This kernel-linus update is based on the upstream 4.14.100 and fixes at least the following security issues: Cross-hyperthread Spectre v2 mitigation is now provided by the Single Thread Indirect Branch Predictors (STIBP) support. Note that STIBP also requires the functionality be supported by the Intel microcode in use. It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service (CVE-2018-1128). A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol (CVE-2018-1129). A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (CVE-2018-14625). A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (CVE-2018-16862). A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc' descriptor address, which is later used in pi_test_and_clear_on(). A guest user/process could use this flaw to crash the host kernel resulting in DoS or potentially gain privileged access to a system (CVE-2018-16882). A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (CVE-2018-16884). The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes) (CVE-2018-18397). In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) (CVE-2018-19824). A flaw was found in the Linux kernel in the function hso_probe() which reads if_num value from the USB device (as an u8) and uses it without a length check to index an array, resulting in an OOB memory read in hso_probe() or hso_get_config_data(). An attacker with a forged USB device and physical access to a system (needed to connect such a device) can cause a system crash and a denial of service (CVE-2018-19985). An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames. This is related to cgw_csum_xor_rel. An unprivileged user can trigger a system crash (general protection fault) (CVE-2019-3701). A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up and a denial of service (CVE-2019-3819). In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free (CVE-2019-6974). A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor emulates a preemption timer for L2 guests when nested (=1) virtualization is enabled. This high resolution timer(hrtimer) runs when a L2 guest is active. After VM exit, the sync_vmcs12() timer object is stopped. The use-after-free occurs if the timer object is freed before calling sync_vmcs12() routine. A guest user/process could use this flaw to crash the host kernel resulting in a denial of service or, potentially, gain privileged access to a system (CVE-2019-7221). An information leakage issue was found in the way Linux kernel's KVM hypervisor handled page fault exceptions while emulating instructions like VMXON, VMCLEAR, VMPTRLD, and VMWRITE with memory address as an operand. It occurs if the operand is a mmio address, as the returned exception object holds uninitialized stack memory contents. A guest user/process could use this flaw to leak host's stack memory contents to a guest (CVE-2019-7222). For other uptstream fixes in this update, see the referenced changelogs.
{"id": "MGASA-2019-0098", "vendorId": null, "type": "mageia", "bulletinFamily": "unix", "title": "Updated kernel-linus packages fix security vulnerabilities\n", "description": "This kernel-linus update is based on the upstream 4.14.100 and fixes at least the following security issues: Cross-hyperthread Spectre v2 mitigation is now provided by the Single Thread Indirect Branch Predictors (STIBP) support. Note that STIBP also requires the functionality be supported by the Intel microcode in use. It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service (CVE-2018-1128). A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol (CVE-2018-1129). A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (CVE-2018-14625). A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (CVE-2018-16862). A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc' descriptor address, which is later used in pi_test_and_clear_on(). A guest user/process could use this flaw to crash the host kernel resulting in DoS or potentially gain privileged access to a system (CVE-2018-16882). A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (CVE-2018-16884). The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes) (CVE-2018-18397). In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) (CVE-2018-19824). A flaw was found in the Linux kernel in the function hso_probe() which reads if_num value from the USB device (as an u8) and uses it without a length check to index an array, resulting in an OOB memory read in hso_probe() or hso_get_config_data(). An attacker with a forged USB device and physical access to a system (needed to connect such a device) can cause a system crash and a denial of service (CVE-2018-19985). An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames. This is related to cgw_csum_xor_rel. An unprivileged user can trigger a system crash (general protection fault) (CVE-2019-3701). A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user (\"root\") can cause a system lock up and a denial of service (CVE-2019-3819). In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free (CVE-2019-6974). A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor emulates a preemption timer for L2 guests when nested (=1) virtualization is enabled. This high resolution timer(hrtimer) runs when a L2 guest is active. After VM exit, the sync_vmcs12() timer object is stopped. The use-after-free occurs if the timer object is freed before calling sync_vmcs12() routine. A guest user/process could use this flaw to crash the host kernel resulting in a denial of service or, potentially, gain privileged access to a system (CVE-2019-7221). An information leakage issue was found in the way Linux kernel's KVM hypervisor handled page fault exceptions while emulating instructions like VMXON, VMCLEAR, VMPTRLD, and VMWRITE with memory address as an operand. It occurs if the operand is a mmio address, as the returned exception object holds uninitialized stack memory contents. A guest user/process could use this flaw to leak host's stack memory contents to a guest (CVE-2019-7222). For other uptstream fixes in this update, see the referenced changelogs. \n", "published": "2019-02-20T23:50:36", "modified": "2019-02-20T23:50:36", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 7.2}, "severity": "HIGH", "exploitabilityScore": 3.9, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.0, "impactScore": 6.0}, "href": "https://advisories.mageia.org/MGASA-2019-0098.html", "reporter": "Gentoo Foundation", "references": ["https://bugs.mageia.org/show_bug.cgi?id=24332", "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.79", "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.80", "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.81", "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.82", "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.83", "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.84", "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.85", "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.86", "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.87", "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.88", "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.89", "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