).\n\n - topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454).\n\n - topology: Create package_cpus sysfs attribute (jsc#SLE-5454).\n\n - tracing/snapshot: Resize spare buffer if size changed (bsc#1140726).\n\n - Trim build dependencies of sample subpackage spec file (FATE#326579, jsc#SLE-4117, jsc#SLE-3853, bsc#1128910).\n\n - Trim build dependencies of sample subpackage spec file (jsc#SLE-4117, jsc#SLE-3853, bsc#1128910).\n\n - tty: max310x: Fix external crystal register setup (bsc#1051510).\n\n - usb: chipidea: udc: workaround for endpoint conflict issue (bsc#1135642).\n\n - usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) (bsc#1135642).\n\n - usb: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510).\n\n - usbnet: ipheth: fix racing condition (bsc#1051510).\n\n - usb: serial: fix initial-termios handling (bsc#1135642).\n\n - usb: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510).\n\n - usb: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510).\n\n - usb: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510).\n\n - usb: serial: pl2303: fix tranceiver suspend mode (bsc#1135642).\n\n - usb: usb-storage: Add new ID to ums-realtek (bsc#1051510).\n\n - usb: xhci: avoid NULL pointer deref when bos field is NULL (bsc#1135642).\n\n - vfio: ccw: only free cp on final interrupt (bsc#1051510).\n\n - vlan: disable SIOCSHWTSTAMP in container (bsc#1051510).\n\n - x86/amd_nb: Add support for Raven Ridge CPUs ().\n\n - x86/amd_nb: Add support for Raven Ridge CPUs (FATE#327735).\n\n - x86/CPU/AMD: Do not force the CPB cap when running under a hypervisor (bsc#1114279).\n\n - x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382).\n\n - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (jsc#SLE-5382).\n\n - x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions (jsc#SLE-5382).\n\n - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors ().\n\n - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors (fate#327735).\n\n - x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279).\n\n - x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc#1114279).\n\n - x86/microcode: Fix microcode hotplug state (bsc#1114279).\n\n - x86/microcode: Fix the ancient deprecated microcode loading method (bsc#1114279).\n\n - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#1114279).\n\n - x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454).\n\n - x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#1114279).\n\n - x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454).\n\n - x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454).\n\n - x86/topology: Define topology_die_id() (jsc#SLE-5454).\n\n - x86/topology: Define topology_logical_die_id() (jsc#SLE-5454).", "cvss3": {}, "published": "2019-07-22T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2019-1716)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16871", "CVE-2018-20836", "CVE-2019-10126", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-11599", "CVE-2019-12614"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-1716.NASL", "href": "https://www.tenable.com/plugins/nessus/126884", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1716.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126884);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-16871\", \"CVE-2018-20836\", \"CVE-2019-10126\", \"CVE-2019-10638\", \"CVE-2019-10639\", \"CVE-2019-11599\", \"CVE-2019-12614\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2019-1716)\");\n script_summary(english:\"Check for the openSUSE-2019-1716 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 15.0 was updated to receive various security and\nbugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2019-10638: A device can be tracked by an attacker\n using the IP ID values the kernel produces for\n connection-less protocols (e.g., UDP and ICMP). When\n such traffic is sent to multiple destination IP\n addresses, it is possible to obtain hash collisions (of\n indices to the counter array) and thereby obtain the\n hashing key (via enumeration). An attack may be\n conducted by hosting a crafted web page that uses WebRTC\n or gQUIC to force UDP traffic to attacker-controlled IP\n addresses (bnc#1140575).\n\n - CVE-2019-10639: The Linux kernel allowed Information\n Exposure (partial kernel address disclosure), leading to\n a KASLR bypass. Specifically, it is possible to extract\n the KASLR kernel image offset using the IP ID values the\n kernel produces for connection-less protocols (e.g., UDP\n and ICMP). When such traffic is sent to multiple\n destination IP addresses, it is possible to obtain hash\n collisions (of indices to the counter array) and thereby\n obtain the hashing key (via enumeration). This key\n contains enough bits from a kernel address (of a static\n variable) so when the key is extracted (via\n enumeration), the offset of the kernel image is exposed.\n This attack can be carried out remotely, by the attacker\n forcing the target device to send UDP or ICMP (or\n certain other) traffic to attacker-controlled IP\n addresses. Forcing a server to send UDP traffic is\n trivial if the server is a DNS server. ICMP traffic is\n trivial if the server answers ICMP Echo requests (ping).\n For client targets, if the target visits the attacker's\n web page, then WebRTC or gQUIC can be used to force UDP\n traffic to attacker-controlled IP addresses. NOTE: this\n attack against KASLR became viable in 4.1 because IP ID\n generation was changed to have a dependency on an\n address associated with a network namespace\n (bnc#1140577).\n\n - CVE-2018-20836: There was a race condition in\n smp_task_timedout() and smp_task_done() in\n drivers/scsi/libsas/sas_expander.c, leading to a\n use-after-free (bnc#1134395).\n\n - CVE-2019-10126: A heap based buffer overflow in\n mwifiex_uap_parse_tail_ies function in\n drivers/net/wireless/marvell/mwifiex/ie.c might lead to\n memory corruption and possibly other consequences\n (bnc#1136935).\n\n - CVE-2019-11599: The coredump implementation in the Linux\n kernel did not use locking or other mechanisms to\n prevent vma layout or vma flags changes while it runs,\n which allowed local users to obtain sensitive\n information, cause a denial of service, or possibly have\n unspecified other impact by triggering a race condition\n with mmget_not_zero or get_task_mm calls. This is\n related to fs/userfaultfd.c, mm/mmap.c,\n fs/proc/task_mmu.c, and\n drivers/infiniband/core/uverbs_main.c (bnc#1131645\n 1133738).\n\n - CVE-2019-12614: An issue was discovered in\n dlpar_parse_cc_property in\n arch/powerpc/platforms/pseries/dlpar.c where there was\n an unchecked kstrdup of prop->name, which might allow an\n attacker to cause a denial of service (NULL pointer\n dereference and system crash) (bnc#1137194).\n\n - CVE-2018-16871: A flaw was found in NFS where an\n attacker who is able to mount an exported NFS filesystem\n was able to trigger a NULL pointer dereference by an\n invalid NFS sequence. (bnc#1137103).\n\nThe following non-security bugs were fixed :\n\n - 6lowpan: Off by one handling ->nexthdr (bsc#1051510).\n\n - added De0-Nanos-SoC board support (and others based on\n Altera SOC).\n\n - Add sample kernel-default-base spec file (FATE#326579,\n jsc#SLE-4117, jsc#SLE-3853, bsc#1128910).\n\n - Add sample kernel-default-base spec file (jsc#SLE-4117,\n jsc#SLE-3853, bsc#1128910).\n\n - af_key: unconditionally clone on broadcast\n (bsc#1051510).\n\n - alsa: firewire-lib/fireworks: fix miss detection of\n received MIDI messages (bsc#1051510).\n\n - alsa: hda - Force polling mode on CNL for fixing codec\n communication (bsc#1051510).\n\n - alsa: hda/realtek: Add quirks for several Clevo notebook\n barebones (bsc#1051510).\n\n - alsa: hda/realtek - Change front mic location for Lenovo\n M710q (bsc#1051510).\n\n - alsa: line6: Fix write on zero-sized buffer\n (bsc#1051510).\n\n - alsa: seq: fix incorrect order of dest_client/dest_ports\n arguments (bsc#1051510).\n\n - alsa: usb-audio: fix sign unintended sign extension on\n left shifts (bsc#1051510).\n\n - apparmor: enforce nullbyte at end of tag string\n (bsc#1051510).\n\n - audit: fix a memory leak bug (bsc#1051510).\n\n - ax25: fix inconsistent lock state in ax25_destroy_timer\n (bsc#1051510).\n\n - blk-mq: free hw queue's resource in hctx's release\n handler (bsc#1140637).\n\n - block: Fix a NULL pointer dereference in\n generic_make_request() (bsc#1139771).\n\n - bluetooth: Fix faulty expression for minimum encryption\n key size check (bsc#1140328).\n\n - can: af_can: Fix error path of can_init() (bsc#1051510).\n\n - can: flexcan: fix timeout when set small bitrate\n (bsc#1051510).\n\n - can: purge socket error queue on sock destruct\n (bsc#1051510).\n\n - ceph: flush dirty inodes before proceeding with remount\n (bsc#1140405).\n\n - cfg80211: fix memory leak of wiphy device name\n (bsc#1051510).\n\n - clk: rockchip: Turn on 'aclk_dmac1' for suspend on\n rk3288 (bsc#1051510).\n\n - clk: tegra: Fix PLLM programming on Tegra124+ when PMC\n overrides divider (bsc#1051510).\n\n - coresight: etb10: Fix handling of perf mode\n (bsc#1051510).\n\n - coresight: etm4x: Add support to enable ETMv4.2\n (bsc#1051510).\n\n - cpu/topology: Export die_id (jsc#SLE-5454).\n\n - crypto: algapi - guard against uninitialized spawn list\n in crypto_remove_spawns (bsc#1133401).\n\n - crypto: cryptd - Fix skcipher instance memory leak\n (bsc#1051510).\n\n - crypto: user - prevent operating on larval algorithms\n (bsc#1133401).\n\n - device core: Consolidate locking and unlocking of parent\n and device (bsc#1106383).\n\n - dmaengine: imx-sdma: remove BD_INTR for channel0\n (bsc#1051510).\n\n - dm, dax: Fix detection of DAX support (bsc#1139782).\n\n - doc: Cope with the deprecation of AutoReporter\n (bsc#1051510).\n\n - Do not provide kernel-default from kernel-default-base\n (boo#1132154, bsc#1106751).\n\n - Do not provide kernel-default-srchash from\n kernel-default-base.\n\n - Do not restrict NFSv4.2 on openSUSE (bsc#1138719).\n\n - driver core: Establish order of operations for\n device_add and device_del via bitflag (bsc#1106383).\n\n - driver core: Probe devices asynchronously instead of the\n driver (bsc#1106383).\n\n - drivers/base: Introduce kill_device() (bsc#1139865).\n\n - drivers/base: kABI fixes for struct device_private\n (bsc#1106383).\n\n - drivers: misc: fix out-of-bounds access in function\n param_set_kgdbts_var (bsc#1051510).\n\n - drivers/rapidio/devices/rio_mport_cdev.c: fix resource\n leak in error handling path in 'rio_dma_transfer()'\n (bsc#1051510).\n\n - drivers/rapidio/rio_cm.c: fix potential oops in\n riocm_ch_listen() (bsc#1051510).\n\n - drivers: thermal: tsens: Do not print error message on\n -EPROBE_DEFER (bsc#1051510).\n\n - drm/arm/hdlcd: Allow a bit of clock tolerance\n (bsc#1051510).\n\n - drm/i915/gvt: ignore unexpected pvinfo write\n (bsc#1051510).\n\n - EDAC/mc: Fix edac_mc_find() in case no device is found\n (bsc#1114279).\n\n - ftrace/x86: Remove possible deadlock between\n register_kprobe() and ftrace_run_update_code()\n (bsc#1071995).\n\n - ftrace/x86: Remove possible deadlock between\n register_kprobe() and ftrace_run_update_code()\n (bsc#1071995 fate#323487).\n\n - genirq: Prevent use-after-free and work list corruption\n (bsc#1051510).\n\n - genirq: Respect IRQCHIP_SKIP_SET_WAKE in\n irq_chip_set_wake_parent() (bsc#1051510).\n\n - genwqe: Prevent an integer overflow in the ioctl\n (bsc#1051510).\n\n - hwmon/coretemp: Cosmetic: Rename internal variables to\n zones from packages (jsc#SLE-5454).\n\n - hwmon/coretemp: Support multi-die/package\n (jsc#SLE-5454).\n\n - hwmon: (k10temp) 27C Offset needed for Threadripper2\n (FATE#327735).\n\n - hwmon: (k10temp) Add Hygon Dhyana support (FATE#327735).\n\n - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega\n graphics (FATE#327735).\n\n - hwmon: (k10temp) Add support for family 17h\n (FATE#327735).\n\n - hwmon: (k10temp) Add support for Stoney Ridge and\n Bristol Ridge CPUs (FATE#327735).\n\n - hwmon: (k10temp) Add support for temperature offsets\n (FATE#327735).\n\n - hwmon: (k10temp) Add temperature offset for Ryzen 1900X\n (FATE#327735).\n\n - hwmon: (k10temp) Add temperature offset for Ryzen 2700X\n (FATE#327735).\n\n - hwmon: (k10temp) Correct model name for Ryzen 1600X\n (FATE#327735).\n\n - hwmon: (k10temp) Display both Tctl and Tdie\n (FATE#327735).\n\n - hwmon: (k10temp) Fix reading critical temperature\n register (FATE#327735).\n\n - hwmon: (k10temp) Make function get_raw_temp static\n (FATE#327735).\n\n - hwmon: (k10temp) Move chip specific code into probe\n function (FATE#327735).\n\n - hwmon: (k10temp) Only apply temperature offset if result\n is positive (FATE#327735).\n\n - hwmon: (k10temp) Support all Family 15h Model 6xh and\n Model 7xh processors (FATE#327735).\n\n - hwmon: k10temp: Support Threadripper 2920X, 2970WX;\n simplify offset table (FATE#327735).\n\n - hwmon: (k10temp) Use API function to access System\n Management Network (FATE#327735).\n\n - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs\n ().\n\n - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs\n (FATE#327735).\n\n - i2c: acorn: fix i2c warning (bsc#1135642).\n\n - i2c-piix4: Add Hygon Dhyana SMBus support (FATE#327735).\n\n - ibmveth: Update ethtool settings to reflect virtual\n properties (bsc#1136157, LTC#177197).\n\n - input: synaptics - enable SMBus on ThinkPad E480 and\n E580 (bsc#1051510).\n\n - input: uinput - add compat ioctl number translation for\n UI_*_FF_UPLOAD (bsc#1051510).\n\n - Install extra rpm scripts for kernel subpackaging\n (FATE#326579, jsc#SLE-4117, jsc#SLE-3853, bsc#1128910).\n\n - Install extra rpm scripts for kernel subpackaging\n (jsc#SLE-4117, jsc#SLE-3853, bsc#1128910).\n\n - kabi fixup blk_mq_register_dev() (bsc#1140637).\n\n - kabi: x86/topology: Add CPUID.1F multi-die/package\n support (jsc#SLE-5454).\n\n - kabi: x86/topology: Define topology_logical_die_id()\n (jsc#SLE-5454).\n\n - kvm: x86: Include CPUID leaf 0x8000001e in kvm's\n supported CPUID (bsc#1114279).\n\n - kvm: x86: Include multiple indices with CPUID leaf\n 0x8000001d (bsc#1114279).\n\n - libata: Extend quirks for the ST1000LM024 drives with\n NOLPM quirk (bsc#1051510).\n\n - libnvdimm/bus: Prevent duplicate device_unregister()\n calls (bsc#1139865).\n\n - libnvdimm, pfn: Fix over-trim in trim_pfn_device()\n (bsc#1140719).\n\n - mac80211: Do not use stack memory with scatterlist for\n GMAC (bsc#1051510).\n\n - mac80211: drop robust management frames from unknown TA\n (bsc#1051510).\n\n - mac80211: handle deauthentication/disassociation from\n TDLS peer (bsc#1051510).\n\n - media: v4l2-ioctl: clear fields in s_parm (bsc#1051510).\n\n - mISDN: make sure device name is NUL terminated\n (bsc#1051510).\n\n - mmc: core: Prevent processing SDIO IRQs when the card is\n suspended (bsc#1051510).\n\n - module: Fix livepatch/ftrace module text permissions\n race (bsc#1071995).\n\n - module: Fix livepatch/ftrace module text permissions\n race (bsc#1071995 fate#323487).\n\n - net: mvpp2: prs: Fix parser range for VID filtering\n (bsc#1098633).\n\n - net: mvpp2: prs: Use the correct helpers when removing\n all VID filters (bsc#1098633).\n\n - net: mvpp2: Use strscpy to handle stat strings\n (bsc#1098633).\n\n - nfit/ars: Allow root to busy-poll the ARS state machine\n (bsc#1140814).\n\n - nfit/ars: Avoid stale ARS results (jsc#SLE-5433).\n\n - nfit/ars: Introduce scrub_flags (jsc#SLE-5433).\n\n - ntp: Allow TAI-UTC offset to be set to zero\n (bsc#1135642).\n\n - nvme: copy MTFA field from identify controller\n (bsc#1140715).\n\n - nvme-rdma: fix double freeing of async event data\n (bsc#1120423).\n\n - nvme-rdma: fix possible double free of controller async\n event buffer (bsc#1120423).\n\n - ocfs2: try to reuse extent block in dealloc without\n meta_alloc (bsc#1128902).\n\n - pci: PM: Skip devices in D0 for suspend-to-idle\n (bsc#1051510).\n\n - pci: rpadlpar: Fix leaked device_node references in\n add/remove paths (bsc#1051510).\n\n - perf/x86/intel/cstate: Support multi-die/package\n (jsc#SLE-5454).\n\n - perf/x86/intel/rapl: Cosmetic rename internal variables\n in response to multi-die/pkg support (jsc#SLE-5454).\n\n - perf/x86/intel/rapl: Support multi-die/package\n (jsc#SLE-5454).\n\n - perf/x86/intel/uncore: Cosmetic renames in response to\n multi-die/pkg support (jsc#SLE-5454).\n\n - perf/x86/intel/uncore: Support multi-die/package\n (jsc#SLE-5454).\n\n - powercap/intel_rapl: Simplify rapl_find_package()\n (jsc#SLE-5454).\n\n - powercap/intel_rapl: Support multi-die/package\n (jsc#SLE-5454).\n\n - powercap/intel_rapl: Update RAPL domain name and debug\n messages (jsc#SLE-5454).\n\n - powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to\n power9 event list (bsc#1137728, LTC#178106).\n\n - powerpc/perf: Add POWER9 alternate PM_RUN_CYC and\n PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106).\n\n - powerpc/rtas: retry when cpu offline races with\n suspend/migration (bsc#1140428, LTC#178808).\n\n - ppp: mppe: Add softdep to arc4 (bsc#1088047).\n\n - qmi_wwan: add network device usage statistics for qmimux\n devices (bsc#1051510).\n\n - qmi_wwan: add support for QMAP padding in the RX path\n (bsc#1051510).\n\n - qmi_wwan: avoid RCU stalls on device disconnect when in\n QMAP mode (bsc#1051510).\n\n - qmi_wwan: extend permitted QMAP mux_id value range\n (bsc#1051510).\n\n - rapidio: fix a NULL pointer dereference when\n create_workqueue() fails (bsc#1051510).\n\n - ras/CEC: Convert the timer callback to a workqueue\n (bsc#1114279).\n\n - ras/CEC: Fix binary search function (bsc#1114279).\n\n - Refresh\n patches.fixes/scsi-Introduce-scsi_start_queue.patch\n (bsc#1119532).\n\n - Remove the previous subpackage infrastructure. This\n partially reverts commit\n 9b3ca32c11854156b2f950ff5e26131377d8445e ('Add\n kernel-subpackage-build.spec (FATE#326579).')\n\n - Replace the bluetooth fix with the upstream commit\n (bsc#1135556)\n\n - Revert 'Drop multiversion(kernel) from the KMP template\n ()' (bsc#1109137).\n\n - Revert 'Drop multiversion(kernel) from the KMP template\n (fate#323189)' (bsc#1109137). This reverts commit\n 71504d805c1340f68715ad41958e5ef35da2c351.\n\n - Revert 'KMPs: obsolete older KMPs of the same flavour\n (bsc#1127155, bsc#1109137).'\n\n - Revert 'KMPs: provide and conflict a kernel version\n specific KMP name'\n\n - Revert 'Revert 'Drop multiversion(kernel) from the KMP\n template ()''\n\n - Revert 'Revert 'Drop multiversion(kernel) from the KMP\n template (fate#323189)'' This feature was requested for\n SLE15 but aws reverted in packaging and master.\n\n - Revert 's390/jump_label: Use 'jdd' constraint on gcc9\n (bsc#1138589).'\n\n - Revert 'Sign non-x86 kernels when possible\n (boo#1134303)' This reverts commit\n bac621c6704610562ebd9e74ae5ad85ca8025681.\n\n - Revert 'svm: Fix AVIC incomplete IPI emulation'\n (bsc#1140133).\n\n - rpm: Add arm64 dtb-allwinner subpackage 4.10 added\n arch/arm64/boot/dts/allwinner/.\n\n - rpm: Add arm64 dtb-zte subpackage 4.9 added\n arch/arm64/boot/dts/zte/.\n\n - rpm/kernel-binary.spec.in: Add back kernel-binary-base\n subpackage (jsc#SLE-3853).\n\n - rpm/kernel-binary.spec.in: Build livepatch support in\n SUSE release projects (bsc#1124167).\n\n - rpm/kernel-subpackage-build: handle arm kernel zImage.\n\n - rpm/kernel-subpackage-spec: only provide firmware\n actually present in subpackage.\n\n - rpm/package-descriptions: fix typo in kernel-azure\n\n - rpm/post.sh: correct typo in err msg (bsc#1137625)\n\n - s390/dasd: fix using offset into zero size array error\n (bsc#1051510).\n\n - s390/jump_label: Use 'jdd' constraint on gcc9\n (bsc#1138589).\n\n - s390/qeth: fix race when initializing the IP address\n table (bsc#1051510).\n\n - s390/qeth: fix VLAN attribute in bridge_hostnotify udev\n event (bsc#1051510).\n\n - s390/setup: fix early warning messages (bsc#1051510).\n\n - s390/virtio: handle find on invalid queue gracefully\n (bsc#1051510).\n\n - sbitmap: fix improper use of smp_mb__before_atomic()\n (bsc#1140658).\n\n - scripts/git_sort/git_sort.py: add djbw/nvdimm\n nvdimm-pending.\n\n - scripts/git_sort/git_sort.py: add nvdimm/libnvdimm-fixes\n\n - scsi: core: add new RDAC LENOVO/DE_Series device\n (bsc#1132390).\n\n - scsi: qla2xxx: Fix abort handling in\n tcm_qla2xxx_write_pending() (bsc#1140727).\n\n - scsi: qla2xxx: Fix FC-AL connection target discovery\n (bsc#1094555).\n\n - scsi: qla2xxx: Fix incorrect region-size setting in\n optrom SYSFS routines (bsc#1140728).\n\n - scsi: qla2xxx: Fix N2N target discovery with Local loop\n (bsc#1094555).\n\n - scsi: target/iblock: Fix overrun in WRITE SAME emulation\n (bsc#1140424).\n\n - scsi: vmw_pscsi: Fix use-after-free in\n pvscsi_queue_lck() (bsc#1135296).\n\n - scsi: zfcp: fix missing zfcp_port reference put on\n -EBUSY from port_remove (bsc#1051510).\n\n - scsi: zfcp: fix rport unblock if deleted SCSI devices on\n Scsi_Host (bsc#1051510).\n\n - scsi: zfcp: fix scsi_eh host reset with port_forced ERP\n for non-NPIV FCP devices (bsc#1051510).\n\n - scsi: zfcp: fix to prevent port_remove with pure auto\n scan LUNs (only sdevs) (bsc#1051510).\n\n - smb3: Fix endian warning (bsc#1137884).\n\n - soc: mediatek: pwrap: Zero initialize rdata in\n pwrap_init_cipher (bsc#1051510).\n\n - soc: rockchip: Set the proper PWM for rk3288\n (bsc#1051510).\n\n - staging: comedi: ni_mio_common: Fix divide-by-zero for\n DIO cmdtest (bsc#1051510).\n\n - svm: Add warning message for AVIC IPI invalid target\n (bsc#1140133).\n\n - svm: Fix AVIC incomplete IPI emulation (bsc#1140133).\n\n - sysctl: handle overflow in proc_get_long (bsc#1051510).\n\n - thermal: rcar_gen3_thermal: disable interrupt in .remove\n (bsc#1051510).\n\n - thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal\n variables to zones from packages (jsc#SLE-5454).\n\n - thermal/x86_pkg_temp_thermal: Support multi-die/package\n (jsc#SLE-5454).\n\n - tmpfs: fix link accounting when a tmpfile is linked in\n (bsc#1051510).\n\n - tmpfs: fix uninitialized return value in shmem_link\n (bsc#1051510).\n\n - topology: Create core_cpus and die_cpus sysfs attributes\n (jsc#SLE-5454).\n\n - topology: Create package_cpus sysfs attribute\n (jsc#SLE-5454).\n\n - tracing/snapshot: Resize spare buffer if size changed\n (bsc#1140726).\n\n - Trim build dependencies of sample subpackage spec file\n (FATE#326579, jsc#SLE-4117, jsc#SLE-3853, bsc#1128910).\n\n - Trim build dependencies of sample subpackage spec file\n (jsc#SLE-4117, jsc#SLE-3853, bsc#1128910).\n\n - tty: max310x: Fix external crystal register setup\n (bsc#1051510).\n\n - usb: chipidea: udc: workaround for endpoint conflict\n issue (bsc#1135642).\n\n - usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam\n regression) (bsc#1135642).\n\n - usb: Fix chipmunk-like voice when using Logitech C270\n for recording audio (bsc#1051510).\n\n - usbnet: ipheth: fix racing condition (bsc#1051510).\n\n - usb: serial: fix initial-termios handling (bsc#1135642).\n\n - usb: serial: option: add support for Simcom\n SIM7500/SIM7600 RNDIS mode (bsc#1051510).\n\n - usb: serial: option: add Telit 0x1260 and 0x1261\n compositions (bsc#1051510).\n\n - usb: serial: pl2303: add Allied Telesis VT-Kit3\n (bsc#1051510).\n\n - usb: serial: pl2303: fix tranceiver suspend mode\n (bsc#1135642).\n\n - usb: usb-storage: Add new ID to ums-realtek\n (bsc#1051510).\n\n - usb: xhci: avoid NULL pointer deref when bos field is\n NULL (bsc#1135642).\n\n - vfio: ccw: only free cp on final interrupt\n (bsc#1051510).\n\n - vlan: disable SIOCSHWTSTAMP in container (bsc#1051510).\n\n - x86/amd_nb: Add support for Raven Ridge CPUs ().\n\n - x86/amd_nb: Add support for Raven Ridge CPUs\n (FATE#327735).\n\n - x86/CPU/AMD: Do not force the CPB cap when running under\n a hypervisor (bsc#1114279).\n\n - x86/cpufeatures: Carve out CQM features retrieval\n (jsc#SLE-5382).\n\n - x86/cpufeatures: Combine word 11 and 12 into a new\n scattered features word (jsc#SLE-5382).\n\n - x86/cpufeatures: Enumerate the new AVX512 BFLOAT16\n instructions (jsc#SLE-5382).\n\n - x86/CPU/hygon: Fix phys_proc_id calculation logic for\n multi-die processors ().\n\n - x86/CPU/hygon: Fix phys_proc_id calculation logic for\n multi-die processors (fate#327735).\n\n - x86/mce: Fix machine_check_poll() tests for error types\n (bsc#1114279).\n\n - x86/microcode, cpuhotplug: Add a microcode loader CPU\n hotplug callback (bsc#1114279).\n\n - x86/microcode: Fix microcode hotplug state\n (bsc#1114279).\n\n - x86/microcode: Fix the ancient deprecated microcode\n loading method (bsc#1114279).\n\n - x86/mm/mem_encrypt: Disable all instrumentation for\n early SME setup (bsc#1114279).\n\n - x86/smpboot: Rename match_die() to match_pkg()\n (jsc#SLE-5454).\n\n - x86/speculation/mds: Revert CPU buffer clear on double\n fault exit (bsc#1114279).\n\n - x86/topology: Add CPUID.1F multi-die/package support\n (jsc#SLE-5454).\n\n - x86/topology: Create topology_max_die_per_package()\n (jsc#SLE-5454).\n\n - x86/topology: Define topology_die_id() (jsc#SLE-5454).\n\n - x86/topology: Define topology_logical_die_id()\n (jsc#SLE-5454).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1071995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1088047\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1098633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106383\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109137\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119532\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1128902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1128910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135642\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136157\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136935\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137884\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1139771\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1139782\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1139865\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140328\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140575\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140658\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140814\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20836\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-4.12.14-lp150.12.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-base-4.12.14-lp150.12.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-base-debuginfo-4.12.14-lp150.12.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-debuginfo-4.12.14-lp150.12.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-debugsource-4.12.14-lp150.12.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-devel-4.12.14-lp150.12.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-devel-debuginfo-4.12.14-lp150.12.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-4.12.14-lp150.12.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-base-4.12.14-lp150.12.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-base-debuginfo-4.12.14-lp150.12.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-debuginfo-4.12.14-lp150.12.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-debugsource-4.12.14-lp150.12.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-devel-4.12.14-lp150.12.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-devel-debuginfo-4.12.14-lp150.12.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-devel-4.12.14-lp150.12.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-docs-html-4.12.14-lp150.12.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-4.12.14-lp150.12.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-base-4.12.14-lp150.12.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-lp150.12.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-lp150.12.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-debugsource-4.12.14-lp150.12.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-devel-4.12.14-lp150.12.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-lp150.12.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-macros-4.12.14-lp150.12.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-build-4.12.14-lp150.12.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-build-debugsource-4.12.14-lp150.12.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-qa-4.12.14-lp150.12.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-source-4.12.14-lp150.12.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-source-vanilla-4.12.14-lp150.12.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-syms-4.12.14-lp150.12.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-4.12.14-lp150.12.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-base-4.12.14-lp150.12.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-lp150.12.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-debuginfo-4.12.14-lp150.12.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-debugsource-4.12.14-lp150.12.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-devel-4.12.14-lp150.12.67.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-lp150.12.67.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:18:07", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0740 advisory.\n\n - kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871)\n\n - kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884)\n\n - kernel: powerpc: local user can read vector registers of other users' processes via a Facility Unavailable exception (CVE-2019-15030)\n\n - kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916)\n\n - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666)\n\n - kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c (CVE-2019-18805)\n\n - kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459)\n\n - kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-03-10T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-alt (RHSA-2020:0740)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16871", "CVE-2019-11884", "CVE-2019-15030", "CVE-2019-15916", "CVE-2019-17666", "CVE-2019-18805", "CVE-2019-3459", "CVE-2019-3460"], "modified": "2023-05-25T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel"], "id": "REDHAT-RHSA-2020-0740.NASL", "href": "https://www.tenable.com/plugins/nessus/134361", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0740. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134361);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2018-16871\",\n \"CVE-2019-3459\",\n \"CVE-2019-3460\",\n \"CVE-2019-11884\",\n \"CVE-2019-15030\",\n \"CVE-2019-15916\",\n \"CVE-2019-17666\",\n \"CVE-2019-18805\"\n );\n script_bugtraq_id(\n 106565,\n 107910,\n 108299,\n 108547\n );\n script_xref(name:\"RHSA\", value:\"2020:0740\");\n\n script_name(english:\"RHEL 7 : kernel-alt (RHSA-2020:0740)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0740 advisory.\n\n - kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871)\n\n - kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884)\n\n - kernel: powerpc: local user can read vector registers of other users' processes via a Facility Unavailable\n exception (CVE-2019-15030)\n\n - kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service\n (CVE-2019-15916)\n\n - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain\n upper-bound check, leading to a buffer overflow (CVE-2019-17666)\n\n - kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c (CVE-2019-18805)\n\n - kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459)\n\n - kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-16871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-3459\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-3460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15916\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-18805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1655162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1663176\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1663179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1709837\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1750813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1759313\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1763690\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1771496\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17666\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-18805\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 120, 190, 200, 400, 476);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2018-16871', 'CVE-2019-3459', 'CVE-2019-3460', 'CVE-2019-11884', 'CVE-2019-15030', 'CVE-2019-15916', 'CVE-2019-17666', 'CVE-2019-18805');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:0740');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/os',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/os',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/os',\n 'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/os',\n 'content/fastrack/rhel/power/7/ppc64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-4.14.0-115.18.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.14.0-115.18.1.el7a', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-4.14.0-115.18.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.14.0-115.18.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.14.0-115.18.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.0-115.18.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.0-115.18.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.0-115.18.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.14.0-115.18.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.14.0-115.18.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.0-115.18.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.0-115.18.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-bootwrapper / kernel-debug / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-29T14:26:34", "description": "The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2019-10638: A device could be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses (bnc#1140575).\n\n - CVE-2019-10639: The Linux kernel allowed Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image is exposed.\n This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping).\n For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable in 4.1 because IP ID generation was changed to have a dependency on an address associated with a network namespace (bnc#1140577).\n\n - CVE-2019-13233: In arch/x86/lib/insn-eval.c there was a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation (bnc#1140454).\n\n - CVE-2018-20836: There was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free (bnc#1134395).\n\n - CVE-2019-10126: A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might have lead to memory corruption and possibly other consequences (bnc#1136935).\n\n - CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c (bnc#1133738).\n\n - CVE-2019-12817: arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected (bnc#1138263).\n\n - CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel. There was an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash) (bnc#1137194).\n\n - CVE-2018-16871: A NULL pointer dereference due to an anomalized NFS message sequence was fixed.\n (bnc#1137103).\n\nThe following non-security bugs were fixed :\n\n - 6lowpan: Off by one handling ->nexthdr (bsc#1051510).\n\n - Abort file_remove_privs() for non-reg. files (bsc#1140888).\n\n - ACPICA: Clear status of GPEs on first direct enable (bsc#1111666).\n\n - ACPI: PM: Allow transitions to D0 to occur in special cases (bsc#1051510).\n\n - ACPI: PM: Avoid evaluating _PS3 on transitions from D3hot to D3cold (bsc#1051510).\n\n - af_key: unconditionally clone on broadcast (bsc#1051510).\n\n - alsa: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510).\n\n - alsa: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510).\n\n - alsa: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510).\n\n - alsa: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510).\n\n - alsa: line6: Fix write on zero-sized buffer (bsc#1051510).\n\n - alsa: seq: fix incorrect order of dest_client/dest_ports arguments (bsc#1051510).\n\n - alsa: usb-audio: Fix parse of UAC2 Extension Units (bsc#1111666).\n\n - alsa: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510).\n\n - apparmor: enforce nullbyte at end of tag string (bsc#1051510).\n\n - ASoC: cx2072x: fix integer overflow on unsigned int multiply (bsc#1111666).\n\n - audit: fix a memory leak bug (bsc#1051510).\n\n - ax25: fix inconsistent lock state in ax25_destroy_timer (bsc#1051510).\n\n - blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637).\n\n - block: Fix a NULL pointer dereference in generic_make_request() (bsc#1139771).\n\n - bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328).\n\n - bpf, devmap: Add missing bulk queue free (bsc#1109837).\n\n - bpf, devmap: Add missing RCU read lock on flush (bsc#1109837).\n\n - bpf, devmap: Fix premature entry free on destroying map (bsc#1109837).\n\n - bpf: devmap: fix use-after-free Read in\n __dev_map_entry_free (bsc#1109837).\n\n - bpf: lpm_trie: check left child of last leftmost node for NULL (bsc#1109837).\n\n - bpf: sockmap fix msg->sg.size account on ingress skb (bsc#1109837).\n\n - bpf: sockmap, fix use after free from sleep in psock backlog workqueue (bsc#1109837).\n\n - bpf: sockmap remove duplicate queue free (bsc#1109837).\n\n - bpf, tcp: correctly handle DONT_WAIT flags and timeo == 0 (bsc#1109837).\n\n - can: af_can: Fix error path of can_init() (bsc#1051510).\n\n - can: flexcan: fix timeout when set small bitrate (bsc#1051510).\n\n - can: purge socket error queue on sock destruct (bsc#1051510).\n\n - ceph: factor out ceph_lookup_inode() (bsc#1138681).\n\n - ceph: fix NULL pointer deref when debugging is enabled (bsc#1138681).\n\n - ceph: fix potential use-after-free in ceph_mdsc_build_path (bsc#1138681).\n\n - ceph: flush dirty inodes before proceeding with remount (bsc#1138681).\n\n - ceph: flush dirty inodes before proceeding with remount (bsc#1140405).\n\n - ceph: print inode number in __caps_issued_mask debugging messages (bsc#1138681).\n\n - ceph: quota: fix quota subdir mounts (bsc#1138681).\n\n - ceph: remove duplicated filelock ref increase (bsc#1138681).\n\n - cfg80211: fix memory leak of wiphy device name (bsc#1051510).\n\n - clk: rockchip: Turn on 'aclk_dmac1' for suspend on rk3288 (bsc#1051510).\n\n - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510).\n\n - coresight: etb10: Fix handling of perf mode (bsc#1051510).\n\n - coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510).\n\n - cpu/topology: Export die_id (jsc#SLE-5454).\n\n - crypto: algapi - guard against uninitialized spawn list in crypto_remove_spawns (bsc#1133401).\n\n - crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510).\n\n - crypto: user - prevent operating on larval algorithms (bsc#1133401).\n\n - dax: Fix xarray entry association for mixed mappings (bsc#1140893).\n\n - device core: Consolidate locking and unlocking of parent and device (bsc#1106383).\n\n - dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510).\n\n - doc: Cope with the deprecation of AutoReporter (bsc#1051510).\n\n - Documentation/ABI: Document umwait control sysfs interfaces (jsc#SLE-5187).\n\n - Documentation: DMA-API: fix a function name of max_mapping_size (bsc#1140954).\n\n - Do not restrict NFSv4.2 on openSUSE (bsc#1138719).\n\n - driver core: Establish order of operations for device_add and device_del via bitflag (bsc#1106383).\n\n - driver core: Probe devices asynchronously instead of the driver (bsc#1106383).\n\n - drivers/base/devres: introduce devm_release_action() (bsc#1103992).\n\n - drivers/base/devres: introduce devm_release_action() (bsc#1103992 FATE#326009).\n\n - drivers/base: Introduce kill_device() (bsc#1139865).\n\n - drivers/base: kABI fixes for struct device_private (bsc#1106383).\n\n - drivers: depend on HAS_IOMEM for devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994).\n\n - drivers: fix a typo in the kernel doc for devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994).\n\n - Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var (bsc#1051510).\n\n - drivers: provide devm_platform_ioremap_resource() (bsc#1136333 jsc#SLE-4994).\n\n - drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' (bsc#1051510).\n\n - drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() (bsc#1051510).\n\n - drivers: thermal: tsens: Do not print error message on\n -EPROBE_DEFER (bsc#1051510).\n\n - drm/amdgpu/gfx9: use reset default for PA_SC_FIFO_SIZE (bsc#1051510).\n\n - drm/amd/powerplay: use hardware fan control if no powerplay fan table (bsc#1111666).\n\n - drm/arm/hdlcd: Actually validate CRTC modes (bsc#1111666).\n\n - drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510).\n\n - drm/arm/mali-dp: Add a loop around the second set CVAL and try 5 times (bsc#1111666).\n\n - drm/etnaviv: add missing failure path to destroy suballoc (bsc#1111666).\n\n - drm/fb-helper: generic: Do not take module ref for fbcon (bsc#1111666).\n\n - drm: Fix drm_release() and device unplug (bsc#1111666).\n\n - drm/i915: Add new AML_ULX support list (jsc#SLE-4986).\n\n - drm/i915: Add new ICL PCI ID (jsc#SLE-4986).\n\n - drm/i915/aml: Add new Amber Lake PCI ID (jsc#SLE-4986).\n\n - drm/i915: Apply correct ddi translation table for AML device (jsc#SLE-4986).\n\n - drm/i915: Attach the pci match data to the device upon creation (jsc#SLE-4986).\n\n - drm/i915/cfl: Adding another PCI Device ID (jsc#SLE-4986).\n\n - drm/i915/cml: Add CML PCI IDS (jsc#SLE-4986).\n\n - drm/i915/dmc: protect against reading random memory (bsc#1051510).\n\n - drm/i915: Fix uninitialized mask in intel_device_info_subplatform_init (jsc#SLE-4986).\n\n - drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510).\n\n - drm/i915/icl: Adding few more device IDs for Ice Lake (jsc#SLE-4986).\n\n - drm/i915: Introduce concept of a sub-platform (jsc#SLE-4986).\n\n - drm/i915: Mark AML 0x87CA as ULX (jsc#SLE-4986).\n\n - drm/i915: Move final cleanup of drm_i915_private to i915_driver_destroy (jsc#SLE-4986).\n\n - drm/i915: Remove redundant device id from IS_IRONLAKE_M macro (jsc#SLE-4986).\n\n - drm/i915: Split Pineview device info into desktop and mobile (jsc#SLE-4986).\n\n - drm/i915: Split some PCI ids into separate groups (jsc#SLE-4986).\n\n - drm/i915: start moving runtime device info to a separate struct (jsc#SLE-4986).\n\n - drm/imx: notify drm core before sending event during crtc disable (bsc#1111666).\n\n - drm/imx: only send event on crtc disable if kept disabled (bsc#1111666).\n\n - drm: panel-orientation-quirks: Add quirk for GPD MicroPC (bsc#1111666).\n\n - drm: panel-orientation-quirks: Add quirk for GPD pocket2 (bsc#1111666).\n\n - drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1111666).\n\n - drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1111666).\n\n - EDAC/mc: Fix edac_mc_find() in case no device is found (bsc#1114279).\n\n - ext4: do not delete unlinked inode from orphan list on failed truncate (bsc#1140891).\n\n - failover: allow name change on IFF_UP slave interfaces (bsc#1109837).\n\n - fs: hugetlbfs: fix hwpoison reserve accounting (bsc#1139712) \n\n - fs/ocfs2: fix race in ocfs2_dentry_attach_lock() (bsc#1140889).\n\n - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference (bsc#1140887).\n\n - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (bsc#1140887).\n\n - ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995).\n\n - ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995 fate#323487).\n\n - genirq: Prevent use-after-free and work list corruption (bsc#1051510).\n\n - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bsc#1051510).