.90", "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.91", "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.92", "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.93", "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.94", "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.95", "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.96", "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.97", "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.98", "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.99", "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.100"], "cvelist": ["CVE-2018-1128", "CVE-2018-1129", "CVE-2018-14625", "CVE-2018-16862", "CVE-2018-16882", "CVE-2018-16884", "CVE-2018-18397", "CVE-2018-19824", "CVE-2018-19985", "CVE-2019-3701", "CVE-2019-3819", "CVE-2019-6974", "CVE-2019-7221", "CVE-2019-7222"], "immutableFields": [], "lastseen": "2022-04-18T11:19:34", "viewCount": 1, "enchantments": {"score": {"value": 0.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "altlinux", "idList": ["DA7EB86A979E50AA3788F1F41AC8607F"]}, {"type": "amazon", "idList": ["ALAS-2018-1133", "ALAS-2019-1145", "ALAS-2019-1149", "ALAS-2019-1165", "ALAS2-2018-1133", "ALAS2-2019-1145", "ALAS2-2019-1149", "ALAS2-2019-1165"]}, {"type": "androidsecurity", "idList": ["ANDROID:2019-10-01"]}, {"type": "archlinux", "idList": ["ASA-202011-22"]}, {"type": "centos", "idList": ["CESA-2019:0163", "CESA-2019:0818", "CESA-2019:1873", "CESA-2019:2029", "CESA-2020:1016"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:02669B806A06D41B24DA398CE2D4EEFD", "CFOUNDRY:131A4556633D91C9BF0AE72696FADB89", "CFOUNDRY:3021E4215989A1024954356EA766D914", "CFOUNDRY:40058483A2E2195544934D494FF464F7", "CFOUNDRY:5E03935CC08B0E1D17F73625DC599364", "CFOUNDRY:63AC599C6730C4293761CECD360AA195", "CFOUNDRY:A005A5D22D18F966EBF6C011F833E895", "CFOUNDRY:BD71AB043932448695E8B3D20302D582", "CFOUNDRY:DAEEFC1E9FDBBF02A1D3ACCD6434010C", "CFOUNDRY:DD5D1D9C6111945649F25AEC016BA994"]}, {"type": "cve", "idList": ["CVE-2018-1128", "CVE-2018-1129", "CVE-2018-14625", "CVE-2018-16862", "CVE-2018-16882", "CVE-2018-16884", "CVE-2018-18397", "CVE-2018-19824", "CVE-2018-19985", "CVE-2019-3701", "CVE-2019-3819", "CVE-2019-6974", "CVE-2019-7221", "CVE-2019-7222", "CVE-2020-25660"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1715-1:4A3F9", "DEBIAN:DLA-1731-1:D19BD", "DEBIAN:DLA-1731-2:E6E1E", "DEBIAN:DLA-1771-1:3CE68", "DEBIAN:DSA-4339-1:24369"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-1128", "DEBIANCVE:CVE-2018-1129", "DEBIANCVE:CVE-2018-14625", "DEBIANCVE:CVE-2018-16862", "DEBIANCVE:CVE-2018-16882", "DEBIANCVE:CVE-2018-16884", "DEBIANCVE:CVE-2018-18397", "DEBIANCVE:CVE-2018-19824", "DEBIANCVE:CVE-2018-19985", "DEBIANCVE:CVE-2019-3701", "DEBIANCVE:CVE-2019-3819", "DEBIANCVE:CVE-2019-6974", "DEBIANCVE:CVE-2019-7221", "DEBIANCVE:CVE-2019-7222", "DEBIANCVE:CVE-2020-25660"]}, {"type": "exploitdb", "idList": ["EDB-ID:45983"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:A7D1F1EE22D287BA7C370716B05F2B20"]}, {"type": "f5", "idList": ["F5:K08413011", "F5:K11186236", "F5:K12915342", "F5:K17957133", "F5:K21430012", "F5:K80557033", "F5:K98155950"]}, {"type": "fedora", "idList": ["FEDORA:041196190421", "FEDORA:04868606351B", "FEDORA:122AE604D3F9", "FEDORA:1CAC0608E6F2", "FEDORA:20DCB60779B2", "FEDORA:22D77604972B", "FEDORA:250CB6087A80", "FEDORA:2836F613193B", "FEDORA:296826040AED", "FEDORA:2A1B360BC974", "FEDORA:2CDD76006271", "FEDORA:3266960F0E44", "FEDORA:3C2FF6014B8C", "FEDORA:3C394606D98F", "FEDORA:41B546014626", "FEDORA:434906215647", "FEDORA:4A22960A514A", "FEDORA:4C97F60A514A", "FEDORA:4CEF5610D7CA", "FEDORA:4CF35608BFEA", "FEDORA:4D5AD601FDAC", "FEDORA:4D8AE60BA793", "FEDORA:511986124F82", "FEDORA:511A7608E6E1", "FEDORA:54CE66014B8C", "FEDORA:5956060491DC", "FEDORA:5A4D662AE22C", "FEDORA:5B68260A5858", "FEDORA:690DE6022BA8", "FEDORA:69EFB60B9EEF", "FEDORA:6B66A6047312", "FEDORA:6B6B360567FC", "FEDORA:6E67663233DB", "FEDORA:7960A6049C56", "FEDORA:79EAC605FC25", "FEDORA:7C149604D4D2", "FEDORA:85FBF6076011", "FEDORA:86049613F7DD", "FEDORA:89C9C6051B3A", "FEDORA:8BE0F60BB4E1", "FEDORA:8FD3E60491BA", "FEDORA:93C27603B29E", "FEDORA:9575D60062E1", "FEDORA:95A686085F81", "FEDORA:98E8F6079A11", "FEDORA:9B9346230079", "FEDORA:9BC696049C57", "FEDORA:9E3D9606D195", "FEDORA:AAA6460491BA", "FEDORA:B7617604D9DA", "FEDORA:B87B460876BA", "FEDORA:BBFE360460D0", "FEDORA:BD35260BC96F", "FEDORA:C49D061F375F", "FEDORA:C4D496071279", "FEDORA:C586560BC79C", "FEDORA:C64AE6007F37", "FEDORA:C6AF860C4240", "FEDORA:D091860478FA", "FEDORA:D2B426045A04", "FEDORA:DBB1B659CBE0", "FEDORA:E37FD60924F1", "FEDORA:E88866014636", "FEDORA:E93AE6077DCD", "FEDORA:EDD0160BE19F", "FEDORA:EEC036047C93", "FEDORA:EF6BA6045A0C", "FEDORA:F417F60477C5"]}, {"type": "ibm", "idList": ["2FE97BC0DB8A3B1BCF85FF8F69828770D4396C7CC3ABD37202D8089D2CADF87B", "4BB2759DF5CBB6BF54A7D60BF1046942C755D661255DAAC4EF3C0614D1A3AF9A", "6F75059EBDF719D84C8DC0CA4BAADF9428544BDAFCEEAE62F4225A55CA1E8AF0", "9148A44BD9A1C1A13CCEBD8F0346557CF005830103920CDDC01519240525CB58"]}, {"type": "lenovo", "idList": ["LENOVO:PS500321-NOSID"]}, {"type": "mageia", "idList": ["MGASA-2018-0487", "MGASA-2019-0097", "MGASA-2019-0171"]}, {"type": "nessus", "idList": ["AL2_ALAS-2018-1133.NASL", "AL2_ALAS-2019-1145.NASL", "AL2_ALAS-2019-1149.NASL", "AL2_ALAS-2019-1165.NASL", "ALA_ALAS-2018-1133.NASL", "ALA_ALAS-2019-1145.NASL", "ALA_ALAS-2019-1149.NASL", "ALA_ALAS-2019-1165.NASL", "CENTOS8_RHSA-2019-2703.NASL", "CENTOS8_RHSA-2019-3517.NASL", "CENTOS_RHSA-2019-0163.NASL", "CENTOS_RHSA-2019-0818.NASL", "CENTOS_RHSA-2019-1873.NASL", "CENTOS_RHSA-2019-2029.NASL", "CENTOS_RHSA-2020-1016.NASL", "DEBIAN_DLA-1715.NASL", "DEBIAN_DLA-1731.NASL", "DEBIAN_DLA-1771.NASL", "DEBIAN_DSA-4339.NASL", "EULEROS_SA-2019-1028.NASL", "EULEROS_SA-2019-1076.NASL", "EULEROS_SA-2019-1131.NASL", "EULEROS_SA-2019-1156.NASL", "EULEROS_SA-2019-1234.NASL", "EULEROS_SA-2019-1244.NASL", "EULEROS_SA-2019-1253.NASL", "EULEROS_SA-2019-1255.NASL", "EULEROS_SA-2019-1259.NASL", "EULEROS_SA-2019-1302.NASL", "EULEROS_SA-2019-1303.NASL", "EULEROS_SA-2019-1304.NASL", "EULEROS_SA-2019-1369.NASL", "EULEROS_SA-2019-1370.NASL", "EULEROS_SA-2019-1372.NASL", "EULEROS_SA-2019-1450.NASL", "EULEROS_SA-2019-1482.NASL", "EULEROS_SA-2019-1486.NASL", "EULEROS_SA-2019-1512.NASL", "EULEROS_SA-2019-1514.NASL", "EULEROS_SA-2019-1519.NASL", "EULEROS_SA-2019-1525.NASL", "EULEROS_SA-2019-1526.NASL", "EULEROS_SA-2019-1531.NASL", "EULEROS_SA-2019-1586.NASL", "EULEROS_SA-2019-1587.NASL", "EULEROS_SA-2019-1636.NASL", "EULEROS_SA-2019-1793.NASL", "EULEROS_SA-2019-2201.NASL", "EULEROS_SA-2019-2531.NASL", "EULEROS_SA-2019-2693.NASL", "EULEROS_SA-2020-1186.NASL", "EULEROS_SA-2020-1269.NASL", "EULEROS_SA-2021-1056.NASL", "EULEROS_SA-2021-1079.NASL", "EULEROS_SA-2021-1808.NASL", "EULEROS_SA-2021-2392.NASL", "EULEROS_SA-2022-1735.NASL", "F5_BIGIP_SOL11186236.NASL", "F5_BIGIP_SOL83102920.NASL", "FEDORA_2018-2645EB8DAB.NASL", "FEDORA_2018-327707371E.NASL", "FEDORA_2018-3857A8B41A.NASL", "FEDORA_2018-5904D0794D.NASL", "FEDORA_2018-6E8C330D50.NASL", "FEDORA_2018-8738F5F4A7.NASL", "FEDORA_2018-87BA0312C2.NASL", "FEDORA_2018-A0914AF224.NASL", "FEDORA_2019-164946AA7F.NASL