\n\n - genwqe: Prevent an integer overflow in the ioctl (bsc#1051510).\n\n - gpio: omap: fix lack of irqstatus_raw0 for OMAP4 (bsc#1051510).\n\n - hugetlbfs: dirty pages as they are added to pagecache (git fixes (mm/hugetlbfs)).\n\n - hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! (git fixes (mm/hugetlbfs)).\n\n - hwmon/coretemp: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454).\n\n - hwmon/coretemp: Support multi-die/package (jsc#SLE-5454).\n\n - hwmon: (k10temp) 27C Offset needed for Threadripper2 (FATE#327735).\n\n - hwmon: (k10temp) Add Hygon Dhyana support (FATE#327735).\n\n - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics (FATE#327735).\n\n - hwmon: (k10temp) Add support for family 17h (FATE#327735).\n\n - hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs (FATE#327735).\n\n - hwmon: (k10temp) Add support for temperature offsets (FATE#327735).\n\n - hwmon: (k10temp) Add temperature offset for Ryzen 1900X (FATE#327735).\n\n - hwmon: (k10temp) Add temperature offset for Ryzen 2700X (FATE#327735).\n\n - hwmon: (k10temp) Correct model name for Ryzen 1600X (FATE#327735).\n\n - hwmon: (k10temp) Display both Tctl and Tdie (FATE#327735).\n\n - hwmon: (k10temp) Fix reading critical temperature register (FATE#327735).\n\n - hwmon: (k10temp) Make function get_raw_temp static (FATE#327735).\n\n - hwmon: (k10temp) Move chip specific code into probe function (FATE#327735).\n\n - hwmon: (k10temp) Only apply temperature offset if result is positive (FATE#327735).\n\n - hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors (FATE#327735).\n\n - hwmon: k10temp: Support Threadripper 2920X, 2970WX;\n simplify offset table (FATE#327735).\n\n - hwmon: (k10temp) Use API function to access System Management Network (FATE#327735).\n\n - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (FATE#327735).\n\n - i2c: acorn: fix i2c warning (bsc#1135642).\n\n - i2c: mlxcpld: Add support for extended transaction length for i2c-mlxcpld (bsc#1112374).\n\n - i2c: mlxcpld: Add support for smbus block read transaction (bsc#1112374).\n\n - i2c: mlxcpld: Allow configurable adapter id for mlxcpld (bsc#1112374).\n\n - i2c: mlxcpld: Fix adapter functionality support callback (bsc#1112374).\n\n - i2c: mlxcpld: Fix wrong initialization order in probe (bsc#1112374).\n\n - i2c: mux: mlxcpld: simplify code to reach the adapter (bsc#1112374).\n\n - i2c-piix4: Add Hygon Dhyana SMBus support (FATE#327735).\n\n - IB/hfi1: Clear the IOWAIT pending bits when QP is put into error state (bsc#1114685 FATE#325854).\n\n - IB/hfi1: Create inline to get extended headers (bsc#1114685 FATE#325854).\n\n - IB/hfi1: Validate fault injection opcode user input (bsc#1114685 FATE#325854).\n\n - IB/mlx5: Verify DEVX general object type correctly (bsc#1103991 FATE#326007).\n\n - ibmveth: Update ethtool settings to reflect virtual properties (bsc#1136157, LTC#177197).\n\n - input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510).\n\n - input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD (bsc#1051510).\n\n - iommu/amd: Make iommu_disable safer (bsc#1140955).\n\n - iommu/arm-smmu: Add support for qcom,smmu-v2 variant (bsc#1051510).\n\n - iommu/arm-smmu: Avoid constant zero in TLBI writes (bsc#1140956).\n\n - iommu/arm-smmu-v3: Fix big-endian CMD_SYNC writes (bsc#1111666).\n\n - iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register (bsc#1051510).\n\n - iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer (bsc#1051510).\n\n - iommu: Fix a leak in iommu_insert_resv_region (bsc#1140957).\n\n - iommu: Use right function to get group for device (bsc#1140958).\n\n - iommu/vt-d: Duplicate iommu_resv_region objects per device list (bsc#1140959).\n\n - iommu/vt-d: Handle PCI bridge RMRR device scopes in intel_iommu_get_resv_regions (bsc#1140960).\n\n - iommu/vt-d: Handle RMRR with PCI bridge device scopes (bsc#1140961).\n\n - iommu/vt-d: Introduce is_downstream_to_pci_bridge helper (bsc#1140962).\n\n - iommu/vt-d: Remove unnecessary rcu_read_locks (bsc#1140964).\n\n - iov_iter: Fix build error without CONFIG_CRYPTO (bsc#1111666).\n\n - ipv6: fib: Do not assume only nodes hold a reference on routes (bsc#1138732).\n\n - irqchip/gic-v3-its: fix some definitions of inner cacheability attributes (bsc#1051510).\n\n - irqchip/mbigen: Do not clear eventid when freeing an MSI (bsc#1051510).\n\n - ixgbe: Avoid NULL pointer dereference with VF on non-IPsec hw (bsc#1140228).\n\n - kabi fixup blk_mq_register_dev() (bsc#1140637).\n\n - kabi: Mask no_vf_scan in struct pci_dev (jsc#SLE-5803 FATE#327056).\n\n - kabi workaround for asus-wmi changes (bsc#1051510).\n\n - kabi: x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454).\n\n - kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454).\n\n - kvm: svm/avic: fix off-by-one in checking host APIC ID (bsc#1140971).\n\n - kvm: x86: fix return value for reserved EFER (bsc#1140992).\n\n - kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID (bsc#1114279).\n\n - kvm: x86: Include multiple indices with CPUID leaf 0x8000001d (bsc#1114279).\n\n - kvm: x86: Skip EFER vs. guest CPUID checks for host-initiated writes (bsc#1140972).\n\n - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510).\n\n - libceph: assign cookies in linger_submit() (bsc#1135897).\n\n - libceph: check reply num_data_items in setup_request_data() (bsc#1135897).\n\n - libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897).\n\n - libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897).\n\n - libceph: introduce alloc_watch_request() (bsc#1135897).\n\n - libceph: introduce ceph_pagelist_alloc() (bsc#1135897).\n\n - libceph: preallocate message data items (bsc#1135897).\n\n - libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897). This feature was requested for SLE15 but aws reverted in packaging and master.\n\n - libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897).\n\n - libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865).\n\n - libnvdimm, pfn: Fix over-trim in trim_pfn_device() (bsc#1140719).\n\n - mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510).\n\n - mac80211: drop robust management frames from unknown TA (bsc#1051510).\n\n - mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510).\n\n - media: v4l2-ioctl: clear fields in s_parm (bsc#1051510).\n\n - mfd: hi655x: Fix regmap area declared size for hi655x (bsc#1051510).\n\n - mISDN: make sure device name is NUL terminated (bsc#1051510).\n\n - mlxsw: core: Add API for QSFP module temperature thresholds reading (bsc#1112374).\n\n - mlxsw: core: Do not use WQ_MEM_RECLAIM for EMAD workqueue (bsc#1112374).\n\n - mlxsw: core: mlxsw: core: avoid -Wint-in-bool-context warning (bsc#1112374).\n\n - mlxsw: core: Move ethtool module callbacks to a common location (bsc#1112374).\n\n - mlxsw: core: Prevent reading unsupported slave address from SFP EEPROM (bsc#1112374).\n\n - mlxsw: pci: Reincrease PCI reset timeout (bsc#1112374).\n\n - mlxsw: reg: Add Management Temperature Bulk Register (bsc#1112374).\n\n - mlxsw: spectrum_flower: Fix TOS matching (bsc#1112374).\n\n - mlxsw: spectrum: Move QSFP EEPROM definitions to common location (bsc#1112374).\n\n - mlxsw: spectrum: Put MC TCs into DWRR mode (bsc#1112374).\n\n - mmc: core: complete HS400 before checking status (bsc#1111666).\n\n - mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510).\n\n - mm/devm_memremap_pages: introduce devm_memunmap_pages (bsc#1103992 FATE#326009).\n\n - mm: fix race on soft-offlining free huge pages (bsc#1139712). \n\n - mm: hugetlb: delete dequeue_hwpoisoned_huge_page() (bsc#1139712). \n\n - mm: hugetlb: prevent reuse of hwpoisoned free hugepages (bsc#1139712). \n\n - mm: hugetlb: soft-offline: dissolve_free_huge_page() return zero on !PageHuge (bsc#bsc#1139712). \n\n - mm: hugetlb: soft-offline: dissolve source hugepage after successful migration (bsc#1139712). \n\n - mm: hugetlb: soft_offline: save compound page order before page migration (bsc#1139712) \n\n - mm: hwpoison: change PageHWPoison behavior on hugetlb pages (bsc#1139712). \n\n - mm: hwpoison: dissolve in-use hugepage in unrecoverable memory error (bsc#1139712). \n\n - mm: hwpoison: introduce idenfity_page_state (bsc#1139712). \n\n - mm: hwpoison: introduce memory_failure_hugetlb() (bsc#1139712). \n\n - mm/page_alloc.c: avoid potential NULL pointer dereference (git fixes (mm/pagealloc)).\n\n - mm/page_alloc.c: fix never set ALLOC_NOFRAGMENT flag (git fixes (mm/pagealloc)).\n\n - mm: soft-offline: close the race against page allocation (bsc#1139712). \n\n - mm: soft-offline: dissolve free hugepage if soft-offlined (bsc#1139712). \n\n - mm: soft-offline: return -EBUSY if set_hwpoison_free_buddy_page() fails (bsc#1139712). \n\n - mm/vmscan.c: prevent useless kswapd loops (git fixes (mm/vmscan)).\n\n - module: Fix livepatch/ftrace module text permissions race (bsc#1071995 fate#323487).\n\n - net: core: support XDP generic on stacked devices (bsc#1109837).\n\n - net: do not clear sock->sk early to avoid trouble in strparser (bsc#1103990 FATE#326006).\n\n - net: ena: add ethtool function for changing io queue sizes (bsc#1138879).\n\n - net: ena: add good checksum counter (bsc#1138879).\n\n - net: ena: add handling of llq max tx burst size (bsc#1138879).\n\n - net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1138879).\n\n - net: ena: add newline at the end of pr_err prints (bsc#1138879).\n\n - net: ena: add support for changing max_header_size in LLQ mode (bsc#1138879).\n\n - net: ena: allow automatic fallback to polling mode (bsc#1138879).\n\n - net: ena: allow queue allocation backoff when low on memory (bsc#1138879).\n\n - net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1138879).\n\n - net: ena: enable negotiating larger Rx ring size (bsc#1138879).\n\n - net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1138879).\n\n - net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1138879).\n\n - net: ena: fix ena_com_fill_hash_function() implementation (bsc#1138879).\n\n - net: ena: fix: Free napi resources when ena_up() fails (bsc#1138879).\n\n - net: ena: fix incorrect test of supported hash function (bsc#1138879).\n\n - net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1138879).\n\n - net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1138879).\n\n - net: ena: gcc 8: fix compilation warning (bsc#1138879).\n\n - net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1138879).\n\n - net: ena: make ethtool show correct current and max queue sizes (bsc#1138879).\n\n - net: ena: optimise calculations for CQ doorbell (bsc#1138879).\n\n - net: ena: remove inline keyword from functions in *.c (bsc#1138879).\n\n - net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1138879).\n\n - net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1138879).\n\n - net: ena: use dev_info_once instead of static variable (bsc#1138879).\n\n - net: ethernet: ti: cpsw_ethtool: fix ethtool ring param set (bsc#1130836).\n\n - net: Fix missing meta data in skb with vlan packet (bsc#1109837).\n\n - net/mlx5: Avoid reloading already removed devices (bsc#1103990 FATE#326006).\n\n - net/mlx5e: Fix ethtool rxfh commands when CONFIG_MLX5_EN_RXNFC is disabled (bsc#1103990 FATE#326006).\n\n - net/mlx5e: Fix the max MTU check in case of XDP (bsc#1103990 FATE#326006).\n\n - net/mlx5e: Fix use-after-free after xdp_return_frame (bsc#1103990 FATE#326006).\n\n - net/mlx5e: Rx, Check ip headers sanity (bsc#1103990 FATE#326006).\n\n - net/mlx5e: Rx, Fixup skb checksum for packets with tail padding (bsc#1109837).\n\n - net/mlx5e: XDP, Fix shifted flag index in RQ bitmap (bsc#1103990 FATE#326006).\n\n - net/mlx5: FPGA, tls, hold rcu read lock a bit longer (bsc#1103990 FATE#326006).\n\n - net/mlx5: FPGA, tls, idr remove on flow delete (bsc#1103990 FATE#326006).\n\n - net/mlx5: Set completion EQs as shared resources (bsc#1103991 FATE#326007).\n\n - net/mlx5: Update pci error handler entries and command translation (bsc#1103991 FATE#326007).\n\n - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633).\n\n - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633).\n\n - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633).\n\n - net: phy: marvell10g: report if the PHY fails to boot firmware (bsc#1119113 FATE#326472).\n\n - net/sched: cbs: Fix error path of cbs_module_init (bsc#1109837).\n\n - net/sched: cbs: fix port_rate miscalculation (bsc#1109837).\n\n - net/tls: avoid NULL pointer deref on nskb->sk in fallback (bsc#1109837).\n\n - net/tls: avoid potential deadlock in tls_set_device_offload_rx() (bsc#1109837).\n\n - net: tls, correctly account for copied bytes with multiple sk_msgs (bsc#1109837).\n\n - net/tls: do not copy negative amounts of data in reencrypt (bsc#1109837).\n\n - net/tls: do not ignore netdev notifications if no TLS features (bsc#1109837).\n\n - net/tls: do not leak IV and record seq when offload fails (bsc#1109837).\n\n - net/tls: do not leak partially sent record in device mode (bsc#1109837).\n\n - net/tls: fix build without CONFIG_TLS_DEVICE (bsc#1109837).\n\n - net/tls: fix copy to fragments in reencrypt (bsc#1109837).\n\n - net/tls: fix page double free on TX cleanup (bsc#1109837).\n\n - net/tls: fix refcount adjustment in fallback (bsc#1109837).\n\n - net/tls: fix state removal with feature flags off (bsc#1109837).\n\n - net/tls: fix the IV leaks (bsc#1109837).\n\n - net/tls: prevent bad memory access in tls_is_sk_tx_device_offloaded() (bsc#1109837).\n\n - net/tls: replace the sleeping lock around RX resync with a bit lock (bsc#1109837).\n\n - net/udp_gso: Allow TX timestamp with UDP GSO (bsc#1109837).\n\n - new primitive: vmemdup_user() (jsc#SLE-4712 bsc#1136156).\n\n - nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814).\n\n - nfit/ars: Avoid stale ARS results (jsc#SLE-5433).\n\n - nfit/ars: Introduce scrub_flags (jsc#SLE-5433).\n\n - nfp: bpf: fix static check error through tightening shift amount adjustment (bsc#1109837).\n\n - nfp: flower: add rcu locks when accessing netdev for tunnels (bsc#1109837).\n\n - nl80211: fix station_info pertid memory leak (bsc#1051510).\n\n - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642).\n\n - nvme: copy MTFA field from identify controller (bsc#1140715).\n\n - nvme-rdma: fix double freeing of async event data (bsc#1120423).\n\n - nvme-rdma: fix possible double free of controller async event buffer (bsc#1120423).\n\n - ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902).\n\n - pci: Disable VF decoding before pcibios_sriov_disable() updates resources (jsc#SLE-5803).\n\n - pci: Disable VF decoding before pcibios_sriov_disable() updates resources (jsc#SLE-5803 FATE#327056).\n\n - pci: Do not poll for PME if the device is in D3cold (bsc#1051510).\n\n - pci/IOV: Add flag so platforms can skip VF scanning (jsc#SLE-5803).\n\n - pci/IOV: Add flag so platforms can skip VF scanning (jsc#SLE-5803 FATE#327056).\n\n - pci/IOV: Factor out sriov_add_vfs() (jsc#SLE-5803).\n\n - pci/IOV: Factor out sriov_add_vfs() (jsc#SLE-5803 FATE#327056).\n\n - pci/P2PDMA: fix the gen_pool_add_virt() failure path (bsc#1103992).\n\n - pci/P2PDMA: fix the gen_pool_add_virt() failure path (bsc#1103992 FATE#326009).\n\n - pci: PM: Skip devices in D0 for suspend-to-idle (bsc#1051510).\n\n - pci: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510).\n\n - perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454).\n\n - perf/x86/intel/rapl: Cosmetic rename internal variables in response to multi-die/pkg support (jsc#SLE-5454).\n\n - perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454).\n\n - perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg support (jsc#SLE-5454).\n\n - perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454).\n\n - pinctrl/amd: add get_direction handler (bsc#1140463).\n\n - pinctrl/amd: fix gpio irq level in debugfs (bsc#1140463).\n\n - pinctrl/amd: fix masking of GPIO interrupts (bsc#1140463).\n\n - pinctrl/amd: make functions amd_gpio_suspend and amd_gpio_resume static (bsc#1140463).\n\n - pinctrl/amd: poll InterruptEnable bits in amd_gpio_irq_set_type (bsc#1140463).\n\n - pinctrl/amd: poll InterruptEnable bits in enable_irq (bsc#1140463).\n\n - platform_data/mlxreg: Add capability field to core platform data (bsc#1112374).\n\n - platform_data/mlxreg: additions for Mellanox watchdog driver (bsc#1112374).\n\n - platform_data/mlxreg: Document fixes for core platform data (bsc#1112374).\n\n - platform/mellanox: Add new ODM system types to mlx-platform (bsc#1112374).\n\n - platform/mellanox: Add TmFifo driver for Mellanox BlueField Soc (bsc#1136333 jsc#SLE-4994).\n\n - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi (bsc#1051510).\n\n - platform/x86: mlx-platform: Add ASIC hotplug device configuration (bsc#1112374).\n\n - platform/x86: mlx-platform: Add definitions for new registers (bsc#1112374).\n\n - platform/x86: mlx-platform: Add extra CPLD for next generation systems (bsc#1112374).\n\n - platform/x86: mlx-platform: Add LED platform driver activation (bsc#1112374).\n\n - platform/x86: mlx-platform: Add mlxreg-fan platform driver activation (bsc#1112374).\n\n - platform/x86: mlx-platform: Add mlxreg-io platform driver activation (bsc#1112374).\n\n - platform/x86: mlx-platform: Add mlx-wdt platform driver activation (bsc#1112374).\n\n - platform/x86: mlx-platform: Add support for fan capability registers (bsc#1112374).\n\n - platform/x86: mlx-platform: Add support for fan direction register (bsc#1112374).\n\n - platform/x86: mlx-platform: Add support for new VMOD0007 board name (bsc#1112374).\n\n - platform/x86: mlx-platform: Add support for tachometer speed register (bsc#1112374).\n\n - platform/x86: mlx-platform: Add UID LED for the next generation systems (bsc#1112374).\n\n - platform/x86: mlx-platform: Allow mlxreg-io driver activation for more systems (bsc#1112374).\n\n - platform/x86: mlx-platform: Allow mlxreg-io driver activation for new systems (bsc#1112374).\n\n - platform/x86: mlx-platform: Change mlxreg-io configuration for MSN274x systems (bsc#1112374).\n\n - platform/x86: mlx-platform: Convert to use SPDX identifier (bsc#1112374).\n\n - platform/x86: mlx-platform: Fix access mode for fan_dir attribute (bsc#1112374).\n\n - platform/x86: mlx-platform: Fix copy-paste error in mlxplat_init() (bsc#1112374).\n\n - platform/x86: mlx-platform: Fix LED configuration (bsc#1112374).\n\n - platform/x86: mlx-platform: Fix tachometer registers (bsc#1112374).\n\n - platform/x86: mlx-platform: Remove unused define (bsc#1112374).\n\n - platform/x86: mlx-platform: Rename new systems product names (bsc#1112374).\n\n - PM: ACPI/PCI: Resume all devices during hibernation (bsc#1111666).\n\n - powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454).\n\n - powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454).\n\n - powercap/intel_rapl: Update RAPL domain name and debug messages (jsc#SLE-5454).\n\n - powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list (bsc#1137728, LTC#178106).\n\n - powerpc/perf: Add POWER9 alternate PM_RUN_CYC and PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106).\n\n - powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808).\n\n - ppc64le: enable CONFIG_PPC_DT_CPU_FTRS (jsc#SLE-7159).\n\n - ppp: mppe: Add softdep to arc4 (bsc#1088047).\n\n - ptrace: Fix -$gt;ptracer_cred handling for PTRACE_TRACEME (git-fixes).\n\n - ptrace: restore smp_rmb() in __ptrace_may_access() (git-fixes).\n\n - pwm: stm32: Use 3 cells ->of_xlate() (bsc#1111666).\n\n - qedi: Use hwfns and affin_hwfn_idx to get MSI-X vector index (jsc#SLE-4693 bsc#1136462).\n\n - qmi_wwan: add network device usage statistics for qmimux devices (bsc#1051510).\n\n - qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510).\n\n - qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode (bsc#1051510).\n\n - qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510).\n\n - qmi_wwan: Fix out-of-bounds read (bsc#1111666).\n\n - rapidio: fix a NULL pointer dereference when create_workqueue() fails (bsc#1051510).\n\n - RAS/CEC: Convert the timer callback to a workqueue (bsc#1114279).\n\n - RAS/CEC: Fix binary search function (bsc#1114279).\n\n - rbd: do not assert on writes to snapshots (bsc#1137985 bsc#1138681).\n\n - rdma/ipoib: Allow user space differentiate between valid dev_port (bsc#1103992).\n\n - rdma/ipoib: Allow user space differentiate between valid dev_port (bsc#1103992 FATE#326009).\n\n - rdma/mlx5: Do not allow the user to write to the clock page (bsc#1103991).\n\n - rdma/mlx5: Do not allow the user to write to the clock page (bsc#1103991 FATE#326007).\n\n - rdma/mlx5: Initialize roce port info before multiport master init (bsc#1103991).\n\n - rdma/mlx5: Initialize roce port info before multiport master init (bsc#1103991 FATE#326007).\n\n - rdma/mlx5: Use rdma_user_map_io for mapping BAR pages (bsc#1103992).\n\n - rdma/mlx5: Use rdma_user_map_io for mapping BAR pages (bsc#1103992 FATE#326009).\n\n - Refresh patches.fixes/scsi-Introduce-scsi_start_queue.patch (bsc#1119532).\n\n - regulator: s2mps11: Fix buck7 and buck8 wrong voltages (bsc#1051510).\n\n - Replace the bluetooth fix with the upstream commit (bsc#1135556)\n\n - Reshuffle patches to match series_sort.py\n\n - Revert 'net: ena: ethtool: add extra properties retrieval via get_priv_flags' (bsc#1138879).\n\n - Revert 'net/mlx5e: Enable reporting checksum unnecessary also for L3 packets' (bsc#1103990).\n\n - Revert 'net/mlx5e: Enable reporting checksum unnecessary also for L3 packets' (bsc#1103990 FATE#326006).\n\n - Revert 'Revert 'Drop multiversion(kernel) from the KMP template ()''\n\n - Revert 'Revert 'Drop multiversion(kernel) from the KMP template (fate#323189)\n\n - Revert 's390/jump_label: Use 'jdd' constraint on gcc9 (bsc#1138589).' This broke the build with older gcc instead.\n\n - Revert 'Sign non-x86 kernels when possible (boo#1134303)' This reverts commit bac621c6704610562ebd9e74ae5ad85ca8025681. We do not have reports of this working with all ARM architectures in all cases (boot, kexec, ..) so revert for now.\n\n - Revert 'svm: Fix AVIC incomplete IPI emulation' (bsc#1140133).\n\n - rpm/package-descriptions: fix typo in kernel-azure\n\n - rpm/post.sh: correct typo in err msg (bsc#1137625)\n\n - s390/dasd: fix using offset into zero size array error (bsc#1051510).\n\n - s390/jump_label: Use 'jdd' constraint on gcc9 (bsc#1138589).\n\n - s390/pci: improve bar check (jsc#SLE-5803).\n\n - s390/pci: improve bar check (jsc#SLE-5803 FATE#327056).\n\n - s390/pci: map IOV resources (jsc#SLE-5803).\n\n - s390/pci: map IOV resources (jsc#SLE-5803 FATE#327056).\n\n - s390/pci: skip VF scanning (jsc#SLE-5803).\n\n - s390/pci: skip VF scanning (jsc#SLE-5803 FATE#327056).\n\n - s390/qeth: fix race when initializing the IP address table (bsc#1051510).\n\n - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event (bsc#1051510).\n\n - s390/setup: fix early warning messages (bsc#1051510).\n\n - s390/virtio: handle find on invalid queue gracefully (bsc#1051510).\n\n - sbitmap: fix improper use of smp_mb__before_atomic() (bsc#1140658).\n\n - sched/topology: Improve load balancing on AMD EPYC (bsc#1137366).\n\n - scripts/git_sort/git_sort.py: add djbw/nvdimm nvdimm-pending.\n\n - scripts/git_sort/git_sort.py: add nvdimm/libnvdimm-fixes\n\n - scripts/git_sort/git_sort.py: drop old scsi branches\n\n - scsi: aacraid: change event_wait to a completion (jsc#SLE-4710 bsc#1136161).\n\n - scsi: aacraid: change wait_sem to a completion (jsc#SLE-4710 bsc#1136161).\n\n - scsi: aacraid: clean up some indentation and formatting issues (jsc#SLE-4710 bsc#1136161).\n\n - scsi: aacraid: Mark expected switch fall-through (jsc#SLE-4710 bsc#1136161).\n\n - scsi: aacraid: Mark expected switch fall-throughs (jsc#SLE-4710 bsc#1136161).\n\n - scsi: be2iscsi: be_iscsi: Mark expected switch fall-through (jsc#SLE-4721 bsc#1136264).\n\n - scsi: be2iscsi: be_main: Mark expected switch fall-through (jsc#SLE-4721 bsc#1136264).\n\n - scsi: be2iscsi: fix spelling mistake 'Retreiving' -gt;\n 'Retrieving' (jsc#SLE-4721 bsc#1136264).\n\n - scsi: be2iscsi: lpfc: fix typo (jsc#SLE-4721 bsc#1136264).\n\n - scsi: be2iscsi: remove unused variable dmsg (jsc#SLE-4721 bsc#1136264).\n\n - scsi: be2iscsi: switch to generic DMA API (jsc#SLE-4721 bsc#1136264).\n\n - scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390).\n\n - scsi: csiostor: csio_wr: mark expected switch fall-through (jsc#SLE-4679 bsc#1136343).\n\n - scsi: csiostor: drop serial_number usage (jsc#SLE-4679 bsc#1136343).\n\n - scsi: csiostor: fix calls to dma_set_mask_and_coherent() (jsc#SLE-4679 bsc#1136343).\n\n - scsi: csiostor: fix incorrect dma device in case of vport (jsc#SLE-4679 bsc#1136343).\n\n - scsi: csiostor: fix missing data copy in csio_scsi_err_handler() (jsc#SLE-4679 bsc#1136343).\n\n - scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state() (jsc#SLE-4679 bsc#1136343).\n\n - scsi: csiostor: no need to check return value of debugfs_create functions (jsc#SLE-4679 bsc#1136343).\n\n - scsi: csiostor: Remove set but not used variable 'pln' (jsc#SLE-4679 bsc#1136343).\n\n - scsi: hpsa: bump driver version (jsc#SLE-4712 bsc#1136156).\n\n - scsi: hpsa: check for lv removal (jsc#SLE-4712 bsc#1136156).\n\n - scsi: hpsa: clean up two indentation issues (jsc#SLE-4712 bsc#1136156).\n\n - scsi: hpsa: correct device id issues (jsc#SLE-4712 bsc#1136156).\n\n - scsi: hpsa: correct device resets (jsc#SLE-4712 bsc#1136156).\n\n - scsi: hpsa: correct ioaccel2 chaining (jsc#SLE-4712 bsc#1136156).\n\n - scsi: hpsa: correct simple mode (jsc#SLE-4712 bsc#1136156).\n\n - scsi: hpsa: fix an uninitialized read and dereference of pointer dev (jsc#SLE-4712 bsc#1136156).\n\n - scsi: hpsa: mark expected switch fall-throughs (jsc#SLE-4712 bsc#1136156).\n\n - scsi: hpsa: remove timeout from TURs (jsc#SLE-4712 bsc#1136156).\n\n - scsi: hpsa: switch to generic DMA API (jsc#SLE-4712 bsc#1136156).\n\n - scsi: hpsa: Use vmemdup_user to replace the open code (jsc#SLE-4712 bsc#1136156).\n\n - scsi: megaraid_sas: Add support for DEVICE_LIST DCMD in driver (bsc#1136271).\n\n - scsi: megaraid_sas: correct an info message (bsc#1136271).\n\n - scsi: megaraid_sas: driver version update (bsc#1136271).\n\n - scsi: megaraid_sas: Retry reads of outbound_intr_status reg (bsc#1136271).\n\n - scsi: megaraid_sas: Rework code to get PD and LD list (bsc#1136271).\n\n - scsi: megaraid_sas: Rework device add code in AEN path (bsc#1136271).\n\n - scsi: megaraid_sas: Update structures for HOST_DEVICE_LIST DCMD (bsc#1136271).\n\n - scsi: mpt3sas: Add Atomic RequestDescriptor support on Aero (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Add flag high_iops_queues (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Add missing breaks in switch statements (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Add support for ATLAS PCIe switch (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Add support for NVMe Switch Adapter (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Affinity high iops queues IRQs to local node (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: change _base_get_msix_index prototype (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Enable interrupt coalescing on high iops (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: fix indentation issue (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Fix kernel panic during expander reset (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Fix typo in request_desript_type (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: function pointers of request descriptor (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Improve the threshold value and introduce module param (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Introduce perf_mode module parameter (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Irq poll to avoid CPU hard lockups (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Load balance to improve performance and avoid soft lockups (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Rename mpi endpoint device ID macro (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: save and use MSI-X index for posting RD (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: simplify interrupt handler (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Update driver version to 27.102.00.00 (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Update driver version to 29.100.00.00 (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Update mpt3sas driver version to 28.100.00.00 (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Use high iops queues under some circumstances (bsc#1125703,jsc#SLE-4717).\n\n - scsi: qedi: add module param to set ping packet size (jsc#SLE-4693 bsc#1136462).\n\n - scsi: qedi: Add packet filter in light L2 Rx path (jsc#SLE-4693 bsc#1136462).\n\n - scsi: qedi: Check for session online before getting iSCSI TLV data (jsc#SLE-4693 bsc#1136462).\n\n - scsi: qedi: Cleanup redundant QEDI_PAGE_SIZE macro definition (jsc#SLE-4693 bsc#1136462).\n\n - scsi: qedi: Fix spelling mistake 'OUSTANDING' -> 'OUTSTANDING' (jsc#SLE-4693 bsc#1136462).\n\n - scsi: qedi: Move LL2 producer index processing in BH (jsc#SLE-4693 bsc#1136462).\n\n - scsi: qedi: remove set but not used variables 'cdev' and 'udev' (jsc#SLE-4693 bsc#1136462).\n\n - scsi: qedi: Replace PAGE_SIZE with QEDI_PAGE_SIZE (jsc#SLE-4693 bsc#1136462).\n\n - scsi: qedi: Update driver version to 8.33.0.21 (jsc#SLE-4693 bsc#1136462).\n\n - scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() (bsc#1140727).\n\n - scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555).\n\n - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bsc#1140728).\n\n - scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555).\n\n - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424).\n\n - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424).\n\n - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296).\n\n - scsi: zfcp: fix missing zfcp_port reference put on\n -EBUSY from port_remove (bsc#1051510).\n\n - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bsc#1051510).\n\n - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bsc#1051510).\n\n - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bsc#1051510).\n\n - signal/ptrace: Do not leak uninitialized kernel memory with PTRACE_PEEK_SIGINFO (git-fixes).\n\n - smb3: Fix endian warning (bsc#1137884).\n\n - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bsc#1051510).\n\n - soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510).\n\n - sort patches to proper position\n\n - squash patches.fixes/tcp-fix-fack_count-accounting-on-tcp_shift\n _skb_data.patch into patches.fixes/tcp-limit-payload-size-of-sacked-skbs.patc h to match what stable backports do\n\n - staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest (bsc#1051510).\n\n - staging:iio:ad7150: fix threshold mode config bit (bsc#1051510).\n\n - supported.conf: added mlxbf_tmfifo (bsc#1136333 jsc#SLE-4994)\n\n - svm: Add warning message for AVIC IPI invalid target (bsc#1140133).\n\n - svm: Fix AVIC incomplete IPI emulation (bsc#1140133).\n\n - sysctl: handle overflow in proc_get_long (bsc#1051510).\n\n - thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510).\n\n - thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to zones from packages (jsc#SLE-5454).\n\n - thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454).\n\n - tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510).\n\n - tmpfs: fix uninitialized return value in shmem_link (bsc#1051510).\n\n - tools: bpftool: fix infinite loop in map create (bsc#1109837).\n\n - topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454).\n\n - topology: Create package_cpus sysfs attribute (jsc#SLE-5454).\n\n - tracing/snapshot: Resize spare buffer if size changed (bsc#1140726).\n\n - tty: max310x: Fix external crystal register setup (bsc#1051510).\n\n - typec: tcpm: fix compiler warning about stupid things (git-fixes).\n\n - usb: chipidea: udc: workaround for endpoint conflict issue (bsc#1135642).\n\n - usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) (bsc#1135642).\n\n - usb: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510).\n\n - usbnet: ipheth: fix racing condition (bsc#1051510).\n\n - usb: serial: fix initial-termios handling (bsc#1135642).\n\n - usb: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510).\n\n - usb: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510).\n\n - usb: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510).\n\n - usb: serial: pl2303: fix tranceiver suspend mode (bsc#1135642).\n\n - usb: usb-storage: Add new ID to ums-realtek (bsc#1051510).\n\n - usb: xhci: avoid NULL pointer deref when bos field is NULL (bsc#1135642).\n\n - vfio: ccw: only free cp on final interrupt (bsc#1051510).\n\n - vlan: disable SIOCSHWTSTAMP in container (bsc#1051510).\n\n - x86/amd_nb: Add support for Raven Ridge CPUs (FATE#327735).\n\n - x86/CPU/AMD: Do not force the CPB cap when running under a hypervisor (bsc#1114279).\n\n - x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382).\n\n - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (jsc#SLE-5382). This changes definitions of some bits, but they are intended to be used only by the core, so hopefully, no KMP uses the definitions.\n\n - x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions (jsc#SLE-5382).\n\n - x86/cpufeatures: Enumerate user wait instructions (jsc#SLE-5187).\n\n - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors (fate#327735).\n\n - x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279).\n\n - x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc#1114279).\n\n - x86/microcode: Fix microcode hotplug state (bsc#1114279).\n\n - x86/microcode: Fix the ancient deprecated microcode loading method (bsc#1114279).\n\n - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#1114279).\n\n - x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454).\n\n - x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#1114279).\n\n - x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454).\n\n - x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454).\n\n - x86/topology: Define topology_die_id() (jsc#SLE-5454).\n\n - x86/topology: Define topology_logical_die_id() (jsc#SLE-5454).\n\n - x86/umwait: Add sysfs interface to control umwait C0.2 state (jsc#SLE-5187).\n\n - x86/umwait: Add sysfs interface to control umwait maximum time (jsc#SLE-5187).\n\n - x86/umwait: Initialize umwait control values (jsc#SLE-5187).\n\n - xdp: check device pointer before clearing (bsc#1109837).\n\n - (nl,mac)80211: allow 4addr AP operation on crypto controlled devices (bsc#1051510).", "cvss3": {}, "published": "2019-07-22T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2019-1757)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16871", "CVE-2018-20836", "CVE-2019-10126", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-11599", "CVE-2019-12614", "CVE-2019-12817", "CVE-2019-13233"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base", "cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla"], "id": "OPENSUSE-2019-1757.NASL", "href": "https://www.tenable.com/plugins/nessus/126897", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1757.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126897);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\"CVE-2018-16871\", \"CVE-2018-20836\", \"CVE-2019-10126\", \"CVE-2019-10638\", \"CVE-2019-10639\", \"CVE-2019-11599\", \"CVE-2019-12614\", \"CVE-2019-12817\", \"CVE-2019-13233\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2019-1757)\");\n script_summary(english:\"Check for the openSUSE-2019-1757 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The openSUSE Leap 15.1 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2019-10638: A device could be tracked by an attacker\n using the IP ID values the kernel produces for\n connection-less protocols (e.g., UDP and ICMP). When\n such traffic is sent to multiple destination IP\n addresses, it is possible to obtain hash collisions (of\n indices to the counter array) and thereby obtain the\n hashing key (via enumeration). An attack may be\n conducted by hosting a crafted web page that uses WebRTC\n or gQUIC to force UDP traffic to attacker-controlled IP\n addresses (bnc#1140575).\n\n - CVE-2019-10639: The Linux kernel allowed Information\n Exposure (partial kernel address disclosure), leading to\n a KASLR bypass. Specifically, it is possible to extract\n the KASLR kernel image offset using the IP ID values the\n kernel produces for connection-less protocols (e.g., UDP\n and ICMP). When such traffic is sent to multiple\n destination IP addresses, it is possible to obtain hash\n collisions (of indices to the counter array) and thereby\n obtain the hashing key (via enumeration). This key\n contains enough bits from a kernel address (of a static\n variable) so when the key is extracted (via\n enumeration), the offset of the kernel image is exposed.\n This attack can be carried out remotely, by the attacker\n forcing the target device to send UDP or ICMP (or\n certain other) traffic to attacker-controlled IP\n addresses. Forcing a server to send UDP traffic is\n trivial if the server is a DNS server. ICMP traffic is\n trivial if the server answers ICMP Echo requests (ping).\n For client targets, if the target visits the attacker's\n web page, then WebRTC or gQUIC can be used to force UDP\n traffic to attacker-controlled IP addresses. NOTE: this\n attack against KASLR became viable in 4.1 because IP ID\n generation was changed to have a dependency on an\n address associated with a network namespace\n (bnc#1140577).\n\n - CVE-2019-13233: In arch/x86/lib/insn-eval.c there was a\n use-after-free for access to an LDT entry because of a\n race condition between modify_ldt() and a #BR exception\n for an MPX bounds violation (bnc#1140454).\n\n - CVE-2018-20836: There was a race condition in\n smp_task_timedout() and smp_task_done() in\n drivers/scsi/libsas/sas_expander.c, leading to a\n use-after-free (bnc#1134395).\n\n - CVE-2019-10126: A heap based buffer overflow in\n mwifiex_uap_parse_tail_ies function in\n drivers/net/wireless/marvell/mwifiex/ie.c might have\n lead to memory corruption and possibly other\n consequences (bnc#1136935).\n\n - CVE-2019-11599: The coredump implementation in the Linux\n kernel did not use locking or other mechanisms to\n prevent vma layout or vma flags changes while it runs,\n which allowed local users to obtain sensitive\n information, cause a denial of service, or possibly have\n unspecified other impact by triggering a race condition\n with mmget_not_zero or get_task_mm calls. This is\n related to fs/userfaultfd.c, mm/mmap.c,\n fs/proc/task_mmu.c, and\n drivers/infiniband/core/uverbs_main.c (bnc#1133738).\n\n - CVE-2019-12817: arch/powerpc/mm/mmu_context_book3s64.c\n in the Linux kernel for powerpc has a bug where\n unrelated processes may be able to read/write to one\n another's virtual memory under certain conditions via an\n mmap above 512 TB. Only a subset of powerpc systems are\n affected (bnc#1138263).\n\n - CVE-2019-12614: An issue was discovered in\n dlpar_parse_cc_property in\n arch/powerpc/platforms/pseries/dlpar.c in the Linux\n kernel. There was an unchecked kstrdup of prop->name,\n which might allow an attacker to cause a denial of\n service (NULL pointer dereference and system crash)\n (bnc#1137194).\n\n - CVE-2018-16871: A NULL pointer dereference due to an\n anomalized NFS message sequence was fixed.\n (bnc#1137103).\n\nThe following non-security bugs were fixed :\n\n - 6lowpan: Off by one handling ->nexthdr (bsc#1051510).\n\n - Abort file_remove_privs() for non-reg. files\n (bsc#1140888).\n\n - ACPICA: Clear status of GPEs on first direct enable\n (bsc#1111666).\n\n - ACPI: PM: Allow transitions to D0 to occur in special\n cases (bsc#1051510).\n\n - ACPI: PM: Avoid evaluating _PS3 on transitions from\n D3hot to D3cold (bsc#1051510).\n\n - af_key: unconditionally clone on broadcast\n (bsc#1051510).\n\n - alsa: firewire-lib/fireworks: fix miss detection of\n received MIDI messages (bsc#1051510).\n\n - alsa: hda - Force polling mode on CNL for fixing codec\n communication (bsc#1051510).\n\n - alsa: hda/realtek: Add quirks for several Clevo notebook\n barebones (bsc#1051510).\n\n - alsa: hda/realtek - Change front mic location for Lenovo\n M710q (bsc#1051510).\n\n - alsa: line6: Fix write on zero-sized buffer\n (bsc#1051510).\n\n - alsa: seq: fix incorrect order of dest_client/dest_ports\n arguments (bsc#1051510).\n\n - alsa: usb-audio: Fix parse of UAC2 Extension Units\n (bsc#1111666).\n\n - alsa: usb-audio: fix sign unintended sign extension on\n left shifts (bsc#1051510).\n\n - apparmor: enforce nullbyte at end of tag string\n (bsc#1051510).\n\n - ASoC: cx2072x: fix integer overflow on unsigned int\n multiply (bsc#1111666).\n\n - audit: fix a memory leak bug (bsc#1051510).\n\n - ax25: fix inconsistent lock state in ax25_destroy_timer\n (bsc#1051510).\n\n - blk-mq: free hw queue's resource in hctx's release\n handler (bsc#1140637).\n\n - block: Fix a NULL pointer dereference in\n generic_make_request() (bsc#1139771).\n\n - bluetooth: Fix faulty expression for minimum encryption\n key size check (bsc#1140328).\n\n - bpf, devmap: Add missing bulk queue free (bsc#1109837).\n\n - bpf, devmap: Add missing RCU read lock on flush\n (bsc#1109837).\n\n - bpf, devmap: Fix premature entry free on destroying map\n (bsc#1109837).\n\n - bpf: devmap: fix use-after-free Read in\n __dev_map_entry_free (bsc#1109837).\n\n - bpf: lpm_trie: check left child of last leftmost node\n for NULL (bsc#1109837).\n\n - bpf: sockmap fix msg->sg.size account on ingress skb\n (bsc#1109837).\n\n - bpf: sockmap, fix use after free from sleep in psock\n backlog workqueue (bsc#1109837).\n\n - bpf: sockmap remove duplicate queue free (bsc#1109837).\n\n - bpf, tcp: correctly handle DONT_WAIT flags and timeo ==\n 0 (bsc#1109837).\n\n - can: af_can: Fix error path of can_init() (bsc#1051510).\n\n - can: flexcan: fix timeout when set small bitrate\n (bsc#1051510).\n\n - can: purge socket error queue on sock destruct\n (bsc#1051510).\n\n - ceph: factor out ceph_lookup_inode() (bsc#1138681).\n\n - ceph: fix NULL pointer deref when debugging is enabled\n (bsc#1138681).\n\n - ceph: fix potential use-after-free in\n ceph_mdsc_build_path (bsc#1138681).\n\n - ceph: flush dirty inodes before proceeding with remount\n (bsc#1138681).\n\n - ceph: flush dirty inodes before proceeding with remount\n (bsc#1140405).\n\n - ceph: print inode number in __caps_issued_mask debugging\n messages (bsc#1138681).\n\n - ceph: quota: fix quota subdir mounts (bsc#1138681).\n\n - ceph: remove duplicated filelock ref increase\n (bsc#1138681).\n\n - cfg80211: fix memory leak of wiphy device name\n (bsc#1051510).\n\n - clk: rockchip: Turn on 'aclk_dmac1' for suspend on\n rk3288 (bsc#1051510).\n\n - clk: tegra: Fix PLLM programming on Tegra124+ when PMC\n overrides divider (bsc#1051510).\n\n - coresight: etb10: Fix handling of perf mode\n (bsc#1051510).\n\n - coresight: etm4x: Add support to enable ETMv4.2\n (bsc#1051510).\n\n - cpu/topology: Export die_id (jsc#SLE-5454).\n\n - crypto: algapi - guard against uninitialized spawn list\n in crypto_remove_spawns (bsc#1133401).\n\n - crypto: cryptd - Fix skcipher instance memory leak\n (bsc#1051510).\n\n - crypto: user - prevent operating on larval algorithms\n (bsc#1133401).\n\n - dax: Fix xarray entry association for mixed mappings\n (bsc#1140893).\n\n - device core: Consolidate locking and unlocking of parent\n and device (bsc#1106383).\n\n - dmaengine: imx-sdma: remove BD_INTR for channel0\n (bsc#1051510).\n\n - doc: Cope with the deprecation of AutoReporter\n (bsc#1051510).\n\n - Documentation/ABI: Document umwait control sysfs\n interfaces (jsc#SLE-5187).\n\n - Documentation: DMA-API: fix a function name of\n max_mapping_size (bsc#1140954).\n\n - Do not restrict NFSv4.2 on openSUSE (bsc#1138719).\n\n - driver core: Establish order of operations for\n device_add and device_del via bitflag (bsc#1106383).\n\n - driver core: Probe devices asynchronously instead of the\n driver (bsc#1106383).\n\n - drivers/base/devres: introduce devm_release_action()\n (bsc#1103992).\n\n - drivers/base/devres: introduce devm_release_action()\n (bsc#1103992 FATE#326009).\n\n - drivers/base: Introduce kill_device() (bsc#1139865).\n\n - drivers/base: kABI fixes for struct device_private\n (bsc#1106383).\n\n - drivers: depend on HAS_IOMEM for\n devm_platform_ioremap_resource() (bsc#1136333\n jsc#SLE-4994).\n\n - drivers: fix a typo in the kernel doc for\n devm_platform_ioremap_resource() (bsc#1136333\n jsc#SLE-4994).\n\n - Drivers: misc: fix out-of-bounds access in function\n param_set_kgdbts_var (bsc#1051510).\n\n - drivers: provide devm_platform_ioremap_resource()\n (bsc#1136333 jsc#SLE-4994).\n\n - drivers/rapidio/devices/rio_mport_cdev.c: fix resource\n leak in error handling path in 'rio_dma_transfer()'\n (bsc#1051510).\n\n - drivers/rapidio/rio_cm.c: fix potential oops in\n riocm_ch_listen() (bsc#1051510).\n\n - drivers: thermal: tsens: Do not print error message on\n -EPROBE_DEFER (bsc#1051510).\n\n - drm/amdgpu/gfx9: use reset default for PA_SC_FIFO_SIZE\n (bsc#1051510).\n\n - drm/amd/powerplay: use hardware fan control if no\n powerplay fan table (bsc#1111666).\n\n - drm/arm/hdlcd: Actually validate CRTC modes\n (bsc#1111666).\n\n - drm/arm/hdlcd: Allow a bit of clock tolerance\n (bsc#1051510).\n\n - drm/arm/mali-dp: Add a loop around the second set CVAL\n and try 5 times (bsc#1111666).\n\n - drm/etnaviv: add missing failure path to destroy\n suballoc (bsc#1111666).\n\n - drm/fb-helper: generic: Do not take module ref for fbcon\n (bsc#1111666).\n\n - drm: Fix drm_release() and device unplug (bsc#1111666).\n\n - drm/i915: Add new AML_ULX support list (jsc#SLE-4986).\n\n - drm/i915: Add new ICL PCI ID (jsc#SLE-4986).\n\n - drm/i915/aml: Add new Amber Lake PCI ID (jsc#SLE-4986).\n\n - drm/i915: Apply correct ddi translation table for AML\n device (jsc#SLE-4986).\n\n - drm/i915: Attach the pci match data to the device upon\n creation (jsc#SLE-4986).\n\n - drm/i915/cfl: Adding another PCI Device ID\n (jsc#SLE-4986).\n\n - drm/i915/cml: Add CML PCI IDS (jsc#SLE-4986).\n\n - drm/i915/dmc: protect against reading random memory\n (bsc#1051510).\n\n - drm/i915: Fix uninitialized mask in\n intel_device_info_subplatform_init (jsc#SLE-4986).\n\n - drm/i915/gvt: ignore unexpected pvinfo write\n (bsc#1051510).\n\n - drm/i915/icl: Adding few more device IDs for Ice Lake\n (jsc#SLE-4986).\n\n - drm/i915: Introduce concept of a sub-platform\n (jsc#SLE-4986).\n\n - drm/i915: Mark AML 0x87CA as ULX (jsc#SLE-4986).\n\n - drm/i915: Move final cleanup of drm_i915_private to\n i915_driver_destroy (jsc#SLE-4986).\n\n - drm/i915: Remove redundant device id from IS_IRONLAKE_M\n macro (jsc#SLE-4986).\n\n - drm/i915: Split Pineview device info into desktop and\n mobile (jsc#SLE-4986).\n\n - drm/i915: Split some PCI ids into separate groups\n (jsc#SLE-4986).\n\n - drm/i915: start moving runtime device info to a separate\n struct (jsc#SLE-4986).\n\n - drm/imx: notify drm core before sending event during\n crtc disable (bsc#1111666).\n\n - drm/imx: only send event on crtc disable if kept\n disabled (bsc#1111666).\n\n - drm: panel-orientation-quirks: Add quirk for GPD MicroPC\n (bsc#1111666).\n\n - drm: panel-orientation-quirks: Add quirk for GPD pocket2\n (bsc#1111666).\n\n - drm/vmwgfx: fix a warning due to missing dma_parms\n (bsc#1111666).\n\n - drm/vmwgfx: Use the backdoor port if the HB port is not\n available (bsc#1111666).\n\n - EDAC/mc: Fix edac_mc_find() in case no device is found\n (bsc#1114279).\n\n - ext4: do not delete unlinked inode from orphan list on\n failed truncate (bsc#1140891).\n\n - failover: allow name change on IFF_UP slave interfaces\n (bsc#1109837).\n\n - fs: hugetlbfs: fix hwpoison reserve accounting\n (bsc#1139712) \n\n - fs/ocfs2: fix race in ocfs2_dentry_attach_lock()\n (bsc#1140889).\n\n - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference\n (bsc#1140887).\n\n - fs/proc/proc_sysctl.c: fix NULL pointer dereference in\n put_links (bsc#1140887).\n\n - ftrace/x86: Remove possible deadlock between\n register_kprobe() and ftrace_run_update_code()\n (bsc#1071995).\n\n - ftrace/x86: Remove possible deadlock between\n register_kprobe() and ftrace_run_update_code()\n (bsc#1071995 fate#323487).\n\n - genirq: Prevent use-after-free and work list corruption\n (bsc#1051510).\n\n - genirq: Respect IRQCHIP_SKIP_SET_WAKE in\n irq_chip_set_wake_parent() (bsc#1051510).\n\n - genwqe: Prevent an integer overflow in the ioctl\n (bsc#1051510).\n\n - gpio: omap: fix lack of irqstatus_raw0 for OMAP4\n (bsc#1051510).\n\n - hugetlbfs: dirty pages as they are added to pagecache\n (git fixes (mm/hugetlbfs)).\n\n - hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444!\n (git fixes (mm/hugetlbfs)).\n\n - hwmon/coretemp: Cosmetic: Rename internal variables to\n zones from packages (jsc#SLE-5454).\n\n - hwmon/coretemp: Support multi-die/package\n (jsc#SLE-5454).\n\n - hwmon: (k10temp) 27C Offset needed for Threadripper2\n (FATE#327735).\n\n - hwmon: (k10temp) Add Hygon Dhyana support (FATE#327735).\n\n - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega\n graphics (FATE#327735).\n\n - hwmon: (k10temp) Add support for family 17h\n (FATE#327735).\n\n - hwmon: (k10temp) Add support for Stoney Ridge and\n Bristol Ridge CPUs (FATE#327735).\n\n - hwmon: (k10temp) Add support for temperature offsets\n (FATE#327735).\n\n - hwmon: (k10temp) Add temperature offset for Ryzen 1900X\n (FATE#327735).\n\n - hwmon: (k10temp) Add temperature offset for Ryzen 2700X\n (FATE#327735).\n\n - hwmon: (k10temp) Correct model name for Ryzen 1600X\n (FATE#327735).\n\n - hwmon: (k10temp) Display both Tctl and Tdie\n (FATE#327735).\n\n - hwmon: (k10temp) Fix reading critical temperature\n register (FATE#327735).\n\n - hwmon: (k10temp) Make function get_raw_temp static\n (FATE#327735).\n\n - hwmon: (k10temp) Move chip specific code into probe\n function (FATE#327735).\n\n - hwmon: (k10temp) Only apply temperature offset if result\n is positive (FATE#327735).\n\n - hwmon: (k10temp) Support all Family 15h Model 6xh and\n Model 7xh processors (FATE#327735).\n\n - hwmon: k10temp: Support Threadripper 2920X, 2970WX;\n simplify offset table (FATE#327735).\n\n - hwmon: (k10temp) Use API function to access System\n Management Network (FATE#327735).\n\n - hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs\n (FATE#327735).\n\n - i2c: acorn: fix i2c warning (bsc#1135642).\n\n - i2c: mlxcpld: Add support for extended transaction\n length for i2c-mlxcpld (bsc#1112374).\n\n - i2c: mlxcpld: Add support for smbus block read\n transaction (bsc#1112374).\n\n - i2c: mlxcpld: Allow configurable adapter id for mlxcpld\n (bsc#1112374).\n\n - i2c: mlxcpld: Fix adapter functionality support callback\n (bsc#1112374).\n\n - i2c: mlxcpld: Fix wrong initialization order in probe\n (bsc#1112374).\n\n - i2c: mux: mlxcpld: simplify code to reach the adapter\n (bsc#1112374).\n\n - i2c-piix4: Add Hygon Dhyana SMBus support (FATE#327735).\n\n - IB/hfi1: Clear the IOWAIT pending bits when QP is put\n into error state (bsc#1114685 FATE#325854).\n\n - IB/hfi1: Create inline to get extended headers\n (bsc#1114685 FATE#325854).\n\n - IB/hfi1: Validate fault injection opcode user input\n (bsc#1114685 FATE#325854).\n\n - IB/mlx5: Verify DEVX general object type correctly\n (bsc#1103991 FATE#326007).\n\n - ibmveth: Update ethtool settings to reflect virtual\n properties (bsc#1136157, LTC#177197).\n\n - input: synaptics - enable SMBus on ThinkPad E480 and\n E580 (bsc#1051510).\n\n - input: uinput - add compat ioctl number translation for\n UI_*_FF_UPLOAD (bsc#1051510).\n\n - iommu/amd: Make iommu_disable safer (bsc#1140955).\n\n - iommu/arm-smmu: Add support for qcom,smmu-v2 variant\n (bsc#1051510).\n\n - iommu/arm-smmu: Avoid constant zero in TLBI writes\n (bsc#1140956).\n\n - iommu/arm-smmu-v3: Fix big-endian CMD_SYNC writes\n (bsc#1111666).\n\n - iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer\n register (bsc#1051510).\n\n - iommu/arm-smmu-v3: Use explicit mb() when moving cons\n pointer (bsc#1051510).\n\n - iommu: Fix a leak in iommu_insert_resv_region\n (bsc#1140957).\n\n - iommu: Use right function to get group for device\n (bsc#1140958).\n\n - iommu/vt-d: Duplicate iommu_resv_region objects per\n device list (bsc#1140959).\n\n - iommu/vt-d: Handle PCI bridge RMRR device scopes in\n intel_iommu_get_resv_regions (bsc#1140960).\n\n - iommu/vt-d: Handle RMRR with PCI bridge device scopes\n (bsc#1140961).\n\n - iommu/vt-d: Introduce is_downstream_to_pci_bridge helper\n (bsc#1140962).\n\n - iommu/vt-d: Remove unnecessary rcu_read_locks\n (bsc#1140964).\n\n - iov_iter: Fix build error without CONFIG_CRYPTO\n (bsc#1111666).\n\n - ipv6: fib: Do not assume only nodes hold a reference on\n routes (bsc#1138732).\n\n - irqchip/gic-v3-its: fix some definitions of inner\n cacheability attributes (bsc#1051510).\n\n - irqchip/mbigen: Do not clear eventid when freeing an MSI\n (bsc#1051510).\n\n - ixgbe: Avoid NULL pointer dereference with VF on\n non-IPsec hw (bsc#1140228).\n\n - kabi fixup blk_mq_register_dev() (bsc#1140637).\n\n - kabi: Mask no_vf_scan in struct pci_dev (jsc#SLE-5803\n FATE#327056).\n\n - kabi workaround for asus-wmi changes (bsc#1051510).\n\n - kabi: x86/topology: Add CPUID.1F multi-die/package\n support (jsc#SLE-5454).\n\n - kabi: x86/topology: Define topology_logical_die_id()\n (jsc#SLE-5454).\n\n - kvm: svm/avic: fix off-by-one in checking host APIC ID\n (bsc#1140971).\n\n - kvm: x86: fix return value for reserved EFER\n (bsc#1140992).\n\n - kvm: x86: Include CPUID leaf 0x8000001e in kvm's\n supported CPUID (bsc#1114279).\n\n - kvm: x86: Include multiple indices with CPUID leaf\n 0x8000001d (bsc#1114279).\n\n - kvm: x86: Skip EFER vs. guest CPUID checks for\n host-initiated writes (bsc#1140972).\n\n - libata: Extend quirks for the ST1000LM024 drives with\n NOLPM quirk (bsc#1051510).\n\n - libceph: assign cookies in linger_submit()\n (bsc#1135897).\n\n - libceph: check reply num_data_items in\n setup_request_data() (bsc#1135897).\n\n - libceph: do not consume a ref on pagelist in\n ceph_msg_data_add_pagelist() (bsc#1135897).\n\n - libceph: enable fallback to ceph_msg_new() in\n ceph_msgpool_get() (bsc#1135897).\n\n - libceph: introduce alloc_watch_request() (bsc#1135897).\n\n - libceph: introduce ceph_pagelist_alloc() (bsc#1135897).\n\n - libceph: preallocate message data items (bsc#1135897).\n\n - libceph, rbd: add error handling for\n osd_req_op_cls_init() (bsc#1135897). This feature was\n requested for SLE15 but aws reverted in packaging and\n master.\n\n - libceph, rbd, ceph: move ceph_osdc_alloc_messages()\n calls (bsc#1135897).\n\n - libnvdimm/bus: Prevent duplicate device_unregister()\n calls (bsc#1139865).\n\n - libnvdimm, pfn: Fix over-trim in trim_pfn_device()\n (bsc#1140719).\n\n - mac80211: Do not use stack memory with scatterlist for\n GMAC (bsc#1051510).\n\n - mac80211: drop robust management frames from unknown TA\n (bsc#1051510).\n\n - mac80211: handle deauthentication/disassociation from\n TDLS peer (bsc#1051510).\n\n - media: v4l2-ioctl: clear fields in s_parm (bsc#1051510).\n\n - mfd: hi655x: Fix regmap area declared size for hi655x\n (bsc#1051510).\n\n - mISDN: make sure device name is NUL terminated\n (bsc#1051510).\n\n - mlxsw: core: Add API for QSFP module temperature\n thresholds reading (bsc#1112374).\n\n - mlxsw: core: Do not use WQ_MEM_RECLAIM for EMAD\n workqueue (bsc#1112374).\n\n - mlxsw: core: mlxsw: core: avoid -Wint-in-bool-context\n warning (bsc#1112374).\n\n - mlxsw: core: Move ethtool module callbacks to a common\n location (bsc#1112374).\n\n - mlxsw: core: Prevent reading unsupported slave address\n from SFP EEPROM (bsc#1112374).\n\n - mlxsw: pci: Reincrease PCI reset timeout (bsc#1112374).\n\n - mlxsw: reg: Add Management Temperature Bulk Register\n (bsc#1112374).\n\n - mlxsw: spectrum_flower: Fix TOS matching (bsc#1112374).\n\n - mlxsw: spectrum: Move QSFP EEPROM definitions to common\n location (bsc#1112374).\n\n - mlxsw: spectrum: Put MC TCs into DWRR mode\n (bsc#1112374).\n\n - mmc: core: complete HS400 before checking status\n (bsc#1111666).\n\n - mmc: core: Prevent processing SDIO IRQs when the card is\n suspended (bsc#1051510).\n\n - mm/devm_memremap_pages: introduce devm_memunmap_pages\n (bsc#1103992 FATE#326009).\n\n - mm: fix race on soft-offlining free huge pages\n (bsc#1139712). \n\n - mm: hugetlb: delete dequeue_hwpoisoned_huge_page()\n (bsc#1139712). \n\n - mm: hugetlb: prevent reuse of hwpoisoned free hugepages\n (bsc#1139712). \n\n - mm: hugetlb: soft-offline: dissolve_free_huge_page()\n return zero on !PageHuge (bsc#bsc#1139712). \n\n - mm: hugetlb: soft-offline: dissolve source hugepage\n after successful migration (bsc#1139712). \n\n - mm: hugetlb: soft_offline: save compound page order\n before page migration (bsc#1139712) \n\n - mm: hwpoison: change PageHWPoison behavior on hugetlb\n pages (bsc#1139712). \n\n - mm: hwpoison: dissolve in-use hugepage in unrecoverable\n memory error (bsc#1139712). \n\n - mm: hwpoison: introduce idenfity_page_state\n (bsc#1139712). \n\n - mm: hwpoison: introduce memory_failure_hugetlb()\n (bsc#1139712). \n\n - mm/page_alloc.c: avoid potential NULL pointer\n dereference (git fixes (mm/pagealloc)).\n\n - mm/page_alloc.c: fix never set ALLOC_NOFRAGMENT flag\n (git fixes (mm/pagealloc)).\n\n - mm: soft-offline: close the race against page allocation\n (bsc#1139712). \n\n - mm: soft-offline: dissolve free hugepage if\n soft-offlined (bsc#1139712). \n\n - mm: soft-offline: return -EBUSY if\n set_hwpoison_free_buddy_page() fails (bsc#1139712). \n\n - mm/vmscan.c: prevent useless kswapd loops (git fixes\n (mm/vmscan)).\n\n - module: Fix livepatch/ftrace module text permissions\n race (bsc#1071995 fate#323487).\n\n - net: core: support XDP generic on stacked devices\n (bsc#1109837).\n\n - net: do not clear sock->sk early to avoid trouble in\n strparser (bsc#1103990 FATE#326006).\n\n - net: ena: add ethtool function for changing io queue\n sizes (bsc#1138879).\n\n - net: ena: add good checksum counter (bsc#1138879).\n\n - net: ena: add handling of llq max tx burst size\n (bsc#1138879).\n\n - net: ena: add MAX_QUEUES_EXT get feature admin command\n (bsc#1138879).\n\n - net: ena: add newline at the end of pr_err prints\n (bsc#1138879).\n\n - net: ena: add support for changing max_header_size in\n LLQ mode (bsc#1138879).\n\n - net: ena: allow automatic fallback to polling mode\n (bsc#1138879).\n\n - net: ena: allow queue allocation backoff when low on\n memory (bsc#1138879).\n\n - net: ena: arrange ena_probe() function variables in\n reverse christmas tree (bsc#1138879).\n\n - net: ena: enable negotiating larger Rx ring size\n (bsc#1138879).\n\n - net: ena: ethtool: add extra properties retrieval via\n get_priv_flags (bsc#1138879).\n\n - net: ena: Fix bug where ring allocation backoff stopped\n too late (bsc#1138879).\n\n - net: ena: fix ena_com_fill_hash_function()\n implementation (bsc#1138879).\n\n - net: ena: fix: Free napi resources when ena_up() fails\n (bsc#1138879).\n\n - net: ena: fix incorrect test of supported hash function\n (bsc#1138879).\n\n - net: ena: fix: set freed objects to NULL to avoid\n failing future allocations (bsc#1138879).\n\n - net: ena: fix swapped parameters when calling\n ena_com_indirect_table_fill_entry (bsc#1138879).\n\n - net: ena: gcc 8: fix compilation warning (bsc#1138879).\n\n - net: ena: improve latency by disabling adaptive\n interrupt moderation by default (bsc#1138879).\n\n - net: ena: make ethtool show correct current and max\n queue sizes (bsc#1138879).\n\n - net: ena: optimise calculations for CQ doorbell\n (bsc#1138879).\n\n - net: ena: remove inline keyword from functions in *.c\n (bsc#1138879).\n\n - net: ena: replace free_tx/rx_ids union with single\n free_ids field in ena_ring (bsc#1138879).\n\n - net: ena: update driver version from 2.0.3 to 2.1.0\n (bsc#1138879).\n\n - net: ena: use dev_info_once instead of static variable\n (bsc#1138879).\n\n - net: ethernet: ti: cpsw_ethtool: fix ethtool ring param\n set (bsc#1130836).\n\n - net: Fix missing meta data in skb with vlan packet\n (bsc#1109837).\n\n - net/mlx5: Avoid reloading already removed devices\n (bsc#1103990 FATE#326006).\n\n - net/mlx5e: Fix ethtool rxfh commands when\n CONFIG_MLX5_EN_RXNFC is disabled (bsc#1103990\n FATE#326006).\n\n - net/mlx5e: Fix the max MTU check in case of XDP\n (bsc#1103990 FATE#326006).\n\n - net/mlx5e: Fix use-after-free after xdp_return_frame\n (bsc#1103990 FATE#326006).\n\n - net/mlx5e: Rx, Check ip headers sanity (bsc#1103990\n FATE#326006).\n\n - net/mlx5e: Rx, Fixup skb checksum for packets with tail\n padding (bsc#1109837).\n\n - net/mlx5e: XDP, Fix shifted flag index in RQ bitmap\n (bsc#1103990 FATE#326006).\n\n - net/mlx5: FPGA, tls, hold rcu read lock a bit longer\n (bsc#1103990 FATE#326006).\n\n - net/mlx5: FPGA, tls, idr remove on flow delete\n (bsc#1103990 FATE#326006).\n\n - net/mlx5: Set completion EQs as shared resources\n (bsc#1103991 FATE#326007).\n\n - net/mlx5: Update pci error handler entries and command\n translation (bsc#1103991 FATE#326007).\n\n - net: mvpp2: prs: Fix parser range for VID filtering\n (bsc#1098633).\n\n - net: mvpp2: prs: Use the correct helpers when removing\n all VID filters (bsc#1098633).\n\n - net: mvpp2: Use strscpy to handle stat strings\n (bsc#1098633).\n\n - net: phy: marvell10g: report if the PHY fails to boot\n firmware (bsc#1119113 FATE#326472).\n\n - net/sched: cbs: Fix error path of cbs_module_init\n (bsc#1109837).\n\n - net/sched: cbs: fix port_rate miscalculation\n (bsc#1109837).\n\n - net/tls: avoid NULL pointer deref on nskb->sk in\n fallback (bsc#1109837).\n\n - net/tls: avoid potential deadlock in\n tls_set_device_offload_rx() (bsc#1109837).\n\n - net: tls, correctly account for copied bytes with\n multiple sk_msgs (bsc#1109837).\n\n - net/tls: do not copy negative amounts of data in\n reencrypt (bsc#1109837).\n\n - net/tls: do not ignore netdev notifications if no TLS\n features (bsc#1109837).\n\n - net/tls: do not leak IV and record seq when offload\n fails (bsc#1109837).\n\n - net/tls: do not leak partially sent record in device\n mode (bsc#1109837).\n\n - net/tls: fix build without CONFIG_TLS_DEVICE\n (bsc#1109837).\n\n - net/tls: fix copy to fragments in reencrypt\n (bsc#1109837).\n\n - net/tls: fix page double free on TX cleanup\n (bsc#1109837).\n\n - net/tls: fix refcount adjustment in fallback\n (bsc#1109837).\n\n - net/tls: fix state removal with feature flags off\n (bsc#1109837).\n\n - net/tls: fix the IV leaks (bsc#1109837).\n\n - net/tls: prevent bad memory access in\n tls_is_sk_tx_device_offloaded() (bsc#1109837).\n\n - net/tls: replace the sleeping lock around RX resync with\n a bit lock (bsc#1109837).\n\n - net/udp_gso: Allow TX timestamp with UDP GSO\n (bsc#1109837).\n\n - new primitive: vmemdup_user() (jsc#SLE-4712\n bsc#1136156).\n\n - nfit/ars: Allow root to busy-poll the ARS state machine\n (bsc#1140814).\n\n - nfit/ars: Avoid stale ARS results (jsc#SLE-5433).\n\n - nfit/ars: Introduce scrub_flags (jsc#SLE-5433).\n\n - nfp: bpf: fix static check error through tightening\n shift amount adjustment (bsc#1109837).\n\n - nfp: flower: add rcu locks when accessing netdev for\n tunnels (bsc#1109837).\n\n - nl80211: fix station_info pertid memory leak\n (bsc#1051510).\n\n - ntp: Allow TAI-UTC offset to be set to zero\n (bsc#1135642).\n\n - nvme: copy MTFA field from identify controller\n (bsc#1140715).\n\n - nvme-rdma: fix double freeing of async event data\n (bsc#1120423).\n\n - nvme-rdma: fix possible double free of controller async\n event buffer (bsc#1120423).\n\n - ocfs2: try to reuse extent block in dealloc without\n meta_alloc (bsc#1128902).\n\n - pci: Disable VF decoding before pcibios_sriov_disable()\n updates resources (jsc#SLE-5803).\n\n - pci: Disable VF decoding before pcibios_sriov_disable()\n updates resources (jsc#SLE-5803 FATE#327056).\n\n - pci: Do not poll for PME if the device is in D3cold\n (bsc#1051510).\n\n - pci/IOV: Add flag so platforms can skip VF scanning\n (jsc#SLE-5803).\n\n - pci/IOV: Add flag so platforms can skip VF scanning\n (jsc#SLE-5803 FATE#327056).\n\n - pci/IOV: Factor out sriov_add_vfs() (jsc#SLE-5803).\n\n - pci/IOV: Factor out sriov_add_vfs() (jsc#SLE-5803\n FATE#327056).\n\n - pci/P2PDMA: fix the gen_pool_add_virt() failure path\n (bsc#1103992).\n\n - pci/P2PDMA: fix the gen_pool_add_virt() failure path\n (bsc#1103992 FATE#326009).\n\n - pci: PM: Skip devices in D0 for suspend-to-idle\n (bsc#1051510).\n\n - pci: rpadlpar: Fix leaked device_node references in\n add/remove paths (bsc#1051510).\n\n - perf/x86/intel/cstate: Support multi-die/package\n (jsc#SLE-5454).\n\n - perf/x86/intel/rapl: Cosmetic rename internal variables\n in response to multi-die/pkg support (jsc#SLE-5454).\n\n - perf/x86/intel/rapl: Support multi-die/package\n (jsc#SLE-5454).\n\n - perf/x86/intel/uncore: Cosmetic renames in response to\n multi-die/pkg support (jsc#SLE-5454).\n\n - perf/x86/intel/uncore: Support multi-die/package\n (jsc#SLE-5454).\n\n - pinctrl/amd: add get_direction handler (bsc#1140463).\n\n - pinctrl/amd: fix gpio irq level in debugfs\n (bsc#1140463).\n\n - pinctrl/amd: fix masking of GPIO interrupts\n (bsc#1140463).\n\n - pinctrl/amd: make functions amd_gpio_suspend and\n amd_gpio_resume static (bsc#1140463).\n\n - pinctrl/amd: poll InterruptEnable bits in\n amd_gpio_irq_set_type (bsc#1140463).\n\n - pinctrl/amd: poll InterruptEnable bits in enable_irq\n (bsc#1140463).\n\n - platform_data/mlxreg: Add capability field to core\n platform data (bsc#1112374).\n\n - platform_data/mlxreg: additions for Mellanox watchdog\n driver (bsc#1112374).\n\n - platform_data/mlxreg: Document fixes for core platform\n data (bsc#1112374).\n\n - platform/mellanox: Add new ODM system types to\n mlx-platform (bsc#1112374).\n\n - platform/mellanox: Add TmFifo driver for Mellanox\n BlueField Soc (bsc#1136333 jsc#SLE-4994).\n\n - platform/x86: asus-wmi: Only Tell EC the OS will handle\n display hotkeys from asus_nb_wmi (bsc#1051510).\n\n - platform/x86: mlx-platform: Add ASIC hotplug device\n configuration (bsc#1112374).\n\n - platform/x86: mlx-platform: Add definitions for new\n registers (bsc#1112374).\n\n - platform/x86: mlx-platform: Add extra CPLD for next\n generation systems (bsc#1112374).\n\n - platform/x86: mlx-platform: Add LED platform driver\n activation (bsc#1112374).\n\n - platform/x86: mlx-platform: Add mlxreg-fan platform\n driver activation (bsc#1112374).\n\n - platform/x86: mlx-platform: Add mlxreg-io platform\n driver activation (bsc#1112374).\n\n - platform/x86: mlx-platform: Add mlx-wdt platform driver\n activation (bsc#1112374).\n\n - platform/x86: mlx-platform: Add support for fan\n capability registers (bsc#1112374).\n\n - platform/x86: mlx-platform: Add support for fan\n direction register (bsc#1112374).\n\n - platform/x86: mlx-platform: Add support for new VMOD0007\n board name (bsc#1112374).\n\n - platform/x86: mlx-platform: Add support for tachometer\n speed register (bsc#1112374).\n\n - platform/x86: mlx-platform: Add UID LED for the next\n generation systems (bsc#1112374).\n\n - platform/x86: mlx-platform: Allow mlxreg-io driver\n activation for more systems (bsc#1112374).\n\n - platform/x86: mlx-platform: Allow mlxreg-io driver\n activation for new systems (bsc#1112374).\n\n - platform/x86: mlx-platform: Change mlxreg-io\n configuration for MSN274x systems (bsc#1112374).\n\n - platform/x86: mlx-platform: Convert to use SPDX\n identifier (bsc#1112374).\n\n - platform/x86: mlx-platform: Fix access mode for fan_dir\n attribute (bsc#1112374).\n\n - platform/x86: mlx-platform: Fix copy-paste error in\n mlxplat_init() (bsc#1112374).\n\n - platform/x86: mlx-platform: Fix LED configuration\n (bsc#1112374).\n\n - platform/x86: mlx-platform: Fix tachometer registers\n (bsc#1112374).\n\n - platform/x86: mlx-platform: Remove unused define\n (bsc#1112374).\n\n - platform/x86: mlx-platform: Rename new systems product\n names (bsc#1112374).\n\n - PM: ACPI/PCI: Resume all devices during hibernation\n (bsc#1111666).\n\n - powercap/intel_rapl: Simplify rapl_find_package()\n (jsc#SLE-5454).\n\n - powercap/intel_rapl: Support multi-die/package\n (jsc#SLE-5454).\n\n - powercap/intel_rapl: Update RAPL domain name and debug\n messages (jsc#SLE-5454).\n\n - powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to\n power9 event list (bsc#1137728, LTC#178106).\n\n - powerpc/perf: Add POWER9 alternate PM_RUN_CYC and\n PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106).\n\n - powerpc/rtas: retry when cpu offline races with\n suspend/migration (bsc#1140428, LTC#178808).\n\n - ppc64le: enable CONFIG_PPC_DT_CPU_FTRS (jsc#SLE-7159).\n\n - ppp: mppe: Add softdep to arc4 (bsc#1088047).\n\n - ptrace: Fix -$gt;ptracer_cred handling for\n PTRACE_TRACEME (git-fixes).\n\n - ptrace: restore smp_rmb() in __ptrace_may_access()\n (git-fixes).\n\n - pwm: stm32: Use 3 cells ->of_xlate() (bsc#1111666).\n\n - qedi: Use hwfns and affin_hwfn_idx to get MSI-X vector\n index (jsc#SLE-4693 bsc#1136462).\n\n - qmi_wwan: add network device usage statistics for qmimux\n devices (bsc#1051510).\n\n - qmi_wwan: add support for QMAP padding in the RX path\n (bsc#1051510).\n\n - qmi_wwan: avoid RCU stalls on device disconnect when in\n QMAP mode (bsc#1051510).\n\n - qmi_wwan: extend permitted QMAP mux_id value range\n (bsc#1051510).\n\n - qmi_wwan: Fix out-of-bounds read (bsc#1111666).\n\n - rapidio: fix a NULL pointer dereference when\n create_workqueue() fails (bsc#1051510).\n\n - RAS/CEC: Convert the timer callback to a workqueue\n (bsc#1114279).\n\n - RAS/CEC: Fix binary search function (bsc#1114279).\n\n - rbd: do not assert on writes to snapshots (bsc#1137985\n bsc#1138681).\n\n - rdma/ipoib: Allow user space differentiate between valid\n dev_port (bsc#1103992).\n\n - rdma/ipoib: Allow user space differentiate between valid\n dev_port (bsc#1103992 FATE#326009).\n\n - rdma/mlx5: Do not allow the user to write to the clock\n page (bsc#1103991).\n\n - rdma/mlx5: Do not allow the user to write to the clock\n page (bsc#1103991 FATE#326007).\n\n - rdma/mlx5: Initialize roce port info before multiport\n master init (bsc#1103991).\n\n - rdma/mlx5: Initialize roce port info before multiport\n master init (bsc#1103991 FATE#326007).\n\n - rdma/mlx5: Use rdma_user_map_io for mapping BAR pages\n (bsc#1103992).\n\n - rdma/mlx5: Use rdma_user_map_io for mapping BAR pages\n (bsc#1103992 FATE#326009).\n\n - Refresh\n patches.fixes/scsi-Introduce-scsi_start_queue.patch\n (bsc#1119532).\n\n - regulator: s2mps11: Fix buck7 and buck8 wrong voltages\n (bsc#1051510).\n\n - Replace the bluetooth fix with the upstream commit\n (bsc#1135556)\n\n - Reshuffle patches to match series_sort.py\n\n - Revert 'net: ena: ethtool: add extra properties\n retrieval via get_priv_flags' (bsc#1138879).\n\n - Revert 'net/mlx5e: Enable reporting checksum unnecessary\n also for L3 packets' (bsc#1103990).\n\n - Revert 'net/mlx5e: Enable reporting checksum unnecessary\n also for L3 packets' (bsc#1103990 FATE#326006).\n\n - Revert 'Revert 'Drop multiversion(kernel) from the KMP\n template ()''\n\n - Revert 'Revert 'Drop multiversion(kernel) from the KMP\n template (fate#323189)\n\n - Revert 's390/jump_label: Use 'jdd' constraint on gcc9\n (bsc#1138589).' This broke the build with older gcc\n instead.\n\n - Revert 'Sign non-x86 kernels when possible\n (boo#1134303)' This reverts commit\n bac621c6704610562ebd9e74ae5ad85ca8025681. We do not have\n reports of this working with all ARM architectures in\n all cases (boot, kexec, ..) so revert for now.\n\n - Revert 'svm: Fix AVIC incomplete IPI emulation'\n (bsc#1140133).\n\n - rpm/package-descriptions: fix typo in kernel-azure\n\n - rpm/post.sh: correct typo in err msg (bsc#1137625)\n\n - s390/dasd: fix using offset into zero size array error\n (bsc#1051510).\n\n - s390/jump_label: Use 'jdd' constraint on gcc9\n (bsc#1138589).\n\n - s390/pci: improve bar check (jsc#SLE-5803).\n\n - s390/pci: improve bar check (jsc#SLE-5803 FATE#327056).\n\n - s390/pci: map IOV resources (jsc#SLE-5803).\n\n - s390/pci: map IOV resources (jsc#SLE-5803 FATE#327056).\n\n - s390/pci: skip VF scanning (jsc#SLE-5803).\n\n - s390/pci: skip VF scanning (jsc#SLE-5803 FATE#327056).\n\n - s390/qeth: fix race when initializing the IP address\n table (bsc#1051510).\n\n - s390/qeth: fix VLAN attribute in bridge_hostnotify udev\n event (bsc#1051510).\n\n - s390/setup: fix early warning messages (bsc#1051510).\n\n - s390/virtio: handle find on invalid queue gracefully\n (bsc#1051510).\n\n - sbitmap: fix improper use of smp_mb__before_atomic()\n (bsc#1140658).\n\n - sched/topology: Improve load balancing on AMD EPYC\n (bsc#1137366).\n\n - scripts/git_sort/git_sort.py: add djbw/nvdimm\n nvdimm-pending.\n\n - scripts/git_sort/git_sort.py: add nvdimm/libnvdimm-fixes\n\n - scripts/git_sort/git_sort.py: drop old scsi branches\n\n - scsi: aacraid: change event_wait to a completion\n (jsc#SLE-4710 bsc#1136161).\n\n - scsi: aacraid: change wait_sem to a completion\n (jsc#SLE-4710 bsc#1136161).\n\n - scsi: aacraid: clean up some indentation and formatting\n issues (jsc#SLE-4710 bsc#1136161).\n\n - scsi: aacraid: Mark expected switch fall-through\n (jsc#SLE-4710 bsc#1136161).\n\n - scsi: aacraid: Mark expected switch fall-throughs\n (jsc#SLE-4710 bsc#1136161).\n\n - scsi: be2iscsi: be_iscsi: Mark expected switch\n fall-through (jsc#SLE-4721 bsc#1136264).\n\n - scsi: be2iscsi: be_main: Mark expected switch\n fall-through (jsc#SLE-4721 bsc#1136264).\n\n - scsi: be2iscsi: fix spelling mistake 'Retreiving' -gt;\n 'Retrieving' (jsc#SLE-4721 bsc#1136264).\n\n - scsi: be2iscsi: lpfc: fix typo (jsc#SLE-4721\n bsc#1136264).\n\n - scsi: be2iscsi: remove unused variable dmsg\n (jsc#SLE-4721 bsc#1136264).\n\n - scsi: be2iscsi: switch to generic DMA API (jsc#SLE-4721\n bsc#1136264).\n\n - scsi: core: add new RDAC LENOVO/DE_Series device\n (bsc#1132390).\n\n - scsi: csiostor: csio_wr: mark expected switch\n fall-through (jsc#SLE-4679 bsc#1136343).\n\n - scsi: csiostor: drop serial_number usage (jsc#SLE-4679\n bsc#1136343).\n\n - scsi: csiostor: fix calls to dma_set_mask_and_coherent()\n (jsc#SLE-4679 bsc#1136343).\n\n - scsi: csiostor: fix incorrect dma device in case of\n vport (jsc#SLE-4679 bsc#1136343).\n\n - scsi: csiostor: fix missing data copy in\n csio_scsi_err_handler() (jsc#SLE-4679 bsc#1136343).\n\n - scsi: csiostor: fix NULL pointer dereference in\n csio_vport_set_state() (jsc#SLE-4679 bsc#1136343).\n\n - scsi: csiostor: no need to check return value of\n debugfs_create functions (jsc#SLE-4679 bsc#1136343).\n\n - scsi: csiostor: Remove set but not used variable 'pln'\n (jsc#SLE-4679 bsc#1136343).\n\n - scsi: hpsa: bump driver version (jsc#SLE-4712\n bsc#1136156).\n\n - scsi: hpsa: check for lv removal (jsc#SLE-4712\n bsc#1136156).\n\n - scsi: hpsa: clean up two indentation issues\n (jsc#SLE-4712 bsc#1136156).\n\n - scsi: hpsa: correct device id issues (jsc#SLE-4712\n bsc#1136156).\n\n - scsi: hpsa: correct device resets (jsc#SLE-4712\n bsc#1136156).\n\n - scsi: hpsa: correct ioaccel2 chaining (jsc#SLE-4712\n bsc#1136156).\n\n - scsi: hpsa: correct simple mode (jsc#SLE-4712\n bsc#1136156).\n\n - scsi: hpsa: fix an uninitialized read and dereference of\n pointer dev (jsc#SLE-4712 bsc#1136156).\n\n - scsi: hpsa: mark expected switch fall-throughs\n (jsc#SLE-4712 bsc#1136156).\n\n - scsi: hpsa: remove timeout from TURs (jsc#SLE-4712\n bsc#1136156).\n\n - scsi: hpsa: switch to generic DMA API (jsc#SLE-4712\n bsc#1136156).\n\n - scsi: hpsa: Use vmemdup_user to replace the open code\n (jsc#SLE-4712 bsc#1136156).\n\n - scsi: megaraid_sas: Add support for DEVICE_LIST DCMD in\n driver (bsc#1136271).\n\n - scsi: megaraid_sas: correct an info message\n (bsc#1136271).\n\n - scsi: megaraid_sas: driver version update (bsc#1136271).\n\n - scsi: megaraid_sas: Retry reads of outbound_intr_status\n reg (bsc#1136271).\n\n - scsi: megaraid_sas: Rework code to get PD and LD list\n (bsc#1136271).\n\n - scsi: megaraid_sas: Rework device add code in AEN path\n (bsc#1136271).\n\n - scsi: megaraid_sas: Update structures for\n HOST_DEVICE_LIST DCMD (bsc#1136271).\n\n - scsi: mpt3sas: Add Atomic RequestDescriptor support on\n Aero (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Add flag high_iops_queues\n (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Add missing breaks in switch statements\n (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Add support for ATLAS PCIe switch\n (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Add support for NVMe Switch Adapter\n (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Affinity high iops queues IRQs to local\n node (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: change _base_get_msix_index prototype\n (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Enable interrupt coalescing on high iops\n (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: fix indentation issue\n (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Fix kernel panic during expander reset\n (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Fix typo in request_desript_type\n (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: function pointers of request descriptor\n (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Improve the threshold value and introduce\n module param (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Introduce perf_mode module parameter\n (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Irq poll to avoid CPU hard lockups\n (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Load balance to improve performance and\n avoid soft lockups (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Rename mpi endpoint device ID macro\n (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: save and use MSI-X index for posting RD\n (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: simplify interrupt handler\n (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Update driver version to 27.102.00.00\n (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Update driver version to 29.100.00.00\n (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Update mpt3sas driver version to\n 28.100.00.00 (bsc#1125703,jsc#SLE-4717).\n\n - scsi: mpt3sas: Use high iops queues under some\n circumstances (bsc#1125703,jsc#SLE-4717).\n\n - scsi: qedi: add module param to set ping packet size\n (jsc#SLE-4693 bsc#1136462).\n\n - scsi: qedi: Add packet filter in light L2 Rx path\n (jsc#SLE-4693 bsc#1136462).\n\n - scsi: qedi: Check for session online before getting\n iSCSI TLV data (jsc#SLE-4693 bsc#1136462).\n\n - scsi: qedi: Cleanup redundant QEDI_PAGE_SIZE macro\n definition (jsc#SLE-4693 bsc#1136462).\n\n - scsi: qedi: Fix spelling mistake 'OUSTANDING' ->\n 'OUTSTANDING' (jsc#SLE-4693 bsc#1136462).\n\n - scsi: qedi: Move LL2 producer index processing in BH\n (jsc#SLE-4693 bsc#1136462).\n\n - scsi: qedi: remove set but not used variables 'cdev' and\n 'udev' (jsc#SLE-4693 bsc#1136462).\n\n - scsi: qedi: Replace PAGE_SIZE with QEDI_PAGE_SIZE\n (jsc#SLE-4693 bsc#1136462).\n\n - scsi: qedi: Update driver version to 8.33.0.21\n (jsc#SLE-4693 bsc#1136462).\n\n - scsi: qla2xxx: Fix abort handling in\n tcm_qla2xxx_write_pending() (bsc#1140727).\n\n - scsi: qla2xxx: Fix FC-AL connection target discovery\n (bsc#1094555).\n\n - scsi: qla2xxx: Fix incorrect region-size setting in\n optrom SYSFS routines (bsc#1140728).\n\n - scsi: qla2xxx: Fix N2N target discovery with Local loop\n (bsc#1094555).\n\n - scsi: target/iblock: Fix overrun in WRITE SAME emulation\n (bsc#1140424).\n\n - scsi: target/iblock: Fix overrun in WRITE SAME emulation\n (bsc#1140424).\n\n - scsi: vmw_pscsi: Fix use-after-free in\n pvscsi_queue_lck() (bsc#1135296).\n\n - scsi: zfcp: fix missing zfcp_port reference put on\n -EBUSY from port_remove (bsc#1051510).\n\n - scsi: zfcp: fix rport unblock if deleted SCSI devices on\n Scsi_Host (bsc#1051510).\n\n - scsi: zfcp: fix scsi_eh host reset with port_forced ERP\n for non-NPIV FCP devices (bsc#1051510).\n\n - scsi: zfcp: fix to prevent port_remove with pure auto\n scan LUNs (only sdevs) (bsc#1051510).\n\n - signal/ptrace: Do not leak uninitialized kernel memory\n with PTRACE_PEEK_SIGINFO (git-fixes).\n\n - smb3: Fix endian warning (bsc#1137884).\n\n - soc: mediatek: pwrap: Zero initialize rdata in\n pwrap_init_cipher (bsc#1051510).\n\n - soc: rockchip: Set the proper PWM for rk3288\n (bsc#1051510).\n\n - sort patches to proper position\n\n - squash\n patches.fixes/tcp-fix-fack_count-accounting-on-tcp_shift\n _skb_data.patch into\n patches.fixes/tcp-limit-payload-size-of-sacked-skbs.patc\n h to match what stable backports do\n\n - staging: comedi: ni_mio_common: Fix divide-by-zero for\n DIO cmdtest (bsc#1051510).\n\n - staging:iio:ad7150: fix threshold mode config bit\n (bsc#1051510).\n\n - supported.conf: added mlxbf_tmfifo (bsc#1136333\n jsc#SLE-4994)\n\n - svm: Add warning message for AVIC IPI invalid target\n (bsc#1140133).\n\n - svm: Fix AVIC incomplete IPI emulation (bsc#1140133).\n\n - sysctl: handle overflow in proc_get_long (bsc#1051510).\n\n - thermal: rcar_gen3_thermal: disable interrupt in .remove\n (bsc#1051510).\n\n - thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal\n variables to zones from packages (jsc#SLE-5454).\n\n - thermal/x86_pkg_temp_thermal: Support multi-die/package\n (jsc#SLE-5454).\n\n - tmpfs: fix link accounting when a tmpfile is linked in\n (bsc#1051510).\n\n - tmpfs: fix uninitialized return value in shmem_link\n (bsc#1051510).\n\n - tools: bpftool: fix infinite loop in map create\n (bsc#1109837).\n\n - topology: Create core_cpus and die_cpus sysfs attributes\n (jsc#SLE-5454).\n\n - topology: Create package_cpus sysfs attribute\n (jsc#SLE-5454).\n\n - tracing/snapshot: Resize spare buffer if size changed\n (bsc#1140726).\n\n - tty: max310x: Fix external crystal register setup\n (bsc#1051510).\n\n - typec: tcpm: fix compiler warning about stupid things\n (git-fixes).\n\n - usb: chipidea: udc: workaround for endpoint conflict\n issue (bsc#1135642).\n\n - usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam\n regression) (bsc#1135642).\n\n - usb: Fix chipmunk-like voice when using Logitech C270\n for recording audio (bsc#1051510).\n\n - usbnet: ipheth: fix racing condition (bsc#1051510).\n\n - usb: serial: fix initial-termios handling (bsc#1135642).\n\n - usb: serial: option: add support for Simcom\n SIM7500/SIM7600 RNDIS mode (bsc#1051510).\n\n - usb: serial: option: add Telit 0x1260 and 0x1261\n compositions (bsc#1051510).\n\n - usb: serial: pl2303: add Allied Telesis VT-Kit3\n (bsc#1051510).\n\n - usb: serial: pl2303: fix tranceiver suspend mode\n (bsc#1135642).\n\n - usb: usb-storage: Add new ID to ums-realtek\n (bsc#1051510).\n\n - usb: xhci: avoid NULL pointer deref when bos field is\n NULL (bsc#1135642).\n\n - vfio: ccw: only free cp on final interrupt\n (bsc#1051510).\n\n - vlan: disable SIOCSHWTSTAMP in container (bsc#1051510).\n\n - x86/amd_nb: Add support for Raven Ridge CPUs\n (FATE#327735).\n\n - x86/CPU/AMD: Do not force the CPB cap when running under\n a hypervisor (bsc#1114279).\n\n - x86/cpufeatures: Carve out CQM features retrieval\n (jsc#SLE-5382).\n\n - x86/cpufeatures: Combine word 11 and 12 into a new\n scattered features word (jsc#SLE-5382). This changes\n definitions of some bits, but they are intended to be\n used only by the core, so hopefully, no KMP uses the\n definitions.\n\n - x86/cpufeatures: Enumerate the new AVX512 BFLOAT16\n instructions (jsc#SLE-5382).\n\n - x86/cpufeatures: Enumerate user wait instructions\n (jsc#SLE-5187).\n\n - x86/CPU/hygon: Fix phys_proc_id calculation logic for\n multi-die processors (fate#327735).\n\n - x86/mce: Fix machine_check_poll() tests for error types\n (bsc#1114279).\n\n - x86/microcode, cpuhotplug: Add a microcode loader CPU\n hotplug callback (bsc#1114279).\n\n - x86/microcode: Fix microcode hotplug state\n (bsc#1114279).\n\n - x86/microcode: Fix the ancient deprecated microcode\n loading method (bsc#1114279).\n\n - x86/mm/mem_encrypt: Disable all instrumentation for\n early SME setup (bsc#1114279).\n\n - x86/smpboot: Rename match_die() to match_pkg()\n (jsc#SLE-5454).\n\n - x86/speculation/mds: Revert CPU buffer clear on double\n fault exit (bsc#1114279).\n\n - x86/topology: Add CPUID.1F multi-die/package support\n (jsc#SLE-5454).\n\n - x86/topology: Create topology_max_die_per_package()\n (jsc#SLE-5454).\n\n - x86/topology: Define topology_die_id() (jsc#SLE-5454).\n\n - x86/topology: Define topology_logical_die_id()\n (jsc#SLE-5454).\n\n - x86/umwait: Add sysfs interface to control umwait C0.2\n state (jsc#SLE-5187).\n\n - x86/umwait: Add sysfs interface to control umwait\n maximum time (jsc#SLE-5187).\n\n - x86/umwait: Initialize umwait control values\n (jsc#SLE-5187).\n\n - xdp: check device pointer before clearing (bsc#1109837).\n\n - (nl,mac)80211: allow 4addr AP operation on crypto\n controlled devices (bsc#1051510).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1071995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1088047\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1098633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103991\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106383\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119113\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119532\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1125703\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1128902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1130836\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135642\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1135897\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136156\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136157\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136161\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136264\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136462\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136935\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137366\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137884\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137985\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138681\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1139712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1139771\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1139865\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140228\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140328\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140575\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140658\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140814\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140889\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140954\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140956\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140957\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140958\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140960\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140961\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140962\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140964\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140971\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140992\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20836\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-4.12.14-lp151.28.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-base-4.12.14-lp151.28.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-base-debuginfo-4.12.14-lp151.28.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-debuginfo-4.12.14-lp151.28.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-debugsource-4.12.14-lp151.28.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-devel-4.12.14-lp151.28.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-devel-debuginfo-4.12.14-lp151.28.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-4.12.14-lp151.28.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-base-4.12.14-lp151.28.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-base-debuginfo-4.12.14-lp151.28.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-debuginfo-4.12.14-lp151.28.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-debugsource-4.12.14-lp151.28.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-devel-4.12.14-lp151.28.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-devel-debuginfo-4.12.14-lp151.28.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-devel-4.12.14-lp151.28.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-docs-html-4.12.14-lp151.28.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-4.12.14-lp151.28.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-base-4.12.14-lp151.28.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-lp151.28.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-lp151.28.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-debugsource-4.12.14-lp151.28.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-devel-4.12.14-lp151.28.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-lp151.28.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-macros-4.12.14-lp151.28.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-build-4.12.14-lp151.28.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-build-debugsource-4.12.14-lp151.28.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-qa-4.12.14-lp151.28.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-source-4.12.14-lp151.28.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-source-vanilla-4.12.14-lp151.28.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-syms-4.12.14-lp151.28.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-4.12.14-lp151.28.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-base-4.12.14-lp151.28.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-lp151.28.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-debuginfo-4.12.14-lp151.28.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-debugsource-4.12.14-lp151.28.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-devel-4.12.14-lp151.28.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-lp151.28.10.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:04", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4746 advisory.\n\n - fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (CVE-2019-11833)\n\n - ** DISPUTED ** An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This has been disputed as not an issue.\n (CVE-2019-12378)\n\n - ** DISPUTED ** An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: this is disputed because new_ra is never used if it is NULL. (CVE-2019-12381)\n\n - A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost. (CVE-2018-16871)\n\n - An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)\n\n - In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages. (CVE-2019-13631)\n\n - ** DISPUTED ** An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference. (CVE-2019-12382)\n\n - In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.\n (CVE-2019-13272)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-08-20T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4746)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16871", "CVE-2019-1071", "CVE-2019-1073", "CVE-2019-1125", "CVE-2019-11833", "CVE-2019-12378", "CVE-2019-12381", "CVE-2019-12382", "CVE-2019-13272", "CVE-2019-13631"], "modified": "2023-02-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2019-4746.NASL", "href": "https://www.tenable.com/plugins/nessus/127985", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4746.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127985);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/08\");\n\n script_cve_id(\n \"CVE-2018-16871\",\n \"CVE-2019-1125\",\n \"CVE-2019-11833\",\n \"CVE-2019-12378\",\n \"CVE-2019-12381\",\n \"CVE-2019-12382\",\n \"CVE-2019-13272\",\n \"CVE-2019-13631\"\n );\n script_xref(name:\"IAVA\", value:\"2019-A-0284-S\");\n script_xref(name:\"IAVA\", value:\"2019-A-0285-S\");\n script_xref(name:\"IAVA\", value:\"2019-A-0290-S\");\n script_xref(name:\"IAVA\", value:\"2019-A-0293-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/10\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4746)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2019-4746 advisory.\n\n - fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the\n extent tree block, which might allow local users to obtain sensitive information by reading uninitialized\n data in the filesystem. (CVE-2019-11833)\n\n - ** DISPUTED ** An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel\n through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of\n service (NULL pointer dereference and system crash). NOTE: This has been disputed as not an issue.\n (CVE-2019-12378)\n\n - ** DISPUTED ** An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel\n through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of\n service (NULL pointer dereference and system crash). NOTE: this is disputed because new_ra is never used\n if it is NULL. (CVE-2019-12381)\n\n - A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to\n 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer\n dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS\n server. Any outstanding disk writes to the NFS server will be lost. (CVE-2018-16871)\n\n - An information disclosure vulnerability exists when certain central processing units (CPU) speculatively\n access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from\n CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)\n\n - In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a\n malicious USB device can send an HID report that triggers an out-of-bounds write during generation of\n debugging messages. (CVE-2019-13631)\n\n - ** DISPUTED ** An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the\n Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause\n a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as\n not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance\n for a NULL pointer dereference. (CVE-2019-12382)\n\n - In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the\n credentials of a process that wants to create a ptrace relationship, which allows local users to obtain\n root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops\n privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an\n object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of\n a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper\n with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.\n (CVE-2019-13272)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-4746.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13272\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Polkit pkexec helper PTRACE_TRACEME local root exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.14.35-1902.4.8.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-4746');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.14.35-1902.4.8.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-4.14.35-1902.4.8.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-1902.4.8.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-1902.4.8.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-1902.4.8.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-1902.4.8.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-1902.4.8.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-1902.4.8.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-doc-4.14.35-1902.4.8.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.14.35'},\n {'reference':'kernel-uek-headers-4.14.35-1902.4.8.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-1902.4.8.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-1902.4.8.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-libs-4.14.35-1902.4.8.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-4.14.35'},\n {'reference':'kernel-uek-tools-libs-devel-4.14.35-1902.4.8.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-devel-4.14.35'},\n {'reference':'perf-4.14.35-1902.4.8.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.35-1902.4.8.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:26:04", "description": "The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-10638: A device could have been tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. (bnc#1140575)\n\nCVE-2019-10639: Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP).\nWhen such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image was exposed. This attack could have been carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server.\nICMP traffic was trivial if the server answered ICMP Echo requests (ping). For client targets, if the target visited the attacker's web page, then WebRTC or gQUIC could be used to force UDP traffic to attacker-controlled IP addresses. (bnc#1140577)\n\nCVE-2018-20836: A race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, could have lead to a use-after-free. (bnc#1134395)\n\nCVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.\n(bnc#1133738)\n\nCVE-2019-12614: An unchecked kstrdup might have allowed an attacker to cause denial of service (a NULL pointer dereference and system crash).\n(bnc#1137194)\n\nCVE-2019-12819: The function __mdiobus_register() in drivers/net/phy/mdio_bus.c called put_device() which would trigger a fixed_mdio_bus_init use-after-free. This would cause a denial of service. (bnc#1138291)\n\nCVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may have returned NULL. If the caller did not check for this, it would trigger a NULL pointer dereference. This would cause denial of service. (bnc#1138293)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-07-16T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:1851-1) (SACK Slowness)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16871", "CVE-2018-20836", "CVE-2019-10126", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-11478", "CVE-2019-11599", "CVE-2019-12456", "CVE-2019-12614", "CVE-2019-12818", "CVE-2019-12819"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-1851-1.NASL", "href": "https://www.tenable.com/plugins/nessus/126741", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1851-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126741);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\n \"CVE-2018-16871\",\n \"CVE-2018-20836\",\n \"CVE-2019-10126\",\n \"CVE-2019-10638\",\n \"CVE-2019-10639\",\n \"CVE-2019-11478\",\n \"CVE-2019-11599\",\n \"CVE-2019-12456\",\n \"CVE-2019-12614\",\n \"CVE-2019-12818\",\n \"CVE-2019-12819\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0456\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:1851-1) (SACK Slowness)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-10638: A device could have been tracked by an attacker using\nthe IP ID values the kernel produces for connection-less protocols\n(e.g., UDP and ICMP). When such traffic was sent to multiple\ndestination IP addresses, it was possible to obtain hash collisions\n(of indices to the counter array) and thereby obtain the hashing key\n(via enumeration). An attack may have been conducted by hosting a\ncrafted web page that uses WebRTC or gQUIC to force UDP traffic to\nattacker-controlled IP addresses. (bnc#1140575)\n\nCVE-2019-10639: Information Exposure (partial kernel address\ndisclosure), leading to a KASLR bypass. Specifically, it was possible\nto extract the KASLR kernel image offset using the IP ID values the\nkernel produces for connection-less protocols (e.g., UDP and ICMP).\nWhen such traffic was sent to multiple destination IP addresses, it\nwas possible to obtain hash collisions (of indices to the counter\narray) and thereby obtain the hashing key (via enumeration). This key\ncontains enough bits from a kernel address (of a static variable) so\nwhen the key is extracted (via enumeration), the offset of the kernel\nimage was exposed. This attack could have been carried out remotely,\nby the attacker forcing the target device to send UDP or ICMP (or\ncertain other) traffic to attacker-controlled IP addresses. Forcing a\nserver to send UDP traffic is trivial if the server is a DNS server.\nICMP traffic was trivial if the server answered ICMP Echo requests\n(ping). For client targets, if the target visited the attacker's web\npage, then WebRTC or gQUIC could be used to force UDP traffic to\nattacker-controlled IP addresses. (bnc#1140577)\n\nCVE-2018-20836: A race condition in smp_task_timedout() and\nsmp_task_done() in drivers/scsi/libsas/sas_expander.c, could have lead\nto a use-after-free. (bnc#1134395)\n\nCVE-2019-11599: The coredump implementation in the Linux kernel did\nnot use locking or other mechanisms to prevent vma layout or vma flags\nchanges while it runs, which allowed local users to obtain sensitive\ninformation, cause a denial of service, or possibly have unspecified\nother impact by triggering a race condition with mmget_not_zero or\nget_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c,\nfs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.\n(bnc#1133738)\n\nCVE-2019-12614: An unchecked kstrdup might have allowed an attacker to\ncause denial of service (a NULL pointer dereference and system crash).\n(bnc#1137194)\n\nCVE-2019-12819: The function __mdiobus_register() in\ndrivers/net/phy/mdio_bus.c called put_device() which would trigger a\nfixed_mdio_bus_init use-after-free. This would cause a denial of\nservice. (bnc#1138291)\n\nCVE-2019-12818: The nfc_llcp_build_tlv function in\nnet/nfc/llcp_commands.c may have returned NULL. If the caller did not\ncheck for this, it would trigger a NULL pointer dereference. This\nwould cause denial of service. (bnc#1138293)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088047\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098633\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109137\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119532\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128432\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128910\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133738\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135296\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136811\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136922\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137103\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137194\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137221\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137366\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137625\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137996\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138000\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138003\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138005\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138375\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139771\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139865\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140328\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140814\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140948\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=821419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=945811\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16871/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20836/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10126/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10638/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10639/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11478/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11599/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12456/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12614/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12818/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12819/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191851-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2446a209\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP4:zypper in -t patch\nSUSE-SLE-WE-12-SP4-2019-1851=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-1851=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-1851=1\n\nSUSE Linux Enterprise Live Patching 12-SP4:zypper in -t patch\nSUSE-SLE-Live-Patching-12-SP4-2019-1851=1\n\nSUSE Linux Enterprise High Availability 12-SP4:zypper in -t patch\nSUSE-SLE-HA-12-SP4-2019-1851=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-1851=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20836\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-10126\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-95.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-95.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-4.12.14-95.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-base-4.12.14-95.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-base-debuginfo-4.12.14-95.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-debuginfo-4.12.14-95.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-debugsource-4.12.14-95.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-devel-4.12.14-95.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-syms-4.12.14-95.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-4.12.14-95.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.12.14-95.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.12.14-95.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.12.14-95.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-95.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-extra-4.12.14-95.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-4.12.14-95.24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-syms-4.12.14-95.24.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:26:46", "description": "The SUSE Linux Enterprise 15 kernel version 4.12.14 was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-10638: Attackers used to be able to track the Linux kernel by the IP ID values the kernel produces for connection-less protocols.\nWhen such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack could have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. [bnc#1140575]\n\nCVE-2019-10639: The Linux kernel used to allow Information Exposure (partial kernel address disclosure), leading to a KASLR bypass.\nSpecifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols. When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image was exposed. This attack could be carried out remotely by the attacker forcing the target device to send UDP or ICMP traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server.\nICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. [bnc#1140577]\n\nCVE-2018-20836: A race condition used to exist in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. [bnc#1134395]\n\nCVE-2019-10126: A heap-based buffer overflow in the wireless driver code was fixed. This issue might have lead to memory corruption and possibly other consequences. [bnc#1136935]\n\nCVE-2019-11599: The coredump implementation did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls.\n[bnc#1131645].\n\nCVE-2019-12614: There was an unchecked kstrdup of prop->name on PowerPC platforms, which allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). [bnc#1137194]\n\nCVE-2018-16871: A flaw was found in the NFS implementation. An attacker who was able to mount an exported NFS filesystem was able to trigger a NULL pointer dereference by an invalid NFS sequence. This could panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will were lost.\n[bnc#1137103]\n\nCVE-2019-12819: The function __mdiobus_register() used to call put_device(), which would trigger a fixed_mdio_bus_init use-after-free error. This would cause a denial of service. [bnc#1138291]\n\nCVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller did not check for this, it could trigger a NULL pointer dereference. This would cause denial of service. [bnc#1138293]\n\nCVE-2019-12456: An issue in the MPT3COMMAND case in _ctl_ioctl_main() allowed local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a 'double fetch' vulnerability.\n[bsc#1136922]\n\nCVE-2019-12380: An issue was in the EFI subsystem existed that mishandled memory allocation failures. Note, however, that all relevant code runs only at boot-time, before any user processes are started. Therefore, there was no possibility for an unprivileged user to exploit this issue. [bnc#1136598]\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-07-15T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1829-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16871", "CVE-2018-20836", "CVE-2019-10126", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-11599", "CVE-2019-12380", "CVE-2019-12456", "CVE-2019-12614", "CVE-2019-12818", "CVE-2019-12819"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debugsource", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-azure-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-extra", "p-cpe:/a:novell:suse_linux:kernel-azure-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-livepatch", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "p-cpe:/a:novell:suse_linux:kselftests-kmp-azure", "p-cpe:/a:novell:suse_linux:kselftests-kmp-azure-debuginfo", "p-cpe:/a:novell:suse_linux:cluster-md-kmp-azure", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-azure", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-azure-debuginfo", "p-cpe:/a:novell:suse_linux:cluster-md-kmp-azure-debuginfo", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-azure", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-azure-debuginfo", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:dlm-kmp-azure", "p-cpe:/a:novell:suse_linux:dlm-kmp-azure-debuginfo", "p-cpe:/a:novell:suse_linux:gfs2-kmp-azure", "p-cpe:/a:novell:suse_linux:gfs2-kmp-azure-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-base", "p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo"], "id": "SUSE_SU-2019-1829-1.NASL", "href": "https://www.tenable.com/plugins/nessus/126691", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1829-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126691);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2018-16871\",\n \"CVE-2018-20836\",\n \"CVE-2019-10126\",\n \"CVE-2019-10638\",\n \"CVE-2019-10639\",\n \"CVE-2019-11599\",\n \"CVE-2019-12380\",\n \"CVE-2019-12456\",\n \"CVE-2019-12614\",\n \"CVE-2019-12818\",\n \"CVE-2019-12819\"\n );\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1829-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 kernel version 4.12.14 was updated to\nreceive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-10638: Attackers used to be able to track the Linux kernel by\nthe IP ID values the kernel produces for connection-less protocols.\nWhen such traffic was sent to multiple destination IP addresses, it\nwas possible to obtain hash collisions (of indices to the counter\narray) and thereby obtain the hashing key (via enumeration). An attack\ncould have been conducted by hosting a crafted web page that uses\nWebRTC or gQUIC to force UDP traffic to attacker-controlled IP\naddresses. [bnc#1140575]\n\nCVE-2019-10639: The Linux kernel used to allow Information Exposure\n(partial kernel address disclosure), leading to a KASLR bypass.\nSpecifically, it was possible to extract the KASLR kernel image offset\nusing the IP ID values the kernel produces for connection-less\nprotocols. When such traffic was sent to multiple destination IP\naddresses, it was possible to obtain hash collisions (of indices to\nthe counter array) and thereby obtain the hashing key (via\nenumeration). This key contains enough bits from a kernel address (of\na static variable) so when the key was extracted (via enumeration),\nthe offset of the kernel image was exposed. This attack could be\ncarried out remotely by the attacker forcing the target device to send\nUDP or ICMP traffic to attacker-controlled IP addresses. Forcing a\nserver to send UDP traffic is trivial if the server is a DNS server.\nICMP traffic is trivial if the server answers ICMP Echo requests\n(ping). For client targets, if the target visits the attacker's web\npage, then WebRTC or gQUIC can be used to force UDP traffic to\nattacker-controlled IP addresses. [bnc#1140577]\n\nCVE-2018-20836: A race condition used to exist in smp_task_timedout()\nand smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to\na use-after-free. [bnc#1134395]\n\nCVE-2019-10126: A heap-based buffer overflow in the wireless driver\ncode was fixed. This issue might have lead to memory corruption and\npossibly other consequences. [bnc#1136935]\n\nCVE-2019-11599: The coredump implementation did not use locking or\nother mechanisms to prevent vma layout or vma flags changes while it\nran, which allowed local users to obtain sensitive information, cause\na denial of service, or possibly have unspecified other impact by\ntriggering a race condition with mmget_not_zero or get_task_mm calls.\n[bnc#1131645].\n\nCVE-2019-12614: There was an unchecked kstrdup of prop->name on\nPowerPC platforms, which allowed an attacker to cause a denial of\nservice (NULL pointer dereference and system crash). [bnc#1137194]\n\nCVE-2018-16871: A flaw was found in the NFS implementation. An\nattacker who was able to mount an exported NFS filesystem was able to\ntrigger a NULL pointer dereference by an invalid NFS sequence. This\ncould panic the machine and deny access to the NFS server. Any\noutstanding disk writes to the NFS server will were lost.\n[bnc#1137103]\n\nCVE-2019-12819: The function __mdiobus_register() used to call\nput_device(), which would trigger a fixed_mdio_bus_init use-after-free\nerror. This would cause a denial of service. [bnc#1138291]\n\nCVE-2019-12818: The nfc_llcp_build_tlv function in\nnet/nfc/llcp_commands.c may return NULL. If the caller did not check\nfor this, it could trigger a NULL pointer dereference. This would\ncause denial of service. [bnc#1138293]\n\nCVE-2019-12456: An issue in the MPT3COMMAND case in _ctl_ioctl_main()\nallowed local users to cause a denial of service or possibly have\nunspecified other impact by changing the value of ioc_number between\ntwo kernel reads of that value, aka a 'double fetch' vulnerability.\n[bsc#1136922]\n\nCVE-2019-12380: An issue was in the EFI subsystem existed that\nmishandled memory allocation failures. Note, however, that all\nrelevant code runs only at boot-time, before any user processes are\nstarted. Therefore, there was no possibility for an unprivileged user\nto exploit this issue. [bnc#1136598]\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088047\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098633\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109137\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119532\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128432\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128910\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133738\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135296\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136922\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137103\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137194\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137625\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137996\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138000\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138003\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138005\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138375\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139771\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139865\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140328\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140814\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16871/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20836/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10126/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10638/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10639/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11599/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12380/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12456/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12614/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12818/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12819/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191829-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3bab832d\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Public Cloud 15:zypper in -t patch\nSUSE-SLE-Module-Public-Cloud-15-2019-1829=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1829=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20836\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-10126\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-azure-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-azure-debuginfo-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-azure-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-azure-debuginfo-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-azure-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-azure-debuginfo-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-base-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-base-debuginfo-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-debuginfo-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-debugsource-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-devel-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-devel-debuginfo-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-extra-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-extra-debuginfo-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-livepatch-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-syms-azure-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kselftests-kmp-azure-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kselftests-kmp-azure-debuginfo-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-azure-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-azure-debuginfo-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"reiserfs-kmp-azure-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"reiserfs-kmp-azure-debuginfo-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-azure-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-azure-debuginfo-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-azure-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-azure-debuginfo-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-azure-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-azure-debuginfo-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-base-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-base-debuginfo-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-debuginfo-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-debugsource-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-devel-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-devel-debuginfo-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-extra-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-extra-debuginfo-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-azure-livepatch-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-syms-azure-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kselftests-kmp-azure-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kselftests-kmp-azure-debuginfo-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-azure-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-azure-debuginfo-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"reiserfs-kmp-azure-4.12.14-5.33.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"reiserfs-kmp-azure-debuginfo-4.12.14-5.33.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-29T14:26:32", "description": "The SUSE Linux Enterprise 15 kernel version 4.12.14 was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-10638: Attackers used to be able to track the Linux kernel by the IP ID values the kernel produces for connection-less protocols.\nWhen such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack could have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. [bnc#1140575]\n\nCVE-2019-10639: The Linux kernel used to allow Information Exposure (partial kernel address disclosure), leading to a KASLR bypass.\nSpecifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols. When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image was exposed. This attack could be carried out remotely by the attacker forcing the target device to send UDP or ICMP traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server.\nICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. [bnc#1140577]\n\nCVE-2018-20836: A race condition used to exist in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. [bnc#1134395]\n\nCVE-2019-10126: A heap-based buffer overflow in the wireless driver code was fixed. This issue might have lead to memory corruption and possibly other consequences. [bnc#1136935]\n\nCVE-2019-11599: The coredump implementation did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls.\n[bnc#1131645].\n\nCVE-2019-12614: There was an unchecked kstrdup of prop->name on PowerPC platforms, which allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). [bnc#1137194]\n\nCVE-2018-16871: A flaw was found in the NFS implementation. An attacker who was able to mount an exported NFS filesystem was able to trigger a NULL pointer dereference by an invalid NFS sequence. This could panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will were lost.\n[bnc#1137103]\n\nCVE-2019-12819: The function __mdiobus_register() used to call put_device(), which would trigger a fixed_mdio_bus_init use-after-free error. This would cause a denial of service. [bnc#1138291]\n\nCVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller did not check for this, it could trigger a NULL pointer dereference. This would cause denial of service. [bnc#1138293]\n\nCVE-2019-12456: An issue in the MPT3COMMAND case in _ctl_ioctl_main() allowed local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a 'double fetch' vulnerability.\n[bsc#1136922]\n\nCVE-2019-12380: An issue was in the EFI subsystem existed that mishandled memory allocation failures. Note, however, that all relevant code runs only at boot-time, before any user processes are started. Therefore, there was no possibility for an unprivileged user to exploit this issue. [bnc#1136598]\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-07-16T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1855-1) (SACK Slowness)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16871", "CVE-2018-20836", "CVE-2019-10126", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-11478", "CVE-2019-11599", "CVE-2019-12380", "CVE-2019-12456", "CVE-2019-12614", "CVE-2019-12818", "CVE-2019-12819"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-obs-qa", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource", "p-cpe:/a:novell:suse_linux:kselftests-kmp-default", "p-cpe:/a:novell:suse_linux:kselftests-kmp-default-debuginfo", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-1855-1.NASL", "href": "https://www.tenable.com/plugins/nessus/126744", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1855-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126744);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\n \"CVE-2018-16871\",\n \"CVE-2018-20836\",\n \"CVE-2019-10126\",\n \"CVE-2019-10638\",\n \"CVE-2019-10639\",\n \"CVE-2019-11478\",\n \"CVE-2019-11599\",\n \"CVE-2019-12380\",\n \"CVE-2019-12456\",\n \"CVE-2019-12614\",\n \"CVE-2019-12818\",\n \"CVE-2019-12819\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0456\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1855-1) (SACK Slowness)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 kernel version 4.12.14 was updated to\nreceive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-10638: Attackers used to be able to track the Linux kernel by\nthe IP ID values the kernel produces for connection-less protocols.\nWhen such traffic was sent to multiple destination IP addresses, it\nwas possible to obtain hash collisions (of indices to the counter\narray) and thereby obtain the hashing key (via enumeration). An attack\ncould have been conducted by hosting a crafted web page that uses\nWebRTC or gQUIC to force UDP traffic to attacker-controlled IP\naddresses. [bnc#1140575]\n\nCVE-2019-10639: The Linux kernel used to allow Information Exposure\n(partial kernel address disclosure), leading to a KASLR bypass.\nSpecifically, it was possible to extract the KASLR kernel image offset\nusing the IP ID values the kernel produces for connection-less\nprotocols. When such traffic was sent to multiple destination IP\naddresses, it was possible to obtain hash collisions (of indices to\nthe counter array) and thereby obtain the hashing key (via\nenumeration). This key contains enough bits from a kernel address (of\na static variable) so when the key was extracted (via enumeration),\nthe offset of the kernel image was exposed. This attack could be\ncarried out remotely by the attacker forcing the target device to send\nUDP or ICMP traffic to attacker-controlled IP addresses. Forcing a\nserver to send UDP traffic is trivial if the server is a DNS server.\nICMP traffic is trivial if the server answers ICMP Echo requests\n(ping). For client targets, if the target visits the attacker's web\npage, then WebRTC or gQUIC can be used to force UDP traffic to\nattacker-controlled IP addresses. [bnc#1140577]\n\nCVE-2018-20836: A race condition used to exist in smp_task_timedout()\nand smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to\na use-after-free. [bnc#1134395]\n\nCVE-2019-10126: A heap-based buffer overflow in the wireless driver\ncode was fixed. This issue might have lead to memory corruption and\npossibly other consequences. [bnc#1136935]\n\nCVE-2019-11599: The coredump implementation did not use locking or\nother mechanisms to prevent vma layout or vma flags changes while it\nran, which allowed local users to obtain sensitive information, cause\na denial of service, or possibly have unspecified other impact by\ntriggering a race condition with mmget_not_zero or get_task_mm calls.\n[bnc#1131645].\n\nCVE-2019-12614: There was an unchecked kstrdup of prop->name on\nPowerPC platforms, which allowed an attacker to cause a denial of\nservice (NULL pointer dereference and system crash). [bnc#1137194]\n\nCVE-2018-16871: A flaw was found in the NFS implementation. An\nattacker who was able to mount an exported NFS filesystem was able to\ntrigger a NULL pointer dereference by an invalid NFS sequence. This\ncould panic the machine and deny access to the NFS server. Any\noutstanding disk writes to the NFS server will were lost.\n[bnc#1137103]\n\nCVE-2019-12819: The function __mdiobus_register() used to call\nput_device(), which would trigger a fixed_mdio_bus_init use-after-free\nerror. This would cause a denial of service. [bnc#1138291]\n\nCVE-2019-12818: The nfc_llcp_build_tlv function in\nnet/nfc/llcp_commands.c may return NULL. If the caller did not check\nfor this, it could trigger a NULL pointer dereference. This would\ncause denial of service. [bnc#1138293]\n\nCVE-2019-12456: An issue in the MPT3COMMAND case in _ctl_ioctl_main()\nallowed local users to cause a denial of service or possibly have\nunspecified other impact by changing the value of ioc_number between\ntwo kernel reads of that value, aka a 'double fetch' vulnerability.\n[bsc#1136922]\n\nCVE-2019-12380: An issue was in the EFI subsystem existed that\nmishandled memory allocation failures. Note, however, that all\nrelevant code runs only at boot-time, before any user processes are\nstarted. Therefore, there was no possibility for an unprivileged user\nto exploit this issue. [bnc#1136598]\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088047\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098633\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109137\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119532\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128432\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128910\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133738\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135296\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136922\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137103\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137194\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137625\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137996\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138000\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138003\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138005\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138375\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139771\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139865\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140328\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140814\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16871/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20836/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10126/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10638/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10639/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11478/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-11599/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12380/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12456/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12614/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12818/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12819/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191855-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f0271507\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15:zypper in -t patch\nSUSE-SLE-Product-WE-15-2019-1855=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-1855=1\n\nSUSE Linux Enterprise Module for Live Patching 15:zypper in -t patch\nSUSE-SLE-Module-Live-Patching-15-2019-1855=1\n\nSUSE Linux Enterprise Module for Legacy Software 15:zypper in -t patch\nSUSE-SLE-Module-Legacy-15-2019-1855=1\n\nSUSE Linux Enterprise Module for Development Tools 15:zypper in -t\npatch SUSE-SLE-Module-Development-Tools-15-2019-1855=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2019-1855=1\n\nSUSE Linux Enterprise High Availability 15:zypper in -t patch\nSUSE-SLE-Product-HA-15-2019-1855=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20836\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-10126\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-base-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-base-debuginfo-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-debuginfo-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-debugsource-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-devel-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-devel-debuginfo-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-obs-build-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-obs-build-debugsource-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-obs-qa-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-syms-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-vanilla-base-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-vanilla-debuginfo-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-vanilla-debugsource-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kselftests-kmp-default-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kselftests-kmp-default-debuginfo-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"reiserfs-kmp-default-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"reiserfs-kmp-default-debuginfo-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-base-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-base-debuginfo-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-debuginfo-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-debugsource-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-devel-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-devel-debuginfo-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-obs-build-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-obs-build-debugsource-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-obs-qa-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-syms-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-vanilla-base-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-vanilla-debuginfo-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-vanilla-debugsource-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kselftests-kmp-default-4.12.14-150.27.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kselftests-kmp-default-debuginfo-4.12.14-150.27.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:29:48", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.(CVE-2018-10323)\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.(CVE-2018-10879)\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bound write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. (CVE-2018-10883)\n\n - The Linux kernel was found vulnerable to an integer overflow in the drivers/video/fbdev/uvesafb.c:uvesafb_setcmap() function. The vulnerability could result in local attackers being able to crash the kernel or potentially elevate privileges.(CVE-2018-13406)\n\n - It was found that paravirt_patch_call/jump() functions in the arch/x86/kernel/paravirt.c in the Linux kernel mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtualized guests. (CVE-2018-15594)\n\n - A flaw was found in the Linux kernel's NFS implementation. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence.\n This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost. (CVE-2018-16871)\n\n - A vulnerability was found in the Linux kernelaEURtms floppy disk driver implementation. A local attacker with access to the floppy device could call set_geometry in drivers/block/floppy.c, which does not validate the sect and head fields, causing an integer overflow and out-of-bounds read. This flaw may crash the system or allow an attacker to gather information causing subsequent successful attacks. (CVE-2019-14283)\n\n - A vulnerability was found in the Linux kernelaEURtms floppy disk driver implementation. A local attacker with access to the floppy disk device file (/dev/fd0 through to /dev/fdN) can create a situation that causes the kernel to divide by zero. This requires two consecutive ioctl calls to be issued. The first ioctl call sets the sector and rate values, and the second ioctl is the call to format the floppy disk to the appropriate values. This flaw can cause the system to divide by zero and panic the host. No media (floppy) is required to be inserted for this attack to work properly.(CVE-2019-14284)\n\n - In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c.(CVE-2019-13648)\n\n - In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages. (CVE-2019-13631)\n\n - An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).\n NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference. (CVE-2019-12382)\n\n - An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop-i1/4zname, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). (CVE-2019-12614)\n\n - An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an\n __blk_drain_queue() use-after-free because a certain error case is mishandled.(CVE-2018-20856)\n\n - An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: this is disputed because new_ra is never used if it is NULL.(CVE-2019-12381)\n\n - An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This has been disputed as not an issue.(CVE-2019-12378)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-09-16T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1919)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10323", "CVE-2018-10879", "CVE-2018-10883", "CVE-2018-13406", "CVE-2018-15594", "CVE-2018-16871", "CVE-2018-20856", "CVE-2019-12378", "CVE-2019-12381", "CVE-2019-12382", "CVE-2019-12614", "CVE-2019-13631", "CVE-2019-13648", "CVE-2019-14283", "CVE-2019-14284"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1919.NASL", "href": "https://www.tenable.com/plugins/nessus/128842", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128842);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-10323\",\n \"CVE-2018-10879\",\n \"CVE-2018-10883\",\n \"CVE-2018-13406\",\n \"CVE-2018-15594\",\n \"CVE-2018-16871\",\n \"CVE-2018-20856\",\n \"CVE-2019-12378\",\n \"CVE-2019-12381\",\n \"CVE-2019-12382\",\n \"CVE-2019-12614\",\n \"CVE-2019-13631\",\n \"CVE-2019-13648\",\n \"CVE-2019-14283\",\n \"CVE-2019-14284\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1919)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The xfs_bmap_extents_to_btree function in\n fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through\n 4.16.3 allows local users to cause a denial of service\n (xfs_bmapi_write NULL pointer dereference) via a\n crafted xfs image.(CVE-2018-10323)\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause a use-after-free in\n ext4_xattr_set_entry function and a denial of service\n or unspecified other impact may occur by renaming a\n file in a crafted ext4 filesystem\n image.(CVE-2018-10879)\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bound write in\n jbd2_journal_dirty_metadata(), a denial of service, and\n a system crash by mounting and operating on a crafted\n ext4 filesystem image. (CVE-2018-10883)\n\n - The Linux kernel was found vulnerable to an integer\n overflow in the\n drivers/video/fbdev/uvesafb.c:uvesafb_setcmap()\n function. The vulnerability could result in local\n attackers being able to crash the kernel or potentially\n elevate privileges.(CVE-2018-13406)\n\n - It was found that paravirt_patch_call/jump() functions\n in the arch/x86/kernel/paravirt.c in the Linux kernel\n mishandles certain indirect calls, which makes it\n easier for attackers to conduct Spectre-v2 attacks\n against paravirtualized guests. (CVE-2018-15594)\n\n - A flaw was found in the Linux kernel's NFS\n implementation. An attacker, who is able to mount an\n exported NFS filesystem, is able to trigger a null\n pointer dereference by using an invalid NFS sequence.\n This can panic the machine and deny access to the NFS\n server. Any outstanding disk writes to the NFS server\n will be lost. (CVE-2018-16871)\n\n - A vulnerability was found in the Linux kernelaEURtms\n floppy disk driver implementation. A local attacker\n with access to the floppy device could call\n set_geometry in drivers/block/floppy.c, which does not\n validate the sect and head fields, causing an integer\n overflow and out-of-bounds read. This flaw may crash\n the system or allow an attacker to gather information\n causing subsequent successful attacks. (CVE-2019-14283)\n\n - A vulnerability was found in the Linux kernelaEURtms\n floppy disk driver implementation. A local attacker\n with access to the floppy disk device file (/dev/fd0\n through to /dev/fdN) can create a situation that causes\n the kernel to divide by zero. This requires two\n consecutive ioctl calls to be issued. The first ioctl\n call sets the sector and rate values, and the second\n ioctl is the call to format the floppy disk to the\n appropriate values. This flaw can cause the system to\n divide by zero and panic the host. No media (floppy) is\n required to be inserted for this attack to work\n properly.(CVE-2019-14284)\n\n - In the Linux kernel through 5.2.1 on the powerpc\n platform, when hardware transactional memory is\n disabled, a local user can cause a denial of service\n (TM Bad Thing exception and system crash) via a\n sigreturn() system call that sends a crafted signal\n frame. This affects arch/powerpc/kernel/signal_32.c and\n arch/powerpc/kernel/signal_64.c.(CVE-2019-13648)\n\n - In parse_hid_report_descriptor in\n drivers/input/tablet/gtco.c in the Linux kernel through\n 5.2.1, a malicious USB device can send an HID report\n that triggers an out-of-bounds write during generation\n of debugging messages. (CVE-2019-13631)\n\n - An issue was discovered in drm_load_edid_firmware in\n drivers/gpu/drm/drm_edid_load.c in the Linux kernel\n through 5.1.5. There is an unchecked kstrdup of fwstr,\n which might allow an attacker to cause a denial of\n service (NULL pointer dereference and system crash).\n NOTE: The vendor disputes this issues as not being a\n vulnerability because kstrdup() returning NULL is\n handled sufficiently and there is no chance for a NULL\n pointer dereference. (CVE-2019-12382)\n\n - An issue was discovered in dlpar_parse_cc_property in\n arch/powerpc/platforms/pseries/dlpar.c in the Linux\n kernel through 5.1.6. There is an unchecked kstrdup of\n prop-i1/4zname, which might allow an attacker to cause a\n denial of service (NULL pointer dereference and system\n crash). (CVE-2019-12614)\n\n - An issue was discovered in the Linux kernel before\n 4.18.7. In block/blk-core.c, there is an\n __blk_drain_queue() use-after-free because a certain\n error case is mishandled.(CVE-2018-20856)\n\n - An issue was discovered in ip_ra_control in\n net/ipv4/ip_sockglue.c in the Linux kernel through\n 5.1.5. There is an unchecked kmalloc of new_ra, which\n might allow an attacker to cause a denial of service\n (NULL pointer dereference and system crash). NOTE: this\n is disputed because new_ra is never used if it is\n NULL.(CVE-2019-12381)\n\n - An issue was discovered in ip6_ra_control in\n net/ipv6/ipv6_sockglue.c in the Linux kernel through\n 5.1.5. There is an unchecked kmalloc of new_ra, which\n might allow an attacker to cause a denial of service\n (NULL pointer dereference and system crash). NOTE: This\n has been disputed as not an issue.(CVE-2019-12378)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1919\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1fdbaa67\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-13406\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.2.h239.eulerosv2r7\",\n \"kernel-devel-3.10.0-862.14.1.2.h239.eulerosv2r7\",\n \"kernel-headers-3.10.0-862.14.1.2.h239.eulerosv2r7\",\n \"kernel-tools-3.10.0-862.14.1.2.h239.eulerosv2r7\",\n \"kernel-tools-libs-3.10.0-862.14.1.2.h239.eulerosv2r7\",\n \"perf-3.10.0-862.14.1.2.h239.eulerosv2r7\",\n \"python-perf-3.10.0-862.14.1.2.h239.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-10T16:43:12", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1769 advisory.\n\n - A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.\n (CVE-2019-8980)\n\n - A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost. (CVE-2018-16871)\n\n - An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver. (CVE-2019-15221)\n\n - ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7. (CVE-2019-17053)\n\n - base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. (CVE-2019-17055)\n\n - The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable in 4.1 because IP ID generation was changed to have a dependency on an address associated with a network namespace. (CVE-2019-10639)\n\n - In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub- buffer). (CVE-2019-19768)\n\n - Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e. (CVE-2019-19057)\n\n - An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read. (CVE-2019-15090)\n\n - In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29. (CVE-2019-19534)\n\n - A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. (CVE-2020-1749)\n\n - drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. (CVE-2019-15099)\n\n - An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6. (CVE-2019-18805)\n\n - Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function, aka CID-853acf7caf10. (CVE-2019-19073)\n\n - A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.\n (CVE-2019-19074)\n\n - kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words, although this slice expiration would typically be seen with benign workloads, it is possible that an attacker could calculate how many stray requests are required to force an entire Kubernetes cluster into a low-performance state caused by slice expiration, and ensure that a DDoS attack sent that number of stray requests. An attack does not affect the stability of the kernel; it only causes mismanagement of application execution.) (CVE-2019-19922)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-09-07T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : kernel (ELSA-2020-1769)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16871", "CVE-2019-10639", "CVE-2019-15090", "CVE-2019-15099", "CVE-2019-15221", "CVE-2019-17053", "CVE-2019-17055", "CVE-2019-18805", "CVE-2019-19057", "CVE-2019-19073", "CVE-2019-19074", "CVE-2019-19534", "CVE-2019-19768", "CVE-2019-19922", "CVE-2019-8980", "CVE-2020-1749"], "modified": "2023-09-07T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-core", "p-cpe:/a:oracle:linux:kernel-cross-headers", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-core", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-debug-modules", "p-cpe:/a:oracle:linux:kernel-debug-modules-extra", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-modules", "p-cpe:/a:oracle:linux:kernel-modules-extra", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python3-perf"], "id": "ORACLELINUX_ELSA-2020-1769.NASL", "href": "https://www.tenable.com/plugins/nessus/181001", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-1769.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(181001);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/07\");\n\n script_cve_id(\n \"CVE-2018-16871\",\n \"CVE-2019-8980\",\n \"CVE-2019-10639\",\n \"CVE-2019-15090\",\n \"CVE-2019-15099\",\n \"CVE-2019-15221\",\n \"CVE-2019-17053\",\n \"CVE-2019-17055\",\n \"CVE-2019-18805\",\n \"CVE-2019-19057\",\n \"CVE-2019-19073\",\n \"CVE-2019-19074\",\n \"CVE-2019-19534\",\n \"CVE-2019-19768\",\n \"CVE-2019-19922\",\n \"CVE-2020-1749\"\n );\n\n script_name(english:\"Oracle Linux 8 : kernel (ELSA-2020-1769)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-1769 advisory.\n\n - A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows\n attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.\n (CVE-2019-8980)\n\n - A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to\n 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer\n dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS\n server. Any outstanding disk writes to the NFS server will be lost. (CVE-2018-16871)\n\n - An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a\n malicious USB device in the sound/usb/line6/pcm.c driver. (CVE-2019-15221)\n\n - ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel\n through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket,\n aka CID-e69dbd4619e7. (CVE-2019-17053)\n\n - base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through\n 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka\n CID-b91ee4aa2a21. (CVE-2019-17055)\n\n - The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel\n address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel\n image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and\n ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash\n collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This\n key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via\n enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the\n attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled\n IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic\n is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the\n attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP\n addresses. NOTE: this attack against KASLR became viable in 4.1 because IP ID generation was changed to\n have a dependency on an address associated with a network namespace. (CVE-2019-10639)\n\n - In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in\n kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-\n buffer). (CVE-2019-19768)\n\n - Two memory leaks in the mwifiex_pcie_init_evt_ring() function in\n drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a\n denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka\n CID-d10dcb615c8e. (CVE-2019-19057)\n\n - An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the\n qedi_dbg_* family of functions, there is an out-of-bounds read. (CVE-2019-15090)\n\n - In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device\n in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29. (CVE-2019-19534)\n\n - A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN\n and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't\n correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would\n allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this\n vulnerability is to data confidentiality. (CVE-2020-1749)\n\n - drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via\n an incomplete address in an endpoint descriptor. (CVE-2019-15099)\n\n - An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a\n net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large\n integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified\n other impact, aka CID-19fad20d15a6. (CVE-2019-18805)\n\n - Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow\n attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout()\n failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the\n htc_connect_service() function, aka CID-853acf7caf10. (CVE-2019-19073)\n\n - A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.\n (CVE-2019-19074)\n\n - kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with\n Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by\n generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words,\n although this slice expiration would typically be seen with benign workloads, it is possible that an\n attacker could calculate how many stray requests are required to force an entire Kubernetes cluster into a\n low-performance state caused by slice expiration, and ensure that a DDoS attack sent that number of stray\n requests. An attack does not affect the stability of the kernel; it only causes mismanagement of\n application execution.) (CVE-2019-19922)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-1769.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-18805\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/09/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.18.0-193.el8'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-1769');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.18';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-abi-whitelists-4.18.0-193.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-4.18.0'},\n {'reference':'bpftool-4.18.0-193.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-193.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-cross-headers-4.18.0'},\n {'reference':'kernel-headers-4.18.0-193.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-4.18.0'},\n {'reference':'kernel-tools-4.18.0-193.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-4.18.0'},\n {'reference':'kernel-tools-libs-4.18.0-193.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-4.18.0'},\n {'reference':'kernel-tools-libs-devel-4.18.0-193.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-4.18.0'},\n {'reference':'perf-4.18.0-193.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-193.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-193.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-193.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-4.18.0'},\n {'reference':'kernel-core-4.18.0-193.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-core-4.18.0'},\n {'reference':'kernel-cross-headers-4.18.0-193.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-cross-headers-4.18.0'},\n {'reference':'kernel-debug-4.18.0-193.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-4.18.0'},\n {'reference':'kernel-debug-core-4.18.0-193.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-core-4.18.0'},\n {'reference':'kernel-debug-devel-4.18.0-193.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-4.18.0'},\n {'reference':'kernel-debug-modules-4.18.0-193.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-4.18.0'},\n {'reference':'kernel-debug-modules-extra-4.18.0-193.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-extra-4.18.0'},\n {'reference':'kernel-devel-4.18.0-193.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-4.18.0'},\n {'reference':'kernel-headers-4.18.0-193.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-4.18.0'},\n {'reference':'kernel-modules-4.18.0-193.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-4.18.0'},\n {'reference':'kernel-modules-extra-4.18.0-193.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-extra-4.18.0'},\n {'reference':'kernel-tools-4.18.0-193.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-4.18.0'},\n {'reference':'kernel-tools-libs-4.18.0-193.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-4.18.0'},\n {'reference':'kernel-tools-libs-devel-4.18.0-193.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-4.18.0'},\n {'reference':'perf-4.18.0-193.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-193.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:03:59", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343.(CVE-2018-7191)\n\n - A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042.(CVE-2019-19062)\n\n - An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.(CVE-2019-18805)\n\n - In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a.(CVE-2019-16994)\n\n - An issue was discovered in the Linux kernel before 5.0.6. There is a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c.(CVE-2019-15921)\n\n - In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service.(CVE-2019-15807)\n\n - An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9.\n XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS.(CVE-2019-15538)\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.(CVE-2019-14821)\n\n - ** DISPUTED ** An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: this is disputed because new_ra is never used if it is NULL.(CVE-2019-12381)\n\n - ** DISPUTED ** An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).\n NOTE: This has been disputed as not an issue.(CVE-2019-12378)\n\n - An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure.(CVE-2018-20976)\n\n - An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an\n __blk_drain_queue() use-after-free because a certain error case is mishandled.(CVE-2018-20856)\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.(CVE-2018-16884)\n\n - A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence.\n This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.(CVE-2018-16871)\n\n - An issue was found in the Linux kernel ipv6 implementation of GRE tunnels which allows a remote attacker to trigger an out-of-bounds access. At this time we understand no trust barrier has been crossed and there is no security implications in this flaw.(CVE-2017-5897)\n\n - A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.(CVE-2019-3882)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-03-20T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.2 : kernel (EulerOS-SA-2020-1269)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4343", "CVE-2017-5897", "CVE-2018-16871", "CVE-2018-16884", "CVE-2018-20856", "CVE-2018-20976", "CVE-2018-7191", "CVE-2019-12378", "CVE-2019-12381", "CVE-2019-14821", "CVE-2019-15538", "CVE-2019-15807", "CVE-2019-15921", "CVE-2019-16994", "CVE-2019-18805", "CVE-2019-19062", "CVE-2019-3882"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.2.2"], "id": "EULEROS_SA-2020-1269.NASL", "href": "https://www.tenable.com/plugins/nessus/134735", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134735);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-5897\",\n \"CVE-2018-16871\",\n \"CVE-2018-16884\",\n \"CVE-2018-20856\",\n \"CVE-2018-20976\",\n \"CVE-2018-7191\",\n \"CVE-2019-12378\",\n \"CVE-2019-12381\",\n \"CVE-2019-14821\",\n \"CVE-2019-15538\",\n \"CVE-2019-15807\",\n \"CVE-2019-15921\",\n \"CVE-2019-16994\",\n \"CVE-2019-18805\",\n \"CVE-2019-19062\",\n \"CVE-2019-3882\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.2.2 : kernel (EulerOS-SA-2020-1269)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - In the tun subsystem in the Linux kernel before\n 4.13.14, dev_get_valid_name is not called before\n register_netdevice. This allows local users to cause a\n denial of service (NULL pointer dereference and panic)\n via an ioctl(TUNSETIFF) call with a dev name containing\n a / character. This is similar to\n CVE-2013-4343.(CVE-2018-7191)\n\n - A memory leak in the crypto_report() function in\n crypto/crypto_user_base.c in the Linux kernel through\n 5.3.11 allows attackers to cause a denial of service\n (memory consumption) by triggering crypto_report_alg()\n failures, aka CID-ffdde5932042.(CVE-2019-19062)\n\n - An issue was discovered in net/ipv4/sysctl_net_ipv4.c\n in the Linux kernel before 5.0.11. There is a\n net/ipv4/tcp_input.c signed integer overflow in\n tcp_ack_update_rtt() when userspace writes a very large\n integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading\n to a denial of service or possibly unspecified other\n impact, aka CID-19fad20d15a6.(CVE-2019-18805)\n\n - In the Linux kernel before 5.0, a memory leak exists in\n sit_init_net() in net/ipv6/sit.c when register_netdev()\n fails to register sitn->fb_tunnel_dev, which may cause\n denial of service, aka\n CID-07f12b26e21a.(CVE-2019-16994)\n\n - An issue was discovered in the Linux kernel before\n 5.0.6. There is a memory leak issue when idr_alloc()\n fails in genl_register_family() in\n net/netlink/genetlink.c.(CVE-2019-15921)\n\n - In the Linux kernel before 5.1.13, there is a memory\n leak in drivers/scsi/libsas/sas_expander.c when SAS\n expander discovery fails. This will cause a BUG and\n denial of service.(CVE-2019-15807)\n\n - An issue was discovered in xfs_setattr_nonsize in\n fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9.\n XFS partially wedges when a chgrp fails on account of\n being out of disk quota. xfs_setattr_nonsize is failing\n to unlock the ILOCK after the xfs_qm_vop_chown_reserve\n call fails. This is primarily a local DoS attack\n vector, but it might result as well in remote DoS if\n the XFS filesystem is exported for instance via\n NFS.(CVE-2019-15538)\n\n - An out-of-bounds access issue was found in the Linux\n kernel, all versions through 5.3, in the way Linux\n kernel's KVM hypervisor implements the Coalesced MMIO\n write operation. It operates on an MMIO ring buffer\n 'struct kvm_coalesced_mmio' object, wherein write\n indices 'ring->first' and 'ring->last' value could be\n supplied by a host user-space process. An unprivileged\n host user or process with access to '/dev/kvm' device\n could use this flaw to crash the host kernel, resulting\n in a denial of service or potentially escalating\n privileges on the system.(CVE-2019-14821)\n\n - ** DISPUTED ** An issue was discovered in ip_ra_control\n in net/ipv4/ip_sockglue.c in the Linux kernel through\n 5.1.5. There is an unchecked kmalloc of new_ra, which\n might allow an attacker to cause a denial of service\n (NULL pointer dereference and system crash). NOTE: this\n is disputed because new_ra is never used if it is\n NULL.(CVE-2019-12381)\n\n - ** DISPUTED ** An issue was discovered in\n ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux\n kernel through 5.1.5. There is an unchecked kmalloc of\n new_ra, which might allow an attacker to cause a denial\n of service (NULL pointer dereference and system crash).\n NOTE: This has been disputed as not an\n issue.(CVE-2019-12378)\n\n - An issue was discovered in fs/xfs/xfs_super.c in the\n Linux kernel before 4.18. A use after free exists,\n related to xfs_fs_fill_super failure.(CVE-2018-20976)\n\n - An issue was discovered in the Linux kernel before\n 4.18.7. In block/blk-core.c, there is an\n __blk_drain_queue() use-after-free because a certain\n error case is mishandled.(CVE-2018-20856)\n\n - A flaw was found in the Linux kernel's NFS41+\n subsystem. NFS41+ shares mounted in different network\n namespaces at the same time can make bc_svc_process()\n use wrong back-channel IDs and cause a use-after-free\n vulnerability. Thus a malicious container user can\n cause a host kernel memory corruption and a system\n panic. Due to the nature of the flaw, privilege\n escalation cannot be fully ruled out.(CVE-2018-16884)\n\n - A flaw was found in the Linux kernel's NFS\n implementation, all versions 3.x and all versions 4.x\n up to 4.20. An attacker, who is able to mount an\n exported NFS filesystem, is able to trigger a null\n pointer dereference by using an invalid NFS sequence.\n This can panic the machine and deny access to the NFS\n server. Any outstanding disk writes to the NFS server\n will be lost.(CVE-2018-16871)\n\n - An issue was found in the Linux kernel ipv6\n implementation of GRE tunnels which allows a remote\n attacker to trigger an out-of-bounds access. At this\n time we understand no trust barrier has been crossed\n and there is no security implications in this\n flaw.(CVE-2017-5897)\n\n - A flaw was found in the Linux kernel's vfio interface\n implementation that permits violation of the user's\n locked memory limit. If a device is bound to a vfio\n driver, such as vfio-pci, and the local attacker is\n administratively granted ownership of the device, it\n may cause a system memory exhaustion and thus a denial\n of service (DoS). Versions 3.10, 4.14 and 4.18 are\n vulnerable.(CVE-2019-3882)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1269\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ed95715f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-18805\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.2\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.2\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.6_72\",\n \"kernel-devel-3.10.0-862.14.1.6_72\",\n \"kernel-headers-3.10.0-862.14.1.6_72\",\n \"kernel-tools-3.10.0-862.14.1.6_72\",\n \"kernel-tools-libs-3.10.0-862.14.1.6_72\",\n \"kernel-tools-libs-devel-3.10.0-862.14.1.6_72\",\n \"perf-3.10.0-862.14.1.6_72\",\n \"python-perf-3.10.0-862.14.1.6_72\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:04:27", "description": "The remote NewStart CGSL host, running version MAIN 6.01, has kernel packages installed that are affected by multiple vulnerabilities:\n\n - A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.\n (CVE-2018-16871)\n\n - ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7. (CVE-2019-17053)\n\n - base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. (CVE-2019-17055)\n\n - The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code. (CVE-2019-18282)\n\n - An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6. (CVE-2019-18805)\n\n - A memory leak in the mlx5_fpga_conn_create_cq() function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7. (CVE-2019-19045)\n\n - ** DISPUTED ** A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering nl80211hdr_put() failures, aka CID-1399c59fa929. NOTE: third parties dispute the relevance of this because it occurs on a code path where a successful allocation has already occurred. (CVE-2019-19055)\n\n - A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy to udata failures, aka CID-4a9d46a9fe14. (CVE-2019-19077)\n\n - In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid- axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid- microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid- tmff.c, and drivers/hid/hid-zpff.c. (CVE-2019-19532)\n\n - In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29. (CVE-2019-19534)\n\n - In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub- buffer). (CVE-2019-19768)\n\n - A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.\n (CVE-2019-8980)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service.\n (CVE-2020-10711)\n\n - In the Linux kernel through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur. (CVE-2020-11884)\n\n - An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body. (CVE-2020-12657)\n\n - A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest. (CVE-2020-2732)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-07-21T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.01 : kernel Multiple Vulnerabilities (NS-SA-2020-0030)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16871", "CVE-2019-17053", "CVE-2019-17055", "CVE-2019-18282", "CVE-2019-18805", "CVE-2019-19045", "CVE-2019-19055", "CVE-2019-19077", "CVE-2019-19532", "CVE-2019-19534", "CVE-2019-19768", "CVE-2019-8980", "CVE-2020-10711", "CVE-2020-11884", "CVE-2020-12657", "CVE-2020-1749", "CVE-2020-2732"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0030_KERNEL.NASL", "href": "https://www.tenable.com/plugins/nessus/138766", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0030. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138766);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2018-16871\",\n \"CVE-2019-8980\",\n \"CVE-2019-17053\",\n \"CVE-2019-17055\",\n \"CVE-2019-18282\",\n \"CVE-2019-18805\",\n \"CVE-2019-19045\",\n \"CVE-2019-19055\",\n \"CVE-2019-19077\",\n \"CVE-2019-19532\",\n \"CVE-2019-19534\",\n \"CVE-2019-19768\",\n \"CVE-2020-1749\",\n \"CVE-2020-2732\",\n \"CVE-2020-10711\",\n \"CVE-2020-11884\",\n \"CVE-2020-12657\"\n );\n script_bugtraq_id(107120, 108547);\n\n script_name(english:\"NewStart CGSL MAIN 6.01 : kernel Multiple Vulnerabilities (NS-SA-2020-0030)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.01, has kernel packages installed that are affected by multiple\nvulnerabilities:\n\n - A flaw was found in the Linux kernel's NFS\n implementation, all versions 3.x and all versions 4.x up\n to 4.20. An attacker, who is able to mount an exported\n NFS filesystem, is able to trigger a null pointer\n dereference by using an invalid NFS sequence. This can\n panic the machine and deny access to the NFS server. Any\n outstanding disk writes to the NFS server will be lost.\n (CVE-2018-16871)\n\n - ieee802154_create in net/ieee802154/socket.c in the\n AF_IEEE802154 network module in the Linux kernel through\n 5.3.2 does not enforce CAP_NET_RAW, which means that\n unprivileged users can create a raw socket, aka\n CID-e69dbd4619e7. (CVE-2019-17053)\n\n - base_sock_create in drivers/isdn/mISDN/socket.c in the\n AF_ISDN network module in the Linux kernel through 5.3.2\n does not enforce CAP_NET_RAW, which means that\n unprivileged users can create a raw socket, aka\n CID-b91ee4aa2a21. (CVE-2019-17055)\n\n - The flow_dissector feature in the Linux kernel 4.3\n through 5.x before 5.3.10 has a device tracking\n vulnerability, aka CID-55667441c84f. This occurs because\n the auto flowlabel of a UDP IPv6 packet relies on a\n 32-bit hashrnd value as a secret, and because jhash\n (instead of siphash) is used. The hashrnd value remains\n the same starting from boot time, and can be inferred by\n an attacker. This affects net/core/flow_dissector.c and\n related code. (CVE-2019-18282)\n\n - An issue was discovered in net/ipv4/sysctl_net_ipv4.c in\n the Linux kernel before 5.0.11. There is a\n net/ipv4/tcp_input.c signed integer overflow in\n tcp_ack_update_rtt() when userspace writes a very large\n integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading\n to a denial of service or possibly unspecified other\n impact, aka CID-19fad20d15a6. (CVE-2019-18805)\n\n - A memory leak in the mlx5_fpga_conn_create_cq() function\n in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c\n in the Linux kernel before 5.3.11 allows attackers to\n cause a denial of service (memory consumption) by\n triggering mlx5_vector2eqn() failures, aka\n CID-c8c2a057fdc7. (CVE-2019-19045)\n\n - ** DISPUTED ** A memory leak in the\n nl80211_get_ftm_responder_stats() function in\n net/wireless/nl80211.c in the Linux kernel through\n 5.3.11 allows attackers to cause a denial of service\n (memory consumption) by triggering nl80211hdr_put()\n failures, aka CID-1399c59fa929. NOTE: third parties\n dispute the relevance of this because it occurs on a\n code path where a successful allocation has already\n occurred. (CVE-2019-19055)\n\n - A memory leak in the bnxt_re_create_srq() function in\n drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux\n kernel through 5.3.11 allows attackers to cause a denial\n of service (memory consumption) by triggering copy to\n udata failures, aka CID-4a9d46a9fe14. (CVE-2019-19077)\n\n - In the Linux kernel before 5.3.9, there are multiple\n out-of-bounds write bugs that can be caused by a\n malicious USB device in the Linux kernel HID drivers,\n aka CID-d9d4b1e46d95. This affects drivers/hid/hid-\n axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c,\n drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c,\n drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c,\n drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c,\n drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-\n microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-\n tmff.c, and drivers/hid/hid-zpff.c. (CVE-2019-19532)\n\n - In the Linux kernel before 5.3.11, there is an info-leak\n bug that can be caused by a malicious USB device in the\n drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka\n CID-f7a1337f0d29. (CVE-2019-19534)\n\n - In the Linux kernel 5.4.0-rc2, there is a use-after-free\n (read) in the __blk_add_trace function in\n kernel/trace/blktrace.c (which is used to fill out a\n blk_io_trace structure and place it in a per-cpu sub-\n buffer). (CVE-2019-19768)\n\n - A memory leak in the kernel_read_file function in\n fs/exec.c in the Linux kernel through 4.20.11 allows\n attackers to cause a denial of service (memory\n consumption) by triggering vfs_read failures.\n (CVE-2019-8980)\n\n - A NULL pointer dereference flaw was found in the Linux\n kernel's SELinux subsystem in versions before 5.7. This\n flaw occurs while importing the Commercial IP Security\n Option (CIPSO) protocol's category bitmap into the\n SELinux extensible bitmap via the'\n ebitmap_netlbl_import' routine. While processing the\n CIPSO restricted bitmap tag in the\n 'cipso_v4_parsetag_rbm' routine, it sets the security\n attribute to indicate that the category bitmap is\n present, even if it has not been allocated. This issue\n leads to a NULL pointer dereference issue while\n importing the same category bitmap into SELinux. This\n flaw allows a remote network user to crash the system\n kernel, resulting in a denial of service.\n (CVE-2020-10711)\n\n - In the Linux kernel through 5.6.7 on the s390 platform,\n code execution may occur because of a race condition, as\n demonstrated by code in enable_sacf_uaccess in\n arch/s390/lib/uaccess.c that fails to protect against a\n concurrent page table upgrade, aka CID-3f777e19d171. A\n crash could also occur. (CVE-2020-11884)\n\n - An issue was discovered in the Linux kernel before\n 5.6.5. There is a use-after-free in block/bfq-iosched.c\n related to bfq_idle_slice_timer_body. (CVE-2020-12657)\n\n - A flaw was discovered in the way that the KVM hypervisor\n handled instruction emulation for an L2 guest when\n nested virtualisation is enabled. Under some\n circumstances, an L2 guest may trick the L0 guest into\n accessing sensitive L1 resources that should be\n inaccessible to the L2 guest. (CVE-2020-2732)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0030\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-18805\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 6.01\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.01');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 6.01\": [\n \"bpftool-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b\",\n \"bpftool-debuginfo-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b\",\n \"kernel-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b\",\n \"kernel-abi-whitelists-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b\",\n \"kernel-core-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b\",\n \"kernel-cross-headers-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b\",\n \"kernel-debug-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b\",\n \"kernel-debug-core-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b\",\n \"kernel-debug-debuginfo-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b\",\n \"kernel-debug-devel-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b\",\n \"kernel-debug-modules-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b\",\n \"kernel-debug-modules-extra-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b\",\n \"kernel-debug-modules-internal-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b\",\n \"kernel-debuginfo-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b\",\n \"kernel-debuginfo-common-x86_64-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b\",\n \"kernel-devel-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b\",\n \"kernel-headers-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b\",\n \"kernel-ipaclones-internal-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b\",\n \"kernel-modules-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b\",\n \"kernel-modules-extra-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b\",\n \"kernel-modules-internal-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b\",\n \"kernel-selftests-internal-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b\",\n \"kernel-sign-keys-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b\",\n \"kernel-tools-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b\",\n \"kernel-tools-debuginfo-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b\",\n \"kernel-tools-libs-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b\",\n \"kernel-tools-libs-devel-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b\",\n \"perf-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b\",\n \"perf-debuginfo-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b\",\n \"python3-perf-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b\",\n \"python3-perf-debuginfo-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:31:01", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities:\n\n - A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest. (CVE-2018-10853)\n\n - A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel- memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.\n (CVE-2018-14625)\n\n - drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free). (CVE-2018-14734)\n\n - arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. (CVE-2018-15594)\n\n - A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.\n (CVE-2018-16871)\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem.\n NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back- channel IDs and cause a use-after-free vulnerability.\n Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2018-16884)\n\n - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\n - In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed.\n User interaction is not needed for exploitation.\n Product: Android Versions: Android kernel Android ID:\n A-65853588 References: Upstream kernel. (CVE-2018-9363)\n\n - In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n Product: Android. Versions: Android kernel. Android ID:\n A-38159931. (CVE-2018-9517)\n\n - Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.\n (CVE-2019-11085)\n\n - The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (CVE-2019-11599)\n\n - An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.\n (CVE-2019-11810)\n\n - An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)\n\n - fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (CVE-2019-11833)\n\n - A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. (CVE-2019-3459)\n\n - A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. (CVE-2019-3460)\n\n - A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable. (CVE-2019-3882)\n\n - An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario. (CVE-2019-3900)\n\n - The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.\n (CVE-2019-5489)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-10-15T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0180)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10853", "CVE-2018-14625", "CVE-2018-14734", "CVE-2018-15594", "CVE-2018-16871", "CVE-2018-16884", "CVE-2018-18281", "CVE-2018-9363", "CVE-2018-9517", "CVE-2019-11085", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-11811", "CVE-2019-11833", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3882", "CVE-2019-3900", "CVE-2019-5489"], "modified": "2022-12-05T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0180_KERNEL.NASL", "href": "https://www.tenable.com/plugins/nessus/129900", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0180. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129900);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-9363\",\n \"CVE-2018-9517\",\n \"CVE-2018-10853\",\n \"CVE-2018-14625\",\n \"CVE-2018-14734\",\n \"CVE-2018-15594\",\n \"CVE-2018-16871\",\n \"CVE-2018-16884\",\n \"CVE-2018-18281\",\n \"CVE-2019-3459\",\n \"CVE-2019-3460\",\n \"CVE-2019-3882\",\n \"CVE-2019-3900\",\n \"CVE-2019-5489\",\n \"CVE-2019-11085\",\n \"CVE-2019-11599\",\n \"CVE-2019-11810\",\n \"CVE-2019-11811\",\n \"CVE-2019-11833\"\n );\n script_bugtraq_id(105761, 106503, 108113);\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0180)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by\nmultiple vulnerabilities:\n\n - A flaw was found in the way Linux kernel KVM hypervisor\n before 4.18 emulated instructions such as\n sgdt/sidt/fxsave/fxrstor. It did not check current\n privilege(CPL) level while emulating unprivileged\n instructions. An unprivileged guest user/process could\n use this flaw to potentially escalate privileges inside\n guest. (CVE-2018-10853)\n\n - A flaw was found in the Linux Kernel where an attacker\n may be able to have an uncontrolled read to kernel-\n memory from within a vm guest. A race condition between\n connect() and close() function may allow an attacker\n using the AF_VSOCK protocol to gather a 4 byte\n information leak or possibly intercept or corrupt\n AF_VSOCK messages destined to other clients.\n (CVE-2018-14625)\n\n - drivers/infiniband/core/ucma.c in the Linux kernel\n through 4.17.11 allows ucma_leave_multicast to access a\n certain data structure after a cleanup step in\n ucma_process_join, which allows attackers to cause a\n denial of service (use-after-free). (CVE-2018-14734)\n\n - arch/x86/kernel/paravirt.c in the Linux kernel before\n 4.18.1 mishandles certain indirect calls, which makes it\n easier for attackers to conduct Spectre-v2 attacks\n against paravirtual guests. (CVE-2018-15594)\n\n - A flaw was found in the Linux kernel's NFS\n implementation, all versions 3.x and all versions 4.x up\n to 4.20. An attacker, who is able to mount an exported\n NFS filesystem, is able to trigger a null pointer\n dereference by using an invalid NFS sequence. This can\n panic the machine and deny access to the NFS server. Any\n outstanding disk writes to the NFS server will be lost.\n (CVE-2018-16871)\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem.\n NFS41+ shares mounted in different network namespaces at\n the same time can make bc_svc_process() use wrong back-\n channel IDs and cause a use-after-free vulnerability.\n Thus a malicious container user can cause a host kernel\n memory corruption and a system panic. Due to the nature\n of the flaw, privilege escalation cannot be fully ruled\n out. (CVE-2018-16884)\n\n - Since Linux kernel version 3.2, the mremap() syscall\n performs TLB flushes after dropping pagetable locks. If\n a syscall such as ftruncate() removes entries from the\n pagetables of a task that is in the middle of mremap(),\n a stale TLB entry can remain for a short time that\n permits access to a physical page after it has been\n released back to the page allocator and reused. This is\n fixed in the following kernel versions: 4.9.135,\n 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\n - In the hidp_process_report in bluetooth, there is an\n integer overflow. This could lead to an out of bounds\n write with no additional execution privileges needed.\n User interaction is not needed for exploitation.\n Product: Android Versions: Android kernel Android ID:\n A-65853588 References: Upstream kernel. (CVE-2018-9363)\n\n - In pppol2tp_connect, there is possible memory corruption\n due to a use after free. This could lead to local\n escalation of privilege with System execution privileges\n needed. User interaction is not needed for exploitation.\n Product: Android. Versions: Android kernel. Android ID:\n A-38159931. (CVE-2018-9517)\n\n - Insufficient input validation in Kernel Mode Driver in\n Intel(R) i915 Graphics for Linux before version 5.0 may\n allow an authenticated user to potentially enable\n escalation of privilege via local access.\n (CVE-2019-11085)\n\n - The coredump implementation in the Linux kernel before\n 5.0.10 does not use locking or other mechanisms to\n prevent vma layout or vma flags changes while it runs,\n which allows local users to obtain sensitive\n information, cause a denial of service, or possibly have\n unspecified other impact by triggering a race condition\n with mmget_not_zero or get_task_mm calls. This is\n related to fs/userfaultfd.c, mm/mmap.c,\n fs/proc/task_mmu.c, and\n drivers/infiniband/core/uverbs_main.c. (CVE-2019-11599)\n\n - An issue was discovered in the Linux kernel before\n 5.0.7. A NULL pointer dereference can occur when\n megasas_create_frame_pool() fails in\n megasas_alloc_cmds() in\n drivers/scsi/megaraid/megaraid_sas_base.c. This causes a\n Denial of Service, related to a use-after-free.\n (CVE-2019-11810)\n\n - An issue was discovered in the Linux kernel before\n 5.0.4. There is a use-after-free upon attempted read\n access to /proc/ioports after the ipmi_si module is\n removed, related to drivers/char/ipmi/ipmi_si_intf.c,\n drivers/char/ipmi/ipmi_si_mem_io.c, and\n drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)\n\n - fs/ext4/extents.c in the Linux kernel through 5.1.2 does\n not zero out the unused memory region in the extent tree\n block, which might allow local users to obtain sensitive\n information by reading uninitialized data in the\n filesystem. (CVE-2019-11833)\n\n - A heap address information leak while using\n L2CAP_GET_CONF_OPT was discovered in the Linux kernel\n before 5.1-rc1. (CVE-2019-3459)\n\n - A heap data infoleak in multiple locations including\n L2CAP_PARSE_CONF_RSP was found in the Linux kernel\n before 5.1-rc1. (CVE-2019-3460)\n\n - A flaw was found in the Linux kernel's vfio interface\n implementation that permits violation of the user's\n locked memory limit. If a device is bound to a vfio\n driver, such as vfio-pci, and the local attacker is\n administratively granted ownership of the device, it may\n cause a system memory exhaustion and thus a denial of\n service (DoS). Versions 3.10, 4.14 and 4.18 are\n vulnerable. (CVE-2019-3882)\n\n - An infinite loop issue was found in the vhost_net kernel\n module in Linux Kernel up to and including v5.1-rc6,\n while handling incoming packets in handle_rx(). It could\n occur if one end sends packets faster than the other end\n can process them. A guest user, maybe remote one, could\n use this flaw to stall the vhost_net kernel thread,\n resulting in a DoS scenario. (CVE-2019-3900)\n\n - The mincore() implementation in mm/mincore.c in the\n Linux kernel through 4.19.13 allowed local attackers to\n observe page cache access patterns of other processes on\n the same system, potentially allowing sniffing of secret\n information. (Fixing this affects the output of the\n fincore program.) Limited remote exploitation may be\n possible, as demonstrated by latency differences in\n accessing public files from an Apache HTTP Server.\n (CVE-2019-5489)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0180\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-9517\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-9363\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"kernel-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-core-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-debug-core-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-debug-modules-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-doc-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-modules-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"perf-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"python-perf-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\",\n \"python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.19.442.g2d10a8b.lite\"\n ],\n \"CGSL MAIN 5.04\": [\n \"kernel-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-debug-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-doc-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"perf-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"python-perf-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\",\n \"python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.19.439.g1a42508\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:31:03", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected by multiple vulnerabilities:\n\n - A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest. (CVE-2018-10853)\n\n - A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel- memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.\n (CVE-2018-14625)\n\n - drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free). (CVE-2018-14734)\n\n - arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. (CVE-2018-15594)\n\n - A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.\n (CVE-2018-16871)\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem.\n NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back- channel IDs and cause a use-after-free vulnerability.\n Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2018-16884)\n\n - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\n - In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed.\n User interaction is not needed for exploitation.\n Product: Android Versions: Android kernel Android ID:\n A-65853588 References: Upstream kernel. (CVE-2018-9363)\n\n - In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n Product: Android. Versions: Android kernel. Android ID:\n A-38159931. (CVE-2018-9517)\n\n - Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.\n (CVE-2019-11085)\n\n - The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (CVE-2019-11599)\n\n - An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.\n (CVE-2019-11810)\n\n - An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)\n\n - fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (CVE-2019-11833)\n\n - A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. (CVE-2019-3459)\n\n - A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. (CVE-2019-3460)\n\n - A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable. (CVE-2019-3882)\n\n - An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario. (CVE-2019-3900)\n\n - The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.\n (CVE-2019-5489)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-10-15T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0183)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10853", "CVE-2018-14625", "CVE-2018-14734", "CVE-2018-15594", "CVE-2018-16871", "CVE-2018-16884", "CVE-2018-18281", "CVE-2018-9363", "CVE-2018-9517", "CVE-2019-11085", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-11811", "CVE-2019-11833", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3882", "CVE-2019-3900", "CVE-2019-5489"], "modified": "2022-12-05T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0183_KERNEL-RT.NASL", "href": "https://www.tenable.com/plugins/nessus/129920", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0183. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129920);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-9363\",\n \"CVE-2018-9517\",\n \"CVE-2018-10853\",\n \"CVE-2018-14625\",\n \"CVE-2018-14734\",\n \"CVE-2018-15594\",\n \"CVE-2018-16871\",\n \"CVE-2018-16884\",\n \"CVE-2018-18281\",\n \"CVE-2019-3459\",\n \"CVE-2019-3460\",\n \"CVE-2019-3882\",\n \"CVE-2019-3900\",\n \"CVE-2019-5489\",\n \"CVE-2019-11085\",\n \"CVE-2019-11599\",\n \"CVE-2019-11810\",\n \"CVE-2019-11811\",\n \"CVE-2019-11833\"\n );\n script_bugtraq_id(105761, 106503, 108113);\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0183)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected\nby multiple vulnerabilities:\n\n - A flaw was found in the way Linux kernel KVM hypervisor\n before 4.18 emulated instructions such as\n sgdt/sidt/fxsave/fxrstor. It did not check current\n privilege(CPL) level while emulating unprivileged\n instructions. An unprivileged guest user/process could\n use this flaw to potentially escalate privileges inside\n guest. (CVE-2018-10853)\n\n - A flaw was found in the Linux Kernel where an attacker\n may be able to have an uncontrolled read to kernel-\n memory from within a vm guest. A race condition between\n connect() and close() function may allow an attacker\n using the AF_VSOCK protocol to gather a 4 byte\n information leak or possibly intercept or corrupt\n AF_VSOCK messages destined to other clients.\n (CVE-2018-14625)\n\n - drivers/infiniband/core/ucma.c in the Linux kernel\n through 4.17.11 allows ucma_leave_multicast to access a\n certain data structure after a cleanup step in\n ucma_process_join, which allows attackers to cause a\n denial of service (use-after-free). (CVE-2018-14734)\n\n - arch/x86/kernel/paravirt.c in the Linux kernel before\n 4.18.1 mishandles certain indirect calls, which makes it\n easier for attackers to conduct Spectre-v2 attacks\n against paravirtual guests. (CVE-2018-15594)\n\n - A flaw was found in the Linux kernel's NFS\n implementation, all versions 3.x and all versions 4.x up\n to 4.20. An attacker, who is able to mount an exported\n NFS filesystem, is able to trigger a null pointer\n dereference by using an invalid NFS sequence. This can\n panic the machine and deny access to the NFS server. Any\n outstanding disk writes to the NFS server will be lost.\n (CVE-2018-16871)\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem.\n NFS41+ shares mounted in different network namespaces at\n the same time can make bc_svc_process() use wrong back-\n channel IDs and cause a use-after-free vulnerability.\n Thus a malicious container user can cause a host kernel\n memory corruption and a system panic. Due to the nature\n of the flaw, privilege escalation cannot be fully ruled\n out. (CVE-2018-16884)\n\n - Since Linux kernel version 3.2, the mremap() syscall\n performs TLB flushes after dropping pagetable locks. If\n a syscall such as ftruncate() removes entries from the\n pagetables of a task that is in the middle of mremap(),\n a stale TLB entry can remain for a short time that\n permits access to a physical page after it has been\n released back to the page allocator and reused. This is\n fixed in the following kernel versions: 4.9.135,\n 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\n - In the hidp_process_report in bluetooth, there is an\n integer overflow. This could lead to an out of bounds\n write with no additional execution privileges needed.\n User interaction is not needed for exploitation.\n Product: Android Versions: Android kernel Android ID:\n A-65853588 References: Upstream kernel. (CVE-2018-9363)\n\n - In pppol2tp_connect, there is possible memory corruption\n due to a use after free. This could lead to local\n escalation of privilege with System execution privileges\n needed. User interaction is not needed for exploitation.\n Product: Android. Versions: Android kernel. Android ID:\n A-38159931. (CVE-2018-9517)\n\n - Insufficient input validation in Kernel Mode Driver in\n Intel(R) i915 Graphics for Linux before version 5.0 may\n allow an authenticated user to potentially enable\n escalation of privilege via local access.\n (CVE-2019-11085)\n\n - The coredump implementation in the Linux kernel before\n 5.0.10 does not use locking or other mechanisms to\n prevent vma layout or vma flags changes while it runs,\n which allows local users to obtain sensitive\n information, cause a denial of service, or possibly have\n unspecified other impact by triggering a race condition\n with mmget_not_zero or get_task_mm calls. This is\n related to fs/userfaultfd.c, mm/mmap.c,\n fs/proc/task_mmu.c, and\n drivers/infiniband/core/uverbs_main.c. (CVE-2019-11599)\n\n - An issue was discovered in the Linux kernel before\n 5.0.7. A NULL pointer dereference can occur when\n megasas_create_frame_pool() fails in\n megasas_alloc_cmds() in\n drivers/scsi/megaraid/megaraid_sas_base.c. This causes a\n Denial of Service, related to a use-after-free.\n (CVE-2019-11810)\n\n - An issue was discovered in the Linux kernel before\n 5.0.4. There is a use-after-free upon attempted read\n access to /proc/ioports after the ipmi_si module is\n removed, related to drivers/char/ipmi/ipmi_si_intf.c,\n drivers/char/ipmi/ipmi_si_mem_io.c, and\n drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)\n\n - fs/ext4/extents.c in the Linux kernel through 5.1.2 does\n not zero out the unused memory region in the extent tree\n block, which might allow local users to obtain sensitive\n information by reading uninitialized data in the\n filesystem. (CVE-2019-11833)\n\n - A heap address information leak while using\n L2CAP_GET_CONF_OPT was discovered in the Linux kernel\n before 5.1-rc1. (CVE-2019-3459)\n\n - A heap data infoleak in multiple locations including\n L2CAP_PARSE_CONF_RSP was found in the Linux kernel\n before 5.1-rc1. (CVE-2019-3460)\n\n - A flaw was found in the Linux kernel's vfio interface\n implementation that permits violation of the user's\n locked memory limit. If a device is bound to a vfio\n driver, such as vfio-pci, and the local attacker is\n administratively granted ownership of the device, it may\n cause a system memory exhaustion and thus a denial of\n service (DoS). Versions 3.10, 4.14 and 4.18 are\n vulnerable. (CVE-2019-3882)\n\n - An infinite loop issue was found in the vhost_net kernel\n module in Linux Kernel up to and including v5.1-rc6,\n while handling incoming packets in handle_rx(). It could\n occur if one end sends packets faster than the other end\n can process them. A guest user, maybe remote one, could\n use this flaw to stall the vhost_net kernel thread,\n resulting in a DoS scenario. (CVE-2019-3900)\n\n - The mincore() implementation in mm/mincore.c in the\n Linux kernel through 4.19.13 allowed local attackers to\n observe page cache access patterns of other processes on\n the same system, potentially allowing sniffing of secret\n information. (Fixing this affects the output of the\n fincore program.) Limited remote exploitation may be\n possible, as demonstrated by latency differences in\n accessing public files from an Apache HTTP Server.\n (CVE-2019-5489)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0183\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel-rt packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-9517\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-9363\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"kernel-rt-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debug-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debug-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debug-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debug-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debug-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debuginfo-common-x86_64-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-doc-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-trace-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-trace-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-trace-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-trace-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-trace-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\"\n ],\n \"CGSL MAIN 5.04\": [\n \"kernel-rt-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debug-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debug-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debug-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debug-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debug-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-debuginfo-common-x86_64-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-doc-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-trace-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-trace-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-trace-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-trace-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\",\n \"kernel-rt-trace-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.17.285.g1303b03\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:29:23", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc. Security Fix(es):A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.(CVE-2018-16871)An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace.(CVE-2018-20855)An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled.(CVE-2018-20856)The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel address disclosure), leading to a KASLR bypass.\n Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable in 4.1 because IP ID generation was changed to have a dependency on an address associated with a network namespace.(CVE-2019-10639)** DISPUTED ** An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This has been disputed as not an issue.(CVE-2019-12378)**DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because ?All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it.?.(CVE-2019-12380)** DISPUTED ** An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: this is disputed because new_ra is never used if it is NULL.(CVE-2019-12381)** DISPUTED ** An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel through 5.1.5. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a 'double fetch' vulnerability. NOTE: a third party reports that this is unexploitable because the doubly fetched value is not used.(CVE-2019-12456)An issue was discovered in the Linux kernel before 4.20.15. The nfc_llcp_build_tlv function in netfc/llcp_commands.c may return NULL. If the caller does not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in netfc/llcp_core.c.(CVE-2019-12818)An issue was discovered in the Linux kernel before 5.0. The function\n __mdiobus_register() in driverset/phy/mdio_bus.c calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free. This will cause a denial of service.(CVE-2019-12819)A NULL pointer dereference vulnerability in the function nfc_genl_deactivate_target() in netfcetlink.c in the Linux kernel before 5.1.13 can be triggered by a malicious user-mode program that omits certain NFC attributes, leading to denial of service.(CVE-2019-12984)In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE:\n SELinux deny_ptrace might be a usable workaround in some environments.(CVE-2019-13272)In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages.(CVE-2019-13631)In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c.(CVE-2019-13648)In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default.(CVE-2019-14283)In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default.(CVE-2019-14284)In the Linux kernel before 4.16.4, a double-locking error in drivers/usb/dwc3/gadget.c may potentially cause a deadlock with f_hid.(CVE-2019-14763)An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c does not properly allocate memory.(CVE-2019-15211)An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c.(CVE-2019-15292)A flaw was found in the way the sit_init_net function in the Linux kernel handled resource cleanup on errors. This flaw allows an attacker to use the error conditions to crash the system.(CVE-2019-16994)Note:\n kernel-4.19.36-vhulk1907.1.0.h529 and earlier versions in EulerOS Virtualization for ARM 64 3.0.2.0 return incorrect time information when executing the uname -a command.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-09-17T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2019-1926)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16871", "CVE-2018-20855", "CVE-2018-20856", "CVE-2019-10639", "CVE-2019-12378", "CVE-2019-12380", "CVE-2019-12381", "CVE-2019-12456", "CVE-2019-12818", "CVE-2019-12819", "CVE-2019-12984", "CVE-2019-13272", "CVE-2019-13631", "CVE-2019-13648", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-14763", "CVE-2019-15211", "CVE-2019-15292", "CVE-2019-16994"], "modified": "2023-01-20T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2019-1926.NASL", "href": "https://www.tenable.com/plugins/nessus/128929", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128929);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/20\");\n\n script_cve_id(\n \"CVE-2018-16871\",\n \"CVE-2018-20855\",\n \"CVE-2018-20856\",\n \"CVE-2019-10639\",\n \"CVE-2019-12378\",\n \"CVE-2019-12380\",\n \"CVE-2019-12381\",\n \"CVE-2019-12456\",\n \"CVE-2019-12818\",\n \"CVE-2019-12819\",\n \"CVE-2019-12984\",\n \"CVE-2019-13272\",\n \"CVE-2019-13631\",\n \"CVE-2019-13648\",\n \"CVE-2019-14283\",\n \"CVE-2019-14284\",\n \"CVE-2019-14763\",\n \"CVE-2019-15211\",\n \"CVE-2019-15292\",\n \"CVE-2019-16994\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/10\");\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2019-1926)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc. Security Fix(es):A flaw was found in the\n Linux kernel's NFS implementation, all versions 3.x and\n all versions 4.x up to 4.20. An attacker, who is able\n to mount an exported NFS filesystem, is able to trigger\n a null pointer dereference by using an invalid NFS\n sequence. This can panic the machine and deny access to\n the NFS server. Any outstanding disk writes to the NFS\n server will be lost.(CVE-2018-16871)An issue was\n discovered in the Linux kernel before 4.18.7. In\n create_qp_common in drivers/infiniband/hw/mlx5/qp.c,\n mlx5_ib_create_qp_resp was never initialized, resulting\n in a leak of stack memory to\n userspace.(CVE-2018-20855)An issue was discovered in\n the Linux kernel before 4.18.7. In block/blk-core.c,\n there is an __blk_drain_queue() use-after-free because\n a certain error case is mishandled.(CVE-2018-20856)The\n Linux kernel 4.x (starting from 4.1) and 5.x before\n 5.0.8 allows Information Exposure (partial kernel\n address disclosure), leading to a KASLR bypass.\n Specifically, it is possible to extract the KASLR\n kernel image offset using the IP ID values the kernel\n produces for connection-less protocols (e.g., UDP and\n ICMP). When such traffic is sent to multiple\n destination IP addresses, it is possible to obtain hash\n collisions (of indices to the counter array) and\n thereby obtain the hashing key (via enumeration). This\n key contains enough bits from a kernel address (of a\n static variable) so when the key is extracted (via\n enumeration), the offset of the kernel image is\n exposed. This attack can be carried out remotely, by\n the attacker forcing the target device to send UDP or\n ICMP (or certain other) traffic to attacker-controlled\n IP addresses. Forcing a server to send UDP traffic is\n trivial if the server is a DNS server. ICMP traffic is\n trivial if the server answers ICMP Echo requests\n (ping). For client targets, if the target visits the\n attacker's web page, then WebRTC or gQUIC can be used\n to force UDP traffic to attacker-controlled IP\n addresses. NOTE: this attack against KASLR became\n viable in 4.1 because IP ID generation was changed to\n have a dependency on an address associated with a\n network namespace.(CVE-2019-10639)** DISPUTED ** An\n issue was discovered in ip6_ra_control in\n net/ipv6/ipv6_sockglue.c in the Linux kernel through\n 5.1.5. There is an unchecked kmalloc of new_ra, which\n might allow an attacker to cause a denial of service\n (NULL pointer dereference and system crash). NOTE: This\n has been disputed as not an\n issue.(CVE-2019-12378)**DISPUTED** An issue was\n discovered in the efi subsystem in the Linux kernel\n through 5.1.5. phys_efi_set_virtual_address_map in\n arch/x86/platform/efi/efi.c and efi_call_phys_prolog in\n arch/x86/platform/efi/efi_64.c mishandle memory\n allocation failures. NOTE: This id is disputed as not\n being an issue because ?All the code touched by the\n referenced commit runs only at boot, before any user\n processes are started. Therefore, there is no\n possibility for an unprivileged user to control\n it.?.(CVE-2019-12380)** DISPUTED ** An issue was\n discovered in ip_ra_control in net/ipv4/ip_sockglue.c\n in the Linux kernel through 5.1.5. There is an\n unchecked kmalloc of new_ra, which might allow an\n attacker to cause a denial of service (NULL pointer\n dereference and system crash). NOTE: this is disputed\n because new_ra is never used if it is\n NULL.(CVE-2019-12381)** DISPUTED ** An issue was\n discovered in the MPT3COMMAND case in _ctl_ioctl_main\n in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux\n kernel through 5.1.5. It allows local users to cause a\n denial of service or possibly have unspecified other\n impact by changing the value of ioc_number between two\n kernel reads of that value, aka a 'double fetch'\n vulnerability. NOTE: a third party reports that this is\n unexploitable because the doubly fetched value is not\n used.(CVE-2019-12456)An issue was discovered in the\n Linux kernel before 4.20.15. The nfc_llcp_build_tlv\n function in netfc/llcp_commands.c may return NULL. If\n the caller does not check for this, it will trigger a\n NULL pointer dereference. This will cause denial of\n service. This affects nfc_llcp_build_gb in\n netfc/llcp_core.c.(CVE-2019-12818)An issue was\n discovered in the Linux kernel before 5.0. The function\n __mdiobus_register() in driverset/phy/mdio_bus.c calls\n put_device(), which will trigger a fixed_mdio_bus_init\n use-after-free. This will cause a denial of\n service.(CVE-2019-12819)A NULL pointer dereference\n vulnerability in the function\n nfc_genl_deactivate_target() in netfcetlink.c in the\n Linux kernel before 5.1.13 can be triggered by a\n malicious user-mode program that omits certain NFC\n attributes, leading to denial of\n service.(CVE-2019-12984)In the Linux kernel before\n 5.1.17, ptrace_link in kernel/ptrace.c mishandles the\n recording of the credentials of a process that wants to\n create a ptrace relationship, which allows local users\n to obtain root access by leveraging certain scenarios\n with a parent-child process relationship, where a\n parent drops privileges and calls execve (potentially\n allowing control by an attacker). One contributing\n factor is an object lifetime issue (which can also\n cause a panic). Another contributing factor is\n incorrect marking of a ptrace relationship as\n privileged, which is exploitable through (for example)\n Polkit's pkexec helper with PTRACE_TRACEME. NOTE:\n SELinux deny_ptrace might be a usable workaround in\n some environments.(CVE-2019-13272)In\n parse_hid_report_descriptor in\n drivers/input/tablet/gtco.c in the Linux kernel through\n 5.2.1, a malicious USB device can send an HID report\n that triggers an out-of-bounds write during generation\n of debugging messages.(CVE-2019-13631)In the Linux\n kernel through 5.2.1 on the powerpc platform, when\n hardware transactional memory is disabled, a local user\n can cause a denial of service (TM Bad Thing exception\n and system crash) via a sigreturn() system call that\n sends a crafted signal frame. This affects\n arch/powerpc/kernel/signal_32.c and\n arch/powerpc/kernel/signal_64.c.(CVE-2019-13648)In the\n Linux kernel before 5.2.3, set_geometry in\n drivers/block/floppy.c does not validate the sect and\n head fields, as demonstrated by an integer overflow and\n out-of-bounds read. It can be triggered by an\n unprivileged local user when a floppy disk has been\n inserted. NOTE: QEMU creates the floppy device by\n default.(CVE-2019-14283)In the Linux kernel before\n 5.2.3, drivers/block/floppy.c allows a denial of\n service by setup_format_params division-by-zero. Two\n consecutive ioctls can trigger the bug: the first one\n should set the drive geometry with .sect and .rate\n values that make F_SECT_PER_TRACK be zero. Next, the\n floppy format operation should be called. It can be\n triggered by an unprivileged local user even when a\n floppy disk has not been inserted. NOTE: QEMU creates\n the floppy device by default.(CVE-2019-14284)In the\n Linux kernel before 4.16.4, a double-locking error in\n drivers/usb/dwc3/gadget.c may potentially cause a\n deadlock with f_hid.(CVE-2019-14763)An issue was\n discovered in the Linux kernel before 5.2.6. There is a\n use-after-free caused by a malicious USB device in the\n drivers/media/v4l2-core/v4l2-dev.c driver because\n drivers/media/radio/radio-raremono.c does not properly\n allocate memory.(CVE-2019-15211)An issue was discovered\n in the Linux kernel before 5.0.9. There is a\n use-after-free in atalk_proc_exit, related to\n net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and\n net/appletalk/sysctl_net_atalk.c.(CVE-2019-15292)A flaw\n was found in the way the sit_init_net function in the\n Linux kernel handled resource cleanup on errors. This\n flaw allows an attacker to use the error conditions to\n crash the system.(CVE-2019-16994)Note:\n kernel-4.19.36-vhulk1907.1.0.h529 and earlier versions\n in EulerOS Virtualization for ARM 64 3.0.2.0 return\n incorrect time information when executing the uname -a\n command.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1926\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9f4a8b79\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15292\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Polkit pkexec helper PTRACE_TRACEME local root exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.36-vhulk1907.1.0.h420\",\n \"kernel-devel-4.19.36-vhulk1907.1.0.h420\",\n \"kernel-headers-4.19.36-vhulk1907.1.0.h420\",\n \"kernel-tools-4.19.36-vhulk1907.1.0.h420\",\n \"kernel-tools-libs-4.19.36-vhulk1907.1.0.h420\",\n \"kernel-tools-libs-devel-4.19.36-vhulk1907.1.0.h420\",\n \"perf-4.19.36-vhulk1907.1.0.h420\",\n \"python-perf-4.19.36-vhulk1907.1.0.h420\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-24T16:02:33", "description": "The version of AOS installed on the remote host is prior to 5.10.10. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.10.10 advisory.\n\n - A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost. (CVE-2018-16871)\n\n - A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable. (CVE-2018-16881)\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after- free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2018-16884)\n\n - Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.\n (CVE-2019-11085)\n\n - An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)\n\n - In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a sudo -u \\#$((0xffffffff)) command. (CVE-2019-14287)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking).\n Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2019-2945)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2019-2949)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2019-2962)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency).\n Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. (CVE-2019-2964)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2019-2973, CVE-2019-2981)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2019-2975)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking).\n Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2019-2978)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).\n Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2019-2983)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note:\n This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2019-2987)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2019-2988, CVE-2019-2992)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking).\n Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2019-2989)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2019-2999)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-01T00:00:00", "type": "nessus", "title": "Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.10.10)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16871", "CVE-2018-16881", "CVE-2018-16884", "CVE-2019-11085", "CVE-2019-11811", "CVE-2019-14287", "CVE-2019-2945", "CVE-2019-2949", "CVE-2019-2962", "CVE-2019-2964", "CVE-2019-2973", "CVE-2019-2975", "CVE-2019-2978", "CVE-2019-2981", "CVE-2019-2983", "CVE-2019-2987", "CVE-2019-2988", "CVE-2019-2989", "CVE-2019-2992", "CVE-2019-2999"], "modified": "2023-02-23T00:00:00", "cpe": ["cpe:/o:nutanix:aos"], "id": "NUTANIX_NXSA-AOS-5_10_10.NASL", "href": "https://www.tenable.com/plugins/nessus/164585", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164585);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/23\");\n\n script_cve_id(\n \"CVE-2018-16871\",\n \"CVE-2018-16881\",\n \"CVE-2018-16884\",\n \"CVE-2019-2945\",\n \"CVE-2019-2949\",\n \"CVE-2019-2962\",\n \"CVE-2019-2964\",\n \"CVE-2019-2973\",\n \"CVE-2019-2975\",\n \"CVE-2019-2978\",\n \"CVE-2019-2981\",\n \"CVE-2019-2983\",\n \"CVE-2019-2987\",\n \"CVE-2019-2988\",\n \"CVE-2019-2989\",\n \"CVE-2019-2992\",\n \"CVE-2019-2999\",\n \"CVE-2019-11085\",\n \"CVE-2019-11811\",\n \"CVE-2019-14287\"\n );\n\n script_name(english:\"Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.10.10)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Nutanix AOS host is affected by multiple vulnerabilities .\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of AOS installed on the remote host is prior to 5.10.10. It is, therefore, affected by multiple\nvulnerabilities as referenced in the NXSA-AOS-5.10.10 advisory.\n\n - A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to\n 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer\n dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS\n server. Any outstanding disk writes to the NFS server will be lost. (CVE-2018-16871)\n\n - A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a\n specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0\n are vulnerable. (CVE-2018-16881)\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network\n namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-\n free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system\n panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2018-16884)\n\n - Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0\n may allow an authenticated user to potentially enable escalation of privilege via local access.\n (CVE-2019-11085)\n\n - An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read\n access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c,\n drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)\n\n - In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy\n blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user\n ID. For example, this allows bypass of !root configuration, and USER= logging, for a sudo -u\n \\#$((0xffffffff)) command. (CVE-2019-14287)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking).\n Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a\n person other than the attacker. Successful attacks of this vulnerability can result in unauthorized\n ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This\n vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that\n comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to\n Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an\n administrator). (CVE-2019-2945)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported\n versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java\n SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly\n impact additional products. Successful attacks of this vulnerability can result in unauthorized access to\n critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This\n vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that\n comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the\n APIs. (CVE-2019-2949)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported\n versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This\n vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that\n comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the\n APIs. (CVE-2019-2962)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency).\n Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component\n without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web\n service. (CVE-2019-2964)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported\n versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This\n vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that\n comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the\n APIs. (CVE-2019-2973, CVE-2019-2981)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported\n versions that are affected are Java SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n update, insert or delete access to some of Java SE, Java SE Embedded accessible data and unauthorized\n ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This\n vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that\n comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the\n APIs. (CVE-2019-2975)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking).\n Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web\n Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code\n that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the\n APIs. (CVE-2019-2978)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).\n Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web\n Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code\n that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the\n APIs. (CVE-2019-2983)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are\n affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker\n with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note:\n This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that\n comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the\n APIs. (CVE-2019-2987)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported\n versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This\n vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that\n comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to\n Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an\n administrator). (CVE-2019-2988, CVE-2019-2992)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking).\n Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE\n Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability\n can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java\n SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients\n running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run\n untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This\n vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service\n which supplies data to the APIs. (CVE-2019-2989)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are\n affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows\n unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful\n attacks require human interaction from a person other than the attacker and while the vulnerability is in\n Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability\n can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as\n unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java\n deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets\n (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the\n Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers,\n that load and run only trusted code (e.g., code installed by an administrator). (CVE-2019-2999)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://portal.nutanix.com/page/documents/security-advisories/release-advisories/details?id=NXSA-AOS-5.10.10\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?020232b4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the Nutanix AOS software to recommended version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14287\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:nutanix:aos\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nutanix_collect.nasl\");\n script_require_keys(\"Host/Nutanix/Data/lts\", \"Host/Nutanix/Data/Service\", \"Host/Nutanix/Data/Version\", \"Host/Nutanix/Data/arch\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::nutanix::get_app_info();\n\nvar constraints = [\n { 'fixed_version' : '5.10.10', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 5.10.10 or higher.', 'lts' : TRUE },\n { 'fixed_version' : '5.10.10', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 5.10.10 or higher.', 'lts' : TRUE }\n];\n\nvcf::nutanix::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-24T16:01:35", "description": "The version of AOS installed on the remote host is prior to 5.11.2.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.11.2.1 advisory.\n\n - A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost. (CVE-2018-16871)\n\n - A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable. (CVE-2018-16881)\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after- free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2018-16884)\n\n - Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.\n (CVE-2019-11085)\n\n - An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)\n\n - In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a sudo -u \\#$((0xffffffff)) command. (CVE-2019-14287)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking).\n Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2019-2945)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2019-2949)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2019-2962)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency).\n Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. (CVE-2019-2964)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2019-2973, CVE-2019-2981)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2019-2975)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking).\n Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2019-2978)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).\n Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2019-2983)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note:\n This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2019-2987)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2019-2988, CVE-2019-2992)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking).\n Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. (CVE-2019-2989)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2019-2999)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-01T00:00:00", "type": "nessus", "title": "Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.11.2.1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16871", "CVE-2018-16881", "CVE-2018-16884", "CVE-2019-11085", "CVE-2019-11811", "CVE-2019-14287", "CVE-2019-2945", "CVE-2019-2949", "CVE-2019-2962", "CVE-2019-2964", "CVE-2019-2973", "CVE-2019-2975", "CVE-2019-2978", "CVE-2019-2981", "CVE-2019-2983", "CVE-2019-2987", "CVE-2019-2988", "CVE-2019-2989", "CVE-2019-2992", "CVE-2019-2999"], "modified": "2023-02-23T00:00:00", "cpe": ["cpe:/o:nutanix:aos"], "id": "NUTANIX_NXSA-AOS-5_11_2_1.NASL", "href": "https://www.tenable.com/plugins/nessus/164598", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164598);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/23\");\n\n script_cve_id(\n \"CVE-2018-16871\",\n \"CVE-2018-16881\",\n \"CVE-2018-16884\",\n \"CVE-2019-2945\",\n \"CVE-2019-2949\",\n \"CVE-2019-2962\",\n \"CVE-2019-2964\",\n \"CVE-2019-2973\",\n \"CVE-2019-2975\",\n \"CVE-2019-2978\",\n \"CVE-2019-2981\",\n \"CVE-2019-2983\",\n \"CVE-2019-2987\",\n \"CVE-2019-2988\",\n \"CVE-2019-2989\",\n \"CVE-2019-2992\",\n \"CVE-2019-2999\",\n \"CVE-2019-11085\",\n \"CVE-2019-11811\",\n \"CVE-2019-14287\"\n );\n\n script_name(english:\"Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.11.2.1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Nutanix AOS host is affected by multiple vulnerabilities .\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of AOS installed on the remote host is prior to 5.11.2.1. It is, therefore, affected by multiple\nvulnerabilities as referenced in the NXSA-AOS-5.11.2.1 advisory.\n\n - A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to\n 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer\n dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS\n server. Any outstanding disk writes to the NFS server will be lost. (CVE-2018-16871)\n\n - A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a\n specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0\n are vulnerable. (CVE-2018-16881)\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network\n namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-\n free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system\n panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2018-16884)\n\n - Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0\n may allow an authenticated user to potentially enable escalation of privilege via local access.\n (CVE-2019-11085)\n\n - An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read\n access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c,\n drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)\n\n - In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy\n blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user\n ID. For example, this allows bypass of !root configuration, and USER= logging, for a sudo -u\n \\#$((0xffffffff)) command. (CVE-2019-14287)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking).\n Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a\n person other than the attacker. Successful attacks of this vulnerability can result in unauthorized\n ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This\n vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that\n comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to\n Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an\n administrator). (CVE-2019-2945)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported\n versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java\n SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly\n impact additional products. Successful attacks of this vulnerability can result in unauthorized access to\n critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This\n vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that\n comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the\n APIs. (CVE-2019-2949)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported\n versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This\n vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that\n comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the\n APIs. (CVE-2019-2962)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency).\n Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component\n without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web\n service. (CVE-2019-2964)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported\n versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This\n vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that\n comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the\n APIs. (CVE-2019-2973, CVE-2019-2981)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported\n versions that are affected are Java SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n update, insert or delete access to some of Java SE, Java SE Embedded accessible data and unauthorized\n ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This\n vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that\n comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the\n APIs. (CVE-2019-2975)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking).\n Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web\n Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code\n that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the\n APIs. (CVE-2019-2978)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).\n Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web\n Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code\n that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the\n APIs. (CVE-2019-2983)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are\n affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker\n with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note:\n This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that\n comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be\n exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the\n APIs. (CVE-2019-2987)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported\n versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This\n vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that\n comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to\n Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an\n administrator). (CVE-2019-2988, CVE-2019-2992)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking).\n Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE\n Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability\n can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java\n SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients\n running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run\n untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This\n vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service\n which supplies data to the APIs. (CVE-2019-2989)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are\n affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows\n unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful\n attacks require human interaction from a person other than the attacker and while the vulnerability is in\n Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability\n can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as\n unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java\n deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets\n (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the\n Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers,\n that load and run only trusted code (e.g., code installed by an administrator). (CVE-2019-2999)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://portal.nutanix.com/page/documents/security-advisories/release-advisories/details?id=NXSA-AOS-5.11.2.1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c2a123d2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the Nutanix AOS software to recommended version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14287\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:nutanix:aos\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nutanix_collect.nasl\");\n script_require_keys(\"Host/Nutanix/Data/lts\", \"Host/Nutanix/Data/Service\", \"Host/Nutanix/Data/Version\", \"Host/Nutanix/Data/arch\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::nutanix::get_app_info();\n\nvar constraints = [\n { 'fixed_version' : '5.11.2.1', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 5.11.2.1 or higher.', 'lts' : FALSE },\n { 'fixed_version' : '5.11.2.1', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 5.11.2.1 or higher.', 'lts' : FALSE }\n];\n\nvcf::nutanix::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:33:33", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel-rt packages installed that are affected by multiple vulnerabilities:\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem.\n NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back- channel IDs and cause a use-after-free vulnerability.\n Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2018-16884)\n\n - Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.\n (CVE-2019-11085)\n\n - A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.\n (CVE-2018-16871)\n\n - An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)\n\n - A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest. (CVE-2018-10853)\n\n - A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel- memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.\n (CVE-2018-14625)\n\n - drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free). (CVE-2018-14734)\n\n - arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. (CVE-2018-15594)\n\n - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\n - An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an\n __blk_drain_queue() use-after-free because a certain error case is mishandled. (CVE-2018-20856)\n\n - In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed.\n User interaction is not needed for exploitation.\n Product: Android Versions: Android kernel Android ID:\n A-65853588 References: Upstream kernel. (CVE-2018-9363)\n\n - In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n Product: Android. Versions: Android kernel. Android ID:\n A-38159931. (CVE-2018-9517)\n\n - A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.\n (CVE-2019-10126)\n\n - An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)\n\n - The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (CVE-2019-11599)\n\n - An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.\n (CVE-2019-11810)\n\n - fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (CVE-2019-11833)\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. (CVE-2019-14821)\n\n - A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835)\n\n - A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. (CVE-2019-3459)\n\n - A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. (CVE-2019-3460)\n\n - A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (CVE-2019-3846)\n\n - A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable. (CVE-2019-3882)\n\n - An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario. (CVE-2019-3900)\n\n - The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.\n (CVE-2019-5489)\n\n - The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute- force attacks (aka KNOB) that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.\n (CVE-2019-9506)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-12-31T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0253)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10853", "CVE-2018-14625", "CVE-2018-14734", "CVE-2018-15594", "CVE-2018-16871", "CVE-2018-16884", "CVE-2018-18281", "CVE-2018-20856", "CVE-2018-9363", "CVE-2018-9517", "CVE-2019-10126", "CVE-2019-1071", "CVE-2019-1073", "CVE-2019-11085", "CVE-2019-1125", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-11811", "CVE-2019-11833", "CVE-2019-14821", "CVE-2019-14835", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3846", "CVE-2019-3882", "CVE-2019-3900", "CVE-2019-5489", "CVE-2019-9506"], "modified": "2022-12-05T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0253_KERNEL-RT.NASL", "href": "https://www.tenable.com/plugins/nessus/132495", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0253. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132495);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-9363\",\n \"CVE-2018-9517\",\n \"CVE-2018-10853\",\n \"CVE-2018-14625\",\n \"CVE-2018-14734\",\n \"CVE-2018-15594\",\n \"CVE-2018-16871\",\n \"CVE-2018-16884\",\n \"CVE-2018-18281\",\n \"CVE-2018-20856\",\n \"CVE-2019-1125\",\n \"CVE-2019-3459\",\n \"CVE-2019-3460\",\n \"CVE-2019-3846\",\n \"CVE-2019-3882\",\n \"CVE-2019-3900\",\n \"CVE-2019-5489\",\n \"CVE-2019-9506\",\n \"CVE-2019-10126\",\n \"CVE-2019-11085\",\n \"CVE-2019-11599\",\n \"CVE-2019-11810\",\n \"CVE-2019-11811\",\n \"CVE-2019-11833\",\n \"CVE-2019-14821\",\n \"CVE-2019-14835\"\n );\n script_bugtraq_id(\n 105120,\n 105761,\n 106253,\n 106478,\n 106565,\n 107782,\n 107910,\n 108076,\n 108113,\n 108286,\n 108372,\n 108410,\n 108488,\n 108521,\n 108547,\n 108817\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0253)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel-rt packages installed that are affected\nby multiple vulnerabilities:\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem.\n NFS41+ shares mounted in different network namespaces at\n the same time can make bc_svc_process() use wrong back-\n channel IDs and cause a use-after-free vulnerability.\n Thus a malicious container user can cause a host kernel\n memory corruption and a system panic. Due to the nature\n of the flaw, privilege escalation cannot be fully ruled\n out. (CVE-2018-16884)\n\n - Insufficient input validation in Kernel Mode Driver in\n Intel(R) i915 Graphics for Linux before version 5.0 may\n allow an authenticated user to potentially enable\n escalation of privilege via local access.\n (CVE-2019-11085)\n\n - A flaw was found in the Linux kernel's NFS\n implementation, all versions 3.x and all versions 4.x up\n to 4.20. An attacker, who is able to mount an exported\n NFS filesystem, is able to trigger a null pointer\n dereference by using an invalid NFS sequence. This can\n panic the machine and deny access to the NFS server. Any\n outstanding disk writes to the NFS server will be lost.\n (CVE-2018-16871)\n\n - An issue was discovered in the Linux kernel before\n 5.0.4. There is a use-after-free upon attempted read\n access to /proc/ioports after the ipmi_si module is\n removed, related to drivers/char/ipmi/ipmi_si_intf.c,\n drivers/char/ipmi/ipmi_si_mem_io.c, and\n drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)\n\n - A flaw was found in the way Linux kernel KVM hypervisor\n before 4.18 emulated instructions such as\n sgdt/sidt/fxsave/fxrstor. It did not check current\n privilege(CPL) level while emulating unprivileged\n instructions. An unprivileged guest user/process could\n use this flaw to potentially escalate privileges inside\n guest. (CVE-2018-10853)\n\n - A flaw was found in the Linux Kernel where an attacker\n may be able to have an uncontrolled read to kernel-\n memory from within a vm guest. A race condition between\n connect() and close() function may allow an attacker\n using the AF_VSOCK protocol to gather a 4 byte\n information leak or possibly intercept or corrupt\n AF_VSOCK messages destined to other clients.\n (CVE-2018-14625)\n\n - drivers/infiniband/core/ucma.c in the Linux kernel\n through 4.17.11 allows ucma_leave_multicast to access a\n certain data structure after a cleanup step in\n ucma_process_join, which allows attackers to cause a\n denial of service (use-after-free). (CVE-2018-14734)\n\n - arch/x86/kernel/paravirt.c in the Linux kernel before\n 4.18.1 mishandles certain indirect calls, which makes it\n easier for attackers to conduct Spectre-v2 attacks\n against paravirtual guests. (CVE-2018-15594)\n\n - Since Linux kernel version 3.2, the mremap() syscall\n performs TLB flushes after dropping pagetable locks. If\n a syscall such as ftruncate() removes entries from the\n pagetables of a task that is in the middle of mremap(),\n a stale TLB entry can remain for a short time that\n permits access to a physical page after it has been\n released back to the page allocator and reused. This is\n fixed in the following kernel versions: 4.9.135,\n 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\n - An issue was discovered in the Linux kernel before\n 4.18.7. In block/blk-core.c, there is an\n __blk_drain_queue() use-after-free because a certain\n error case is mishandled. (CVE-2018-20856)\n\n - In the hidp_process_report in bluetooth, there is an\n integer overflow. This could lead to an out of bounds\n write with no additional execution privileges needed.\n User interaction is not needed for exploitation.\n Product: Android Versions: Android kernel Android ID:\n A-65853588 References: Upstream kernel. (CVE-2018-9363)\n\n - In pppol2tp_connect, there is possible memory corruption\n due to a use after free. This could lead to local\n escalation of privilege with System execution privileges\n needed. User interaction is not needed for exploitation.\n Product: Android. Versions: Android kernel. Android ID:\n A-38159931. (CVE-2018-9517)\n\n - A flaw was found in the Linux kernel. A heap based\n buffer overflow in mwifiex_uap_parse_tail_ies function\n in drivers/net/wireless/marvell/mwifiex/ie.c might lead\n to memory corruption and possibly other consequences.\n (CVE-2019-10126)\n\n - An information disclosure vulnerability exists when\n certain central processing units (CPU) speculatively\n access memory, aka 'Windows Kernel Information\n Disclosure Vulnerability'. This CVE ID is unique from\n CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)\n\n - The coredump implementation in the Linux kernel before\n 5.0.10 does not use locking or other mechanisms to\n prevent vma layout or vma flags changes while it runs,\n which allows local users to obtain sensitive\n information, cause a denial of service, or possibly have\n unspecified other impact by triggering a race condition\n with mmget_not_zero or get_task_mm calls. This is\n related to fs/userfaultfd.c, mm/mmap.c,\n fs/proc/task_mmu.c, and\n drivers/infiniband/core/uverbs_main.c. (CVE-2019-11599)\n\n - An issue was discovered in the Linux kernel before\n 5.0.7. A NULL pointer dereference can occur when\n megasas_create_frame_pool() fails in\n megasas_alloc_cmds() in\n drivers/scsi/megaraid/megaraid_sas_base.c. This causes a\n Denial of Service, related to a use-after-free.\n (CVE-2019-11810)\n\n - fs/ext4/extents.c in the Linux kernel through 5.1.2 does\n not zero out the unused memory region in the extent tree\n block, which might allow local users to obtain sensitive\n information by reading uninitialized data in the\n filesystem. (CVE-2019-11833)\n\n - An out-of-bounds access issue was found in the Linux\n kernel, all versions through 5.3, in the way Linux\n kernel's KVM hypervisor implements the Coalesced MMIO\n write operation. It operates on an MMIO ring buffer\n 'struct kvm_coalesced_mmio' object, wherein write\n indices 'ring->first' and 'ring->last' value could be\n supplied by a host user-space process. An unprivileged\n host user or process with access to '/dev/kvm' device\n could use this flaw to crash the host kernel, resulting\n in a denial of service or potentially escalating\n privileges on the system. (CVE-2019-14821)\n\n - A buffer overflow flaw was found, in versions from\n 2.6.34 to 5.2.x, in the way Linux kernel's vhost\n functionality that translates virtqueue buffers to IOVs,\n logged the buffer descriptors during migration. A\n privileged guest user able to pass descriptors with\n invalid length to the host when migration is underway,\n could use this flaw to increase their privileges on the\n host. (CVE-2019-14835)\n\n - A heap address information leak while using\n L2CAP_GET_CONF_OPT was discovered in the Linux kernel\n before 5.1-rc1. (CVE-2019-3459)\n\n - A heap data infoleak in multiple locations including\n L2CAP_PARSE_CONF_RSP was found in the Linux kernel\n before 5.1-rc1. (CVE-2019-3460)\n\n - A flaw that allowed an attacker to corrupt memory and\n possibly escalate privileges was found in the mwifiex\n kernel module while connecting to a malicious wireless\n network. (CVE-2019-3846)\n\n - A flaw was found in the Linux kernel's vfio interface\n implementation that permits violation of the user's\n locked memory limit. If a device is bound to a vfio\n driver, such as vfio-pci, and the local attacker is\n administratively granted ownership of the device, it may\n cause a system memory exhaustion and thus a denial of\n service (DoS). Versions 3.10, 4.14 and 4.18 are\n vulnerable. (CVE-2019-3882)\n\n - An infinite loop issue was found in the vhost_net kernel\n module in Linux Kernel up to and including v5.1-rc6,\n while handling incoming packets in handle_rx(). It could\n occur if one end sends packets faster than the other end\n can process them. A guest user, maybe remote one, could\n use this flaw to stall the vhost_net kernel thread,\n resulting in a DoS scenario. (CVE-2019-3900)\n\n - The mincore() implementation in mm/mincore.c in the\n Linux kernel through 4.19.13 allowed local attackers to\n observe page cache access patterns of other processes on\n the same system, potentially allowing sniffing of secret\n information. (Fixing this affects the output of the\n fincore program.) Limited remote exploitation may be\n possible, as demonstrated by latency differences in\n accessing public files from an Apache HTTP Server.\n (CVE-2019-5489)\n\n - The Bluetooth BR/EDR specification up to and including\n version 5.1 permits sufficiently low encryption key\n length and does not prevent an attacker from influencing\n the key length negotiation. This allows practical brute-\n force attacks (aka KNOB) that can decrypt traffic and\n inject arbitrary ciphertext without the victim noticing.\n (CVE-2019-9506)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0253\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel-rt packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3846\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-10126\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.05\": [\n \"kernel-rt-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debug-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debug-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debug-devel-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debug-kvm-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debug-kvm-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debuginfo-common-x86_64-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-devel-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-doc-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-kvm-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-kvm-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-trace-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-trace-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-trace-devel-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-trace-kvm-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-trace-kvm-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\"\n ],\n \"CGSL MAIN 5.05\": [\n \"kernel-rt-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debug-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debug-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debug-devel-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debug-kvm-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debug-kvm-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-debuginfo-common-x86_64-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-devel-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-doc-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-kvm-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-kvm-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-trace-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-trace-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-trace-devel-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-trace-kvm-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\",\n \"kernel-rt-trace-kvm-debuginfo-3.10.0-957.27.2.rt56.940.el7.cgslv5_5.8.94.gf0e9f1b\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:33:48", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel packages installed that are affected by multiple vulnerabilities:\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem.\n NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back- channel IDs and cause a use-after-free vulnerability.\n Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2018-16884)\n\n - Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.\n (CVE-2019-11085)\n\n - A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.\n (CVE-2018-16871)\n\n - An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)\n\n - A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest. (CVE-2018-10853)\n\n - A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel- memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.\n (CVE-2018-14625)\n\n - drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free). (CVE-2018-14734)\n\n - arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. (CVE-2018-15594)\n\n - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\n - An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an\n __blk_drain_queue() use-after-free because a certain error case is mishandled. (CVE-2018-20856)\n\n - In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed.\n User interaction is not needed for exploitation.\n Product: Android Versions: Android kernel Android ID:\n A-65853588 References: Upstream kernel. (CVE-2018-9363)\n\n - In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n Product: Android. Versions: Android kernel. Android ID:\n A-38159931. (CVE-2018-9517)\n\n - A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.\n (CVE-2019-10126)\n\n - An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)\n\n - The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (CVE-2019-11599)\n\n - An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.\n (CVE-2019-11810)\n\n - fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (CVE-2019-11833)\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. (CVE-2019-14821)\n\n - A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835)\n\n - A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. (CVE-2019-3459)\n\n - A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. (CVE-2019-3460)\n\n - A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (CVE-2019-3846)\n\n - A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable. (CVE-2019-3882)\n\n - An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario. (CVE-2019-3900)\n\n - The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.\n (CVE-2019-5489)\n\n - The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute- force attacks (aka KNOB) that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.\n (CVE-2019-9506)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-12-31T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0247)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10853", "CVE-2018-14625", "CVE-2018-14734", "CVE-2018-15594", "CVE-2018-16871", "CVE-2018-16884", "CVE-2018-18281", "CVE-2018-20856", "CVE-2018-9363", "CVE-2018-9517", "CVE-2019-10126", "CVE-2019-1071", "CVE-2019-1073", "CVE-2019-11085", "CVE-2019-1125", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-11811", "CVE-2019-11833", "CVE-2019-14821", "CVE-2019-14835", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3846", "CVE-2019-3882", "CVE-2019-3900", "CVE-2019-5489", "CVE-2019-9506"], "modified": "2022-12-05T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0247_KERNEL.NASL", "href": "https://www.tenable.com/plugins/nessus/132474", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0247. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132474);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-9363\",\n \"CVE-2018-9517\",\n \"CVE-2018-10853\",\n \"CVE-2018-14625\",\n \"CVE-2018-14734\",\n \"CVE-2018-15594\",\n \"CVE-2018-16871\",\n \"CVE-2018-16884\",\n \"CVE-2018-18281\",\n \"CVE-2018-20856\",\n \"CVE-2019-1125\",\n \"CVE-2019-3459\",\n \"CVE-2019-3460\",\n \"CVE-2019-3846\",\n \"CVE-2019-3882\",\n \"CVE-2019-3900\",\n \"CVE-2019-5489\",\n \"CVE-2019-9506\",\n \"CVE-2019-10126\",\n \"CVE-2019-11085\",\n \"CVE-2019-11599\",\n \"CVE-2019-11810\",\n \"CVE-2019-11811\",\n \"CVE-2019-11833\",\n \"CVE-2019-14821\",\n \"CVE-2019-14835\"\n );\n script_bugtraq_id(\n 105120,\n 105761,\n 106253,\n 106478,\n 106565,\n 107782,\n 107910,\n 108076,\n 108113,\n 108286,\n 108372,\n 108410,\n 108488,\n 108521,\n 108547,\n 108817\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0247)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel packages installed that are affected by\nmultiple vulnerabilities:\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem.\n NFS41+ shares mounted in different network namespaces at\n the same time can make bc_svc_process() use wrong back-\n channel IDs and cause a use-after-free vulnerability.\n Thus a malicious container user can cause a host kernel\n memory corruption and a system panic. Due to the nature\n of the flaw, privilege escalation cannot be fully ruled\n out. (CVE-2018-16884)\n\n - Insufficient input validation in Kernel Mode Driver in\n Intel(R) i915 Graphics for Linux before version 5.0 may\n allow an authenticated user to potentially enable\n escalation of privilege via local access.\n (CVE-2019-11085)\n\n - A flaw was found in the Linux kernel's NFS\n implementation, all versions 3.x and all versions 4.x up\n to 4.20. An attacker, who is able to mount an exported\n NFS filesystem, is able to trigger a null pointer\n dereference by using an invalid NFS sequence. This can\n panic the machine and deny access to the NFS server. Any\n outstanding disk writes to the NFS server will be lost.\n (CVE-2018-16871)\n\n - An issue was discovered in the Linux kernel before\n 5.0.4. There is a use-after-free upon attempted read\n access to /proc/ioports after the ipmi_si module is\n removed, related to drivers/char/ipmi/ipmi_si_intf.c,\n drivers/char/ipmi/ipmi_si_mem_io.c, and\n drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)\n\n - A flaw was found in the way Linux kernel KVM hypervisor\n before 4.18 emulated instructions such as\n sgdt/sidt/fxsave/fxrstor. It did not check current\n privilege(CPL) level while emulating unprivileged\n instructions. An unprivileged guest user/process could\n use this flaw to potentially escalate privileges inside\n guest. (CVE-2018-10853)\n\n - A flaw was found in the Linux Kernel where an attacker\n may be able to have an uncontrolled read to kernel-\n memory from within a vm guest. A race condition between\n connect() and close() function may allow an attacker\n using the AF_VSOCK protocol to gather a 4 byte\n information leak or possibly intercept or corrupt\n AF_VSOCK messages destined to other clients.\n (CVE-2018-14625)\n\n - drivers/infiniband/core/ucma.c in the Linux kernel\n through 4.17.11 allows ucma_leave_multicast to access a\n certain data structure after a cleanup step in\n ucma_process_join, which allows attackers to cause a\n denial of service (use-after-free). (CVE-2018-14734)\n\n - arch/x86/kernel/paravirt.c in the Linux kernel before\n 4.18.1 mishandles certain indirect calls, which makes it\n easier for attackers to conduct Spectre-v2 attacks\n against paravirtual guests. (CVE-2018-15594)\n\n - Since Linux kernel version 3.2, the mremap() syscall\n performs TLB flushes after dropping pagetable locks. If\n a syscall such as ftruncate() removes entries from the\n pagetables of a task that is in the middle of mremap(),\n a stale TLB entry can remain for a short time that\n permits access to a physical page after it has been\n released back to the page allocator and reused. This is\n fixed in the following kernel versions: 4.9.135,\n 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)\n\n - An issue was discovered in the Linux kernel before\n 4.18.7. In block/blk-core.c, there is an\n __blk_drain_queue() use-after-free because a certain\n error case is mishandled. (CVE-2018-20856)\n\n - In the hidp_process_report in bluetooth, there is an\n integer overflow. This could lead to an out of bounds\n write with no additional execution privileges needed.\n User interaction is not needed for exploitation.\n Product: Android Versions: Android kernel Android ID:\n A-65853588 References: Upstream kernel. (CVE-2018-9363)\n\n - In pppol2tp_connect, there is possible memory corruption\n due to a use after free. This could lead to local\n escalation of privilege with System execution privileges\n needed. User interaction is not needed for exploitation.\n Product: Android. Versions: Android kernel. Android ID:\n A-38159931. (CVE-2018-9517)\n\n - A flaw was found in the Linux kernel. A heap based\n buffer overflow in mwifiex_uap_parse_tail_ies function\n in drivers/net/wireless/marvell/mwifiex/ie.c might lead\n to memory corruption and possibly other consequences.\n (CVE-2019-10126)\n\n - An information disclosure vulnerability exists when\n certain central processing units (CPU) speculatively\n access memory, aka 'Windows Kernel Information\n Disclosure Vulnerability'. This CVE ID is unique from\n CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)\n\n - The coredump implementation in the Linux kernel before\n 5.0.10 does not use locking or other mechanisms to\n prevent vma layout or vma flags changes while it runs,\n which allows local users to obtain sensitive\n information, cause a denial of service, or possibly have\n unspecified other impact by triggering a race condition\n with mmget_not_zero or get_task_mm calls. This is\n related to fs/userfaultfd.c, mm/mmap.c,\n fs/proc/task_mmu.c, and\n drivers/infiniband/core/uverbs_main.c. (CVE-2019-11599)\n\n - An issue was discovered in the Linux kernel before\n 5.0.7. A NULL pointer dereference can occur when\n megasas_create_frame_pool() fails in\n megasas_alloc_cmds() in\n drivers/scsi/megaraid/megaraid_sas_base.c. This causes a\n Denial of Service, related to a use-after-free.\n (CVE-2019-11810)\n\n - fs/ext4/extents.c in the Linux kernel through 5.1.2 does\n not zero out the unused memory region in the extent tree\n block, which might allow local users to obtain sensitive\n information by reading uninitialized data in the\n filesystem. (CVE-2019-11833)\n\n - An out-of-bounds access issue was found in the Linux\n kernel, all versions through 5.3, in the way Linux\n kernel's KVM hypervisor implements the Coalesced MMIO\n write operation. It operates on an MMIO ring buffer\n 'struct kvm_coalesced_mmio' object, wherein write\n indices 'ring->first' and 'ring->last' value could be\n supplied by a host user-space process. An unprivileged\n host user or process with access to '/dev/kvm' device\n could use this flaw to crash the host kernel, resulting\n in a denial of service or potentially escalating\n privileges on the system. (CVE-2019-14821)\n\n - A buffer overflow flaw was found, in versions from\n 2.6.34 to 5.2.x, in the way Linux kernel's vhost\n functionality that translates virtqueue buffers to IOVs,\n logged the buffer descriptors during migration. A\n privileged guest user able to pass descriptors with\n invalid length to the host when migration is underway,\n could use this flaw to increase their privileges on the\n host. (CVE-2019-14835)\n\n - A heap address information leak while using\n L2CAP_GET_CONF_OPT was discovered in the Linux kernel\n before 5.1-rc1. (CVE-2019-3459)\n\n - A heap data infoleak in multiple locations including\n L2CAP_PARSE_CONF_RSP was found in the Linux kernel\n before 5.1-rc1. (CVE-2019-3460)\n\n - A flaw that allowed an attacker to corrupt memory and\n possibly escalate privileges was found in the mwifiex\n kernel module while connecting to a malicious wireless\n network. (CVE-2019-3846)\n\n - A flaw was found in the Linux kernel's vfio interface\n implementation that permits violation of the user's\n locked memory limit. If a device is bound to a vfio\n driver, such as vfio-pci, and the local attacker is\n administratively granted ownership of the device, it may\n cause a system memory exhaustion and thus a denial of\n service (DoS). Versions 3.10, 4.14 and 4.18 are\n vulnerable. (CVE-2019-3882)\n\n - An infinite loop issue was found in the vhost_net kernel\n module in Linux Kernel up to and including v5.1-rc6,\n while handling incoming packets in handle_rx(). It could\n occur if one end sends packets faster than the other end\n can process them. A guest user, maybe remote one, could\n use this flaw to stall the vhost_net kernel thread,\n resulting in a DoS scenario. (CVE-2019-3900)\n\n - The mincore() implementation in mm/mincore.c in the\n Linux kernel through 4.19.13 allowed local attackers to\n observe page cache access patterns of other processes on\n the same system, potentially allowing sniffing of secret\n information. (Fixing this affects the output of the\n fincore program.) Limited remote exploitation may be\n possible, as demonstrated by latency differences in\n accessing public files from an Apache HTTP Server.\n (CVE-2019-5489)\n\n - The Bluetooth BR/EDR specification up to and including\n version 5.1 permits sufficiently low encryption key\n length and does not prevent an attacker from influencing\n the key length negotiation. This allows practical brute-\n force attacks (aka KNOB) that can decrypt traffic and\n inject arbitrary ciphertext without the victim noticing.\n (CVE-2019-9506)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0247\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3846\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-10126\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.05\": [\n \"bpftool-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-abi-whitelists-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-core-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-debug-core-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-debug-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-debug-devel-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-debug-modules-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-debuginfo-common-x86_64-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-devel-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-headers-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-modules-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-tools-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-tools-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-tools-libs-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"kernel-tools-libs-devel-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"perf-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"python-perf-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\",\n \"python-perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.12.144.ge0a5bc9.lite\"\n ],\n \"CGSL MAIN 5.05\": [\n \"bpftool-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-abi-whitelists-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-debug-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-debug-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-debug-devel-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-debuginfo-common-x86_64-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-devel-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-headers-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-tools-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-tools-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-tools-libs-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"kernel-tools-libs-devel-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"perf-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"python-perf-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\",\n \"python-perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.12.141.g47e8cad\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:34", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:1769 advisory.\n\n - kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871)\n\n - Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR (CVE-2019-10639)\n\n - kernel: use-after-free in function __mdiobus_register() in drivers/net/phy/mdio_bus.c (CVE-2019-12819)\n\n - kernel: An out-of-bounds read in drivers/scsi/qedi/qedi_dbg.c leading to crash or information disclosure (CVE-2019-15090)\n\n - kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash (CVE-2019-15099)\n\n - kernel: Null pointer dereference in the sound/usb/line6/pcm.c (CVE-2019-15221)\n\n - kernel: Null pointer dereference in the sound/usb/line6/driver.c (CVE-2019-15223)\n\n - kernel: null pointer dereference in drivers/net/wireless/intel/iwlwifi/pcie/trans.c (CVE-2019-16234)\n\n - kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol (CVE-2019-17053)\n\n - kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol (CVE-2019-17055)\n\n - kernel: The flow_dissector feature allows device tracking (CVE-2019-18282)\n\n - kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c (CVE-2019-18805)\n\n - kernel: dos in mlx5_fpga_conn_create_cq() function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c (CVE-2019-19045)\n\n - kernel: dos in mlx5_fw_fatal_reporter_dump() function in drivers/net/ethernet/mellanox/mlx5/core/health.c (CVE-2019-19047)\n\n - kernel: memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c allows DoS (CVE-2019-19055)\n\n - kernel: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c allows for a DoS (CVE-2019-19057)\n\n - kernel: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c allows for a DoS (CVE-2019-19058)\n\n - kernel: Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c allows for a DoS (CVE-2019-19059)\n\n - kernel: A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c allows for a DoS (CVE-2019-19065)\n\n - kernel: Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c allow for a DoS (CVE-2019-19067)\n\n - kernel: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel (DOS) (CVE-2019-19073)\n\n - kernel: a memory leak in the ath9k management function in allows local DoS (CVE-2019-19074)\n\n - kernel: memory leak in bnxt_re_create_srq function in drivers/infiniband/hw/bnxt_re/ib_verbs.c (CVE-2019-19077)\n\n - kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532)\n\n - kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (CVE-2019-19534)\n\n - kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768)\n\n - kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound applications (CVE-2019-19922)\n\n - kernel: memory leak in the kernel_read_file function in fs/exec.c allows to cause a denial of service (CVE-2019-8980)\n\n - kernel: use-after-free in cdev_put() when a PTP device is removed while it's chardev is open (CVE-2020-10690)\n\n - kernel: some ipv6 protocols not encrypted over ipsec tunnel (CVE-2020-1749)\n\n - kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c (CVE-2020-7053)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-02-01T00:00:00", "type": "nessus", "title": "CentOS 8 : kernel (CESA-2020:1769)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16871", "CVE-2019-10639", "CVE-2019-12819", "CVE-2019-15090", "CVE-2019-15099", "CVE-2019-15221", "CVE-2019-15223", "CVE-2019-16234", "CVE-2019-17053", "CVE-2019-17055", "CVE-2019-18282", "CVE-2019-18805", "CVE-2019-19045", "CVE-2019-19047", "CVE-2019-19055", "CVE-2019-19057", "CVE-2019-19058", "CVE-2019-19059", "CVE-2019-19065", "CVE-2019-19067", "CVE-2019-19073", "CVE-2019-19074", "CVE-2019-19077", "CVE-2019-19532", "CVE-2019-19534", "CVE-2019-19768", "CVE-2019-19922", "CVE-2019-8980", "CVE-2020-10690", "CVE-2020-1749", "CVE-2020-7053"], "modified": "2021-03-23T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-core", "p-cpe:/a:centos:centos:kernel-cross-headers", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-core", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-debug-modules", "p-cpe:/a:centos:centos:kernel-debug-modules-extra", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-modules", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:kernel-modules-extra", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:python3-perf"], "id": "CENTOS8_RHSA-2020-1769.NASL", "href": "https://www.tenable.com/plugins/nessus/145850", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2020:1769. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145850);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/23\");\n\n script_cve_id(\n \"CVE-2018-16871\",\n \"CVE-2019-8980\",\n \"CVE-2019-10639\",\n \"CVE-2019-12819\",\n \"CVE-2019-15090\",\n \"CVE-2019-15099\",\n \"CVE-2019-15221\",\n \"CVE-2019-15223\",\n \"CVE-2019-16234\",\n \"CVE-2019-17053\",\n \"CVE-2019-17055\",\n \"CVE-2019-18282\",\n \"CVE-2019-18805\",\n \"CVE-2019-19045\",\n \"CVE-2019-19047\",\n \"CVE-2019-19055\",\n \"CVE-2019-19057\",\n \"CVE-2019-19058\",\n \"CVE-2019-19059\",\n \"CVE-2019-19065\",\n \"CVE-2019-19067\",\n \"CVE-2019-19073\",\n \"CVE-2019-19074\",\n \"CVE-2019-19077\",\n \"CVE-2019-19532\",\n \"CVE-2019-19534\",\n \"CVE-2019-19768\",\n \"CVE-2019-19922\",\n \"CVE-2020-1749\",\n \"CVE-2020-7053\",\n \"CVE-2020-10690\"\n );\n script_bugtraq_id(107120, 108547, 108768);\n script_xref(name:\"RHSA\", value:\"2020:1769\");\n\n script_name(english:\"CentOS 8 : kernel (CESA-2020:1769)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2020:1769 advisory.\n\n - kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871)\n\n - Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR (CVE-2019-10639)\n\n - kernel: use-after-free in function __mdiobus_register() in drivers/net/phy/mdio_bus.c (CVE-2019-12819)\n\n - kernel: An out-of-bounds read in drivers/scsi/qedi/qedi_dbg.c leading to crash or information disclosure\n (CVE-2019-15090)\n\n - kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash\n (CVE-2019-15099)\n\n - kernel: Null pointer dereference in the sound/usb/line6/pcm.c (CVE-2019-15221)\n\n - kernel: Null pointer dereference in the sound/usb/line6/driver.c (CVE-2019-15223)\n\n - kernel: null pointer dereference in drivers/net/wireless/intel/iwlwifi/pcie/trans.c (CVE-2019-16234)\n\n - kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol (CVE-2019-17053)\n\n - kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol (CVE-2019-17055)\n\n - kernel: The flow_dissector feature allows device tracking (CVE-2019-18282)\n\n - kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c (CVE-2019-18805)\n\n - kernel: dos in mlx5_fpga_conn_create_cq() function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c\n (CVE-2019-19045)\n\n - kernel: dos in mlx5_fw_fatal_reporter_dump() function in drivers/net/ethernet/mellanox/mlx5/core/health.c\n (CVE-2019-19047)\n\n - kernel: memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c allows DoS\n (CVE-2019-19055)\n\n - kernel: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in\n drivers/net/wireless/marvell/mwifiex/pcie.c allows for a DoS (CVE-2019-19057)\n\n - kernel: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c\n allows for a DoS (CVE-2019-19058)\n\n - kernel: Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in\n drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c allows for a DoS (CVE-2019-19059)\n\n - kernel: A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c allows for a DoS\n (CVE-2019-19065)\n\n - kernel: Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c allow\n for a DoS (CVE-2019-19067)\n\n - kernel: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel (DOS)\n (CVE-2019-19073)\n\n - kernel: a memory leak in the ath9k management function in allows local DoS (CVE-2019-19074)\n\n - kernel: memory leak in bnxt_re_create_srq function in drivers/infiniband/hw/bnxt_re/ib_verbs.c\n (CVE-2019-19077)\n\n - kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532)\n\n - kernel: information leak bug caused by a malicious USB device in the\n drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (CVE-2019-19534)\n\n - kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768)\n\n - kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound\n applications (CVE-2019-19922)\n\n - kernel: memory leak in the kernel_read_file function in fs/exec.c allows to cause a denial of service\n (CVE-2019-8980)\n\n - kernel: use-after-free in cdev_put() when a PTP device is removed while it's chardev is open\n (CVE-2020-10690)\n\n - kernel: some ipv6 protocols not encrypted over ipsec tunnel (CVE-2020-1749)\n\n - kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c (CVE-2020-7053)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1769\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-18805\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2018-16871', 'CVE-2019-8980', 'CVE-2019-10639', 'CVE-2019-12819', 'CVE-2019-15090', 'CVE-2019-15099', 'CVE-2019-15221', 'CVE-2019-15223', 'CVE-2019-16234', 'CVE-2019-17053', 'CVE-2019-17055', 'CVE-2019-18282', 'CVE-2019-18805', 'CVE-2019-19045', 'CVE-2019-19047', 'CVE-2019-19055', 'CVE-2019-19057', 'CVE-2019-19058', 'CVE-2019-19059', 'CVE-2019-19065', 'CVE-2019-19067', 'CVE-2019-19073', 'CVE-2019-19074', 'CVE-2019-19077', 'CVE-2019-19532', 'CVE-2019-19534', 'CVE-2019-19768', 'CVE-2019-19922', 'CVE-2020-1749', 'CVE-2020-7053', 'CVE-2020-10690');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for CESA-2020:1769');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'reference':'bpftool-4.18.0-193.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-193.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-193.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-193.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-193.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-193.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-193.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-193.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-193.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-193.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-193.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-193.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-193.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-193.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-193.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-193.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-193.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-193.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-193.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-193.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-193.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-193.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-193.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-193.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-193.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-193.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-193.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-193.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-193.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-193.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-193.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-193.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-193.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-193.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-193.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-193.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-193.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-193.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:59:30", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1567 advisory.\n\n - kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871)\n\n - Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR (CVE-2019-10639)\n\n - kernel: use-after-free in function __mdiobus_register() in drivers/net/phy/mdio_bus.c (CVE-2019-12819)\n\n - kernel: An out-of-bounds read in drivers/scsi/qedi/qedi_dbg.c leading to crash or information disclosure (CVE-2019-15090)\n\n - kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash (CVE-2019-15099)\n\n - kernel: Null pointer dereference in the sound/usb/line6/pcm.c (CVE-2019-15221)\n\n - kernel: Null pointer dereference in the sound/usb/line6/driver.c (CVE-2019-15223)\n\n - kernel: null pointer dereference in drivers/net/wireless/intel/iwlwifi/pcie/trans.c (CVE-2019-16234)\n\n - kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol (CVE-2019-17053)\n\n - kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol (CVE-2019-17055)\n\n - kernel: The flow_dissector feature allows device tracking (CVE-2019-18282)\n\n - kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c (CVE-2019-18805)\n\n - kernel: dos in mlx5_fpga_conn_create_cq() function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c (CVE-2019-19045)\n\n - kernel: dos in mlx5_fw_fatal_reporter_dump() function in drivers/net/ethernet/mellanox/mlx5/core/health.c (CVE-2019-19047)\n\n - kernel: memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c allows DoS (CVE-2019-19055)\n\n - kernel: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c allows for a DoS (CVE-2019-19057)\n\n - kernel: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c allows for a DoS (CVE-2019-19058)\n\n - kernel: Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c allows for a DoS (CVE-2019-19059)\n\n - kernel: A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c allows for a DoS (CVE-2019-19065)\n\n - kernel: Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c allow for a DoS (CVE-2019-19067)\n\n - kernel: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel (DOS) (CVE-2019-19073)\n\n - kernel: a memory leak in the ath9k management function in allows local DoS (CVE-2019-19074)\n\n - kernel: memory leak in bnxt_re_create_srq function in drivers/infiniband/hw/bnxt_re/ib_verbs.c (CVE-2019-19077)\n\n - kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532)\n\n - kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (CVE-2019-19534)\n\n - kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768)\n\n - kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound applications (CVE-2019-19922)\n\n - kernel: triggering AP to send IAPP location updates for stations before the required authentication process has completed can lead to DoS (CVE-2019-5108)\n\n - kernel: memory leak in the kernel_read_file function in fs/exec.c allows to cause a denial of service (CVE-2019-8980)\n\n - kernel: use-after-free in cdev_put() when a PTP device is removed while it's chardev is open (CVE-2020-10690)\n\n - kernel: some ipv6 protocols not encrypted over ipsec tunnel (CVE-2020-1749)\n\n - kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c (CVE-2020-7053)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-04-29T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel-rt (RHSA-2020:1567)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16871", "CVE-2019-10639", "CVE-2019-12819", "CVE-2019-15090", "CVE-2019-15099", "CVE-2019-15221", "CVE-2019-15223", "CVE-2019-16234", "CVE-2019-17053", "CVE-2019-17055", "CVE-2019-18282", "CVE-2019-18805", "CVE-2019-19045", "CVE-2019-19047", "CVE-2019-19055", "CVE-2019-19057", "CVE-2019-19058", "CVE-2019-19059", "CVE-2019-19065", "CVE-2019-19067", "CVE-2019-19073", "CVE-2019-19074", "CVE-2019-19077", "CVE-2019-19532", "CVE-2019-19534", "CVE-2019-19768", "CVE-2019-19922", "CVE-2019-5108", "CVE-2019-8980", "CVE-2020-10690", "CVE-2020-1749", "CVE-2020-7053"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.2", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra"], "id": "REDHAT-RHSA-2020-1567.NASL", "href": "https://www.tenable.com/plugins/nessus/136116", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1567. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136116);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2018-16871\",\n \"CVE-2019-8980\",\n \"CVE-2019-10639\",\n \"CVE-2019-15090\",\n \"CVE-2019-15099\",\n \"CVE-2019-15221\",\n \"CVE-2019-17053\",\n \"CVE-2019-17055\",\n \"CVE-2019-18805\",\n \"CVE-2019-19045\",\n \"CVE-2019-19047\",\n \"CVE-2019-19055\",\n \"CVE-2019-19057\",\n \"CVE-2019-19058\",\n \"CVE-2019-19059\",\n \"CVE-2019-19065\",\n \"CVE-2019-19073\",\n \"CVE-2019-19074\",\n \"CVE-2019-19077\",\n \"CVE-2019-19534\",\n \"CVE-2019-19768\",\n \"CVE-2019-19922\",\n \"CVE-2020-1749\"\n );\n script_bugtraq_id(107120, 108547, 108768);\n script_xref(name:\"RHSA\", value:\"2020:1567\");\n\n script_name(english:\"RHEL 8 : kernel-rt (RHSA-2020:1567)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:1567 advisory.\n\n - kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871)\n\n - Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR (CVE-2019-10639)\n\n - kernel: use-after-free in function __mdiobus_register() in drivers/net/phy/mdio_bus.c (CVE-2019-12819)\n\n - kernel: An out-of-bounds read in drivers/scsi/qedi/qedi_dbg.c leading to crash or information disclosure\n (CVE-2019-15090)\n\n - kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash\n (CVE-2019-15099)\n\n - kernel: Null pointer dereference in the sound/usb/line6/pcm.c (CVE-2019-15221)\n\n - kernel: Null pointer dereference in the sound/usb/line6/driver.c (CVE-2019-15223)\n\n - kernel: null pointer dereference in drivers/net/wireless/intel/iwlwifi/pcie/trans.c (CVE-2019-16234)\n\n - kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol (CVE-2019-17053)\n\n - kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol (CVE-2019-17055)\n\n - kernel: The flow_dissector feature allows device tracking (CVE-2019-18282)\n\n - kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c (CVE-2019-18805)\n\n - kernel: dos in mlx5_fpga_conn_create_cq() function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c\n (CVE-2019-19045)\n\n - kernel: dos in mlx5_fw_fatal_reporter_dump() function in drivers/net/ethernet/mellanox/mlx5/core/health.c\n (CVE-2019-19047)\n\n - kernel: memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c allows DoS\n (CVE-2019-19055)\n\n - kernel: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in\n drivers/net/wireless/marvell/mwifiex/pcie.c allows for a DoS (CVE-2019-19057)\n\n - kernel: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c\n allows for a DoS (CVE-2019-19058)\n\n - kernel: Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in\n drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c allows for a DoS (CVE-2019-19059)\n\n - kernel: A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c allows for a DoS\n (CVE-2019-19065)\n\n - kernel: Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c allow\n for a DoS (CVE-2019-19067)\n\n - kernel: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel (DOS)\n (CVE-2019-19073)\n\n - kernel: a memory leak in the ath9k management function in allows local DoS (CVE-2019-19074)\n\n - kernel: memory leak in bnxt_re_create_srq function in drivers/infiniband/hw/bnxt_re/ib_verbs.c\n (CVE-2019-19077)\n\n - kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532)\n\n - kernel: information leak bug caused by a malicious USB device in the\n drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (CVE-2019-19534)\n\n - kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768)\n\n - kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound\n applications (CVE-2019-19922)\n\n - kernel: triggering AP to send IAPP location updates for stations before the required authentication\n process has completed can lead to DoS (CVE-2019-5108)\n\n - kernel: memory leak in the kernel_read_file function in fs/exec.c allows to cause a denial of service\n (CVE-2019-8980)\n\n - kernel: use-after-free in cdev_put() when a PTP device is removed while it's chardev is open\n (CVE-2020-10690)\n\n - kernel: some ipv6 protocols not encrypted over ipsec tunnel (CVE-2020-1749)\n\n - kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c (CVE-2020-7053)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-16871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-5108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-8980\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-12819\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15090\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15099\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15221\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15223\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16234\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17053\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-18282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-18805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19047\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19057\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19059\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19065\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19077\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19532\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19768\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19922\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-7053\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10690\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1655162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1679972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1721962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1729933\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1743526\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1743560\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1749974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1749976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1758242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1758248\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760441\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1771496\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774933\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774937\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774968\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1775000\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1775042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1775047\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1775050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1775074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1775724\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1781821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1783540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1786164\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1789927\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1792512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1795624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796360\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1809833\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1817141\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-18805\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 125, 190, 200, 250, 319, 400, 416, 440, 476, 772);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2018-16871', 'CVE-2019-5108', 'CVE-2019-8980', 'CVE-2019-10639', 'CVE-2019-12819', 'CVE-2019-15090', 'CVE-2019-15099', 'CVE-2019-15221', 'CVE-2019-15223', 'CVE-2019-16234', 'CVE-2019-17053', 'CVE-2019-17055', 'CVE-2019-18282', 'CVE-2019-18805', 'CVE-2019-19045', 'CVE-2019-19047', 'CVE-2019-19055', 'CVE-2019-19057', 'CVE-2019-19058', 'CVE-2019-19059', 'CVE-2019-19065', 'CVE-2019-19067', 'CVE-2019-19073', 'CVE-2019-19074', 'CVE-2019-19077', 'CVE-2019-19532', 'CVE-2019-19534', 'CVE-2019-19768', 'CVE-2019-19922', 'CVE-2020-1749', 'CVE-2020-7053', 'CVE-2020-10690');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:1567');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-4.18.0-193.rt13.51.el8', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-193.rt13.51.el8', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-193.rt13.51.el8', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-193.rt13.51.el8', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-193.rt13.51.el8', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-193.rt13.51.el8', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-193.rt13.51.el8', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-193.rt13.51.el8', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-193.rt13.51.el8', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-193.rt13.51.el8', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-193.rt13.51.el8', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-193.rt13.51.el8', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-4.18.0-193.rt13.51.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-193.rt13.51.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-193.rt13.51.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-193.rt13.51.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-193.rt13.51.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-193.rt13.51.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-193.rt13.51.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-193.rt13.51.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-193.rt13.51.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-193.rt13.51.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-193.rt13.51.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-193.rt13.51.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-4.18.0-193.rt13.51.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-193.rt13.51.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-193.rt13.51.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-193.rt13.51.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-193.rt13.51.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-193.rt13.51.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-193.rt13.51.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-193.rt13.51.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-193.rt13.51.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-193.rt13.51.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-193.rt13.51.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-193.rt13.51.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-4.18.0-193.rt13.51.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-193.rt13.51.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-193.rt13.51.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-193.rt13.51.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-193.rt13.51.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-193.rt13.51.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-193.rt13.51.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-193.rt13.51.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-193.rt13.51.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-193.rt13.51.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-193.rt13.51.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-193.rt13.51.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:18:56", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1769 advisory.\n\n - kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871)\n\n - Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR (CVE-2019-10639)\n\n - kernel: use-after-free in function __mdiobus_register() in drivers/net/phy/mdio_bus.c (CVE-2019-12819)\n\n - kernel: An out-of-bounds read in drivers/scsi/qedi/qedi_dbg.c leading to crash or information disclosure (CVE-2019-15090)\n\n - kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash (CVE-2019-15099)\n\n - kernel: Null pointer dereference in the sound/usb/line6/pcm.c (CVE-2019-15221)\n\n - kernel: Null pointer dereference in the sound/usb/line6/driver.c (CVE-2019-15223)\n\n - kernel: null pointer dereference in drivers/net/wireless/intel/iwlwifi/pcie/trans.c (CVE-2019-16234)\n\n - kernel: buffer-overflow hardening in WiFi beacon validation code. (CVE-2019-16746)\n\n - kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol (CVE-2019-17053)\n\n - kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol (CVE-2019-17055)\n\n - kernel: The flow_dissector feature allows device tracking (CVE-2019-18282)\n\n - kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c (CVE-2019-18805)\n\n - kernel: dos in mlx5_fpga_conn_create_cq() function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c (CVE-2019-19045)\n\n - kernel: dos in mlx5_fw_fatal_reporter_dump() function in drivers/net/ethernet/mellanox/mlx5/core/health.c (CVE-2019-19047)\n\n - kernel: memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c allows DoS (CVE-2019-19055)\n\n - kernel: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c allows for a DoS (CVE-2019-19057)\n\n - kernel: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c allows for a DoS (CVE-2019-19058)\n\n - kernel: Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c allows for a DoS (CVE-2019-19059)\n\n - kernel: A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c allows for a DoS (CVE-2019-19065)\n\n - kernel: Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c allow for a DoS (CVE-2019-19067)\n\n - kernel: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel (DOS) (CVE-2019-19073)\n\n - kernel: a memory leak in the ath9k management function in allows local DoS (CVE-2019-19074)\n\n - kernel: memory leak in bnxt_re_create_srq function in drivers/infiniband/hw/bnxt_re/ib_verbs.c (CVE-2019-19077)\n\n - kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532)\n\n - kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (CVE-2019-19534)\n\n - kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768)\n\n - kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound applications (CVE-2019-19922)\n\n - kernel: triggering AP to send IAPP location updates for stations before the required authentication process has completed can lead to DoS (CVE-2019-5108)\n\n - kernel: memory leak in the kernel_read_file function in fs/exec.c allows to cause a denial of service (CVE-2019-8980)\n\n - kernel: use-after-free in cdev_put() when a PTP device is removed while it's chardev is open (CVE-2020-10690)\n\n - kernel: some ipv6 protocols not encrypted over ipsec tunnel (CVE-2020-1749)\n\n - kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c (CVE-2020-7053)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-04-29T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel (RHSA-2020:1769)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16871", "CVE-2019-10639", "CVE-2019-12819", "CVE-2019-15090", "CVE-2019-15099", "CVE-2019-15221", "CVE-2019-15223", "CVE-2019-16234", "CVE-2019-16746", "CVE-2019-17053", "CVE-2019-17055", "CVE-2019-18282", "CVE-2019-18805", "CVE-2019-19045", "CVE-2019-19047", "CVE-2019-19055", "CVE-2019-19057", "CVE-2019-19058", "CVE-2019-19059", "CVE-2019-19065", "CVE-2019-19067", "CVE-2019-19073", "CVE-2019-19074", "CVE-2019-19077", "CVE-2019-19532", "CVE-2019-19534", "CVE-2019-19768", "CVE-2019-19922", "CVE-2019-5108", "CVE-2019-8980", "CVE-2020-10690", "CVE-2020-1749", "CVE-2020-7053"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.2", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-core", "p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python3-perf"], "id": "REDHAT-RHSA-2020-1769.NASL", "href": "https://www.tenable.com/plugins/nessus/136115", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1769. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136115);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2018-16871\",\n \"CVE-2019-8980\",\n \"CVE-2019-10639\",\n \"CVE-2019-15090\",\n \"CVE-2019-15099\",\n \"CVE-2019-15221\",\n \"CVE-2019-17053\",\n \"CVE-2019-17055\",\n \"CVE-2019-18805\",\n \"CVE-2019-19045\",\n \"CVE-2019-19047\",\n \"CVE-2019-19055\",\n \"CVE-2019-19057\",\n \"CVE-2019-19058\",\n \"CVE-2019-19059\",\n \"CVE-2019-19065\",\n \"CVE-2019-19073\",\n \"CVE-2019-19074\",\n \"CVE-2019-19077\",\n \"CVE-2019-19534\",\n \"CVE-2019-19768\",\n \"CVE-2019-19922\",\n \"CVE-2020-1749\"\n );\n script_bugtraq_id(107120, 108547, 108768);\n script_xref(name:\"RHSA\", value:\"2020:1769\");\n\n script_name(english:\"RHEL 8 : kernel (RHSA-2020:1769)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:1769 advisory.\n\n - kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871)\n\n - Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR (CVE-2019-10639)\n\n - kernel: use-after-free in function __mdiobus_register() in drivers/net/phy/mdio_bus.c (CVE-2019-12819)\n\n - kernel: An out-of-bounds read in drivers/scsi/qedi/qedi_dbg.c leading to crash or information disclosure\n (CVE-2019-15090)\n\n - kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash\n (CVE-2019-15099)\n\n - kernel: Null pointer dereference in the sound/usb/line6/pcm.c (CVE-2019-15221)\n\n - kernel: Null pointer dereference in the sound/usb/line6/driver.c (CVE-2019-15223)\n\n - kernel: null pointer dereference in drivers/net/wireless/intel/iwlwifi/pcie/trans.c (CVE-2019-16234)\n\n - kernel: buffer-overflow hardening in WiFi beacon validation code. (CVE-2019-16746)\n\n - kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol (CVE-2019-17053)\n\n - kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol (CVE-2019-17055)\n\n - kernel: The flow_dissector feature allows device tracking (CVE-2019-18282)\n\n - kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c (CVE-2019-18805)\n\n - kernel: dos in mlx5_fpga_conn_create_cq() function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c\n (CVE-2019-19045)\n\n - kernel: dos in mlx5_fw_fatal_reporter_dump() function in drivers/net/ethernet/mellanox/mlx5/core/health.c\n (CVE-2019-19047)\n\n - kernel: memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c allows DoS\n (CVE-2019-19055)\n\n - kernel: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in\n drivers/net/wireless/marvell/mwifiex/pcie.c allows for a DoS (CVE-2019-19057)\n\n - kernel: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c\n allows for a DoS (CVE-2019-19058)\n\n - kernel: Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in\n drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c allows for a DoS (CVE-2019-19059)\n\n - kernel: A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c allows for a DoS\n (CVE-2019-19065)\n\n - kernel: Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c allow\n for a DoS (CVE-2019-19067)\n\n - kernel: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel (DOS)\n (CVE-2019-19073)\n\n - kernel: a memory leak in the ath9k management function in allows local DoS (CVE-2019-19074)\n\n - kernel: memory leak in bnxt_re_create_srq function in drivers/infiniband/hw/bnxt_re/ib_verbs.c\n (CVE-2019-19077)\n\n - kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532)\n\n - kernel: information leak bug caused by a malicious USB device in the\n drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (CVE-2019-19534)\n\n - kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768)\n\n - kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound\n applications (CVE-2019-19922)\n\n - kernel: triggering AP to send IAPP location updates for stations before the required authentication\n process has completed can lead to DoS (CVE-2019-5108)\n\n - kernel: memory leak in the kernel_read_file function in fs/exec.c allows to cause a denial of service\n (CVE-2019-8980)\n\n - kernel: use-after-free in cdev_put() when a PTP device is removed while it's chardev is open\n (CVE-2020-10690)\n\n - kernel: some ipv6 protocols not encrypted over ipsec tunnel (CVE-2020-1749)\n\n - kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c (CVE-2020-7053)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-16871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-5108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-8980\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-12819\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15090\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15099\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15221\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15223\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16234\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17053\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-18282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-18805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19047\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19057\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19059\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19065\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19077\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19532\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19768\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19922\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-7053\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10690\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1655162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1679972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1721962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1729933\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1743526\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1743560\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1749974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1749976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1758242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1758248\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760441\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1771496\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774933\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774937\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774968\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1775000\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1775042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1775047\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1775050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1775074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1775724\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1781821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1783540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1786164\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1789927\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1792512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1795624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1796360\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1809833\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1817141\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-18805\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 120, 125, 190, 200, 250, 319, 400, 416, 440, 476, 772);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2018-16871', 'CVE-2019-5108', 'CVE-2019-8980', 'CVE-2019-10639', 'CVE-2019-12819', 'CVE-2019-15090', 'CVE-2019-15099', 'CVE-2019-15221', 'CVE-2019-15223', 'CVE-2019-16234', 'CVE-2019-16746', 'CVE-2019-17053', 'CVE-2019-17055', 'CVE-2019-18282', 'CVE-2019-18805', 'CVE-2019-19045', 'CVE-2019-19047', 'CVE-2019-19055', 'CVE-2019-19057', 'CVE-2019-19058', 'CVE-2019-19059', 'CVE-2019-19065', 'CVE-2019-19067', 'CVE-2019-19073', 'CVE-2019-19074', 'CVE-2019-19077', 'CVE-2019-19532', 'CVE-2019-19534', 'CVE-2019-19768', 'CVE-2019-19922', 'CVE-2020-1749', 'CVE-2020-7053', 'CVE-2020-10690');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:1769');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/appstream/debug',\n 'content/eus/rhel8/8.2/aarch64/appstream/os',\n 'content/eus/rhel8/8.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/baseos/debug',\n 'content/eus/rhel8/8.2/aarch64/baseos/os',\n 'content/eus/rhel8/8.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.2/aarch64/highavailability/os',\n 'content/eus/rhel8/8.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.2/aarch64/supplementary/os',\n 'content/eus/rhel8/8.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.2/ppc64le/appstream/os',\n 'content/eus/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.2/ppc64le/baseos/os',\n 'content/eus/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap/os',\n 'content/eus/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/appstream/debug',\n 'content/eus/rhel8/8.2/s390x/appstream/os',\n 'content/eus/rhel8/8.2/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/baseos/debug',\n 'content/eus/rhel8/8.2/s390x/baseos/os',\n 'content/eus/rhel8/8.2/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/highavailability/debug',\n 'content/eus/rhel8/8.2/s390x/highavailability/os',\n 'content/eus/rhel8/8.2/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/sap/debug',\n 'content/eus/rhel8/8.2/s390x/sap/os',\n 'content/eus/rhel8/8.2/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/supplementary/debug',\n 'content/eus/rhel8/8.2/s390x/supplementary/os',\n 'content/eus/rhel8/8.2/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-193.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-193.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-193.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-193.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-193.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-193.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-193.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-193.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-193.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-193.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-193.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-193.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-193.el8', 'sp':'2', 'release':'8', 'rpm_spec_vers

Security Bulletin: IBM Security Guardium is affected by kernel vulnerabilities

Description

Affected Software

Related