", "FEDORA_2019-20A89CA9AF.NASL", "FEDORA_2019-337484D88B.NASL", "FEDORA_2019-3DA64F3E61.NASL", "FEDORA_2019-B0F7A7B74B.NASL", "NEWSTART_CGSL_NS-SA-2019-0070_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0074_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0076_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0077_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0085_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0086_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0180_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0183_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0247_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0253_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2021-0098_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0026_KERNEL.NASL", "OPENSUSE-2018-1016.NASL", "OPENSUSE-2018-1140.NASL", "OPENSUSE-2018-854.NASL", "OPENSUSE-2019-1193.NASL", "OPENSUSE-2019-1284.NASL", "OPENSUSE-2019-140.NASL", "OPENSUSE-2019-203.NASL", "OPENSUSE-2019-274.NASL", "OPENSUSE-2019-65.NASL", "OPENSUSE-2019-769.NASL", "OPENSUSE-2020-543.NASL", "ORACLELINUX_ELSA-2019-0163.NASL", "ORACLELINUX_ELSA-2019-0818.NASL", "ORACLELINUX_ELSA-2019-1873.NASL", "ORACLELINUX_ELSA-2019-2703.NASL", "ORACLELINUX_ELSA-2019-4509.NASL", "ORACLELINUX_ELSA-2019-4510.NASL", "ORACLELINUX_ELSA-2019-4528.NASL", "ORACLELINUX_ELSA-2019-4541.NASL", "ORACLELINUX_ELSA-2019-4570.NASL", "ORACLELINUX_ELSA-2019-4575.NASL", "ORACLELINUX_ELSA-2019-4596.NASL", "ORACLELINUX_ELSA-2019-4600.NASL", "ORACLELINUX_ELSA-2019-4612.NASL", "ORACLELINUX_ELSA-2019-4642.NASL", "ORACLELINUX_ELSA-2019-4643.NASL", "ORACLELINUX_ELSA-2019-4644.NASL", "ORACLELINUX_ELSA-2019-4646.NASL", "ORACLELINUX_ELSA-2019-4670.NASL", "ORACLELINUX_ELSA-2020-5841.NASL", "ORACLELINUX_ELSA-2020-5845.NASL", "ORACLELINUX_ELSA-2020-5866.NASL", "ORACLEVM_OVMSA-2019-0002.NASL", "ORACLEVM_OVMSA-2019-0009.NASL", "ORACLEVM_OVMSA-2019-0014.NASL", "ORACLEVM_OVMSA-2019-0022.NASL", "ORACLEVM_OVMSA-2019-0024.NASL", "ORACLEVM_OVMSA-2020-0044.NASL", "PHOTONOS_PHSA-2019-1_0-0205_LINUX.NASL", "PHOTONOS_PHSA-2019-1_0-0211_LINUX.NASL", "PHOTONOS_PHSA-2019-2_0-0138_LINUX.NASL", "REDHAT-RHSA-2018-2177.NASL", "REDHAT-RHSA-2018-2261.NASL", "REDHAT-RHSA-2019-0163.NASL", "REDHAT-RHSA-2019-0202.NASL", "REDHAT-RHSA-2019-0324.NASL", "REDHAT-RHSA-2019-0818.NASL", "REDHAT-RHSA-2019-0831.NASL", "REDHAT-RHSA-2019-0833.NASL", "REDHAT-RHSA-2019-1873.NASL", "REDHAT-RHSA-2019-1891.NASL", "REDHAT-RHSA-2019-2029.NASL", "REDHAT-RHSA-2019-2043.NASL", "REDHAT-RHSA-2019-2696.NASL", "REDHAT-RHSA-2019-2703.NASL", "REDHAT-RHSA-2019-2730.NASL", "REDHAT-RHSA-2019-2741.NASL", "REDHAT-RHSA-2019-2809.NASL", "REDHAT-RHSA-2019-3309.NASL", "REDHAT-RHSA-2019-3517.NASL", "REDHAT-RHSA-2019-3967.NASL", "REDHAT-RHSA-2019-4058.NASL", "REDHAT-RHSA-2019-4154.NASL", "REDHAT-RHSA-2020-0103.NASL", "REDHAT-RHSA-2020-0204.NASL", "REDHAT-RHSA-2020-1016.NASL", "REDHAT-RHSA-2020-1070.NASL", "REDHAT-RHSA-2020-2854.NASL", "SLACKWARE_SSA_2019-030-01.NASL", "SLACKWARE_SSA_2019-169-01.NASL", "SL_20190129_KERNEL_ON_SL7_X.NASL", "SL_20190423_KERNEL_ON_SL7_X.NASL", "SL_20190729_KERNEL_ON_SL7_X.NASL", "SL_20190806_KERNEL_ON_SL7_X.NASL", "SL_20200407_KERNEL_ON_SL7_X.NASL", "SUSE_SU-2018-2193-1.NASL", "SUSE_SU-2018-2478-1.NASL", "SUSE_SU-2018-2776-1.NASL", "SUSE_SU-2018-2858-1.NASL", "SUSE_SU-2018-2980-1.NASL", "SUSE_SU-2018-4069-1.NASL", "SUSE_SU-2019-0148-1.NASL", "SUSE_SU-2019-0196-1.NASL", "SUSE_SU-2019-0222-1.NASL", "SUSE_SU-2019-0224-1.NASL", "SUSE_SU-2019-0326-1.NASL", "SUSE_SU-2019-0356-1.NASL", "SUSE_SU-2019-0439-1.NASL", "SUSE_SU-2019-0541-1.NASL", "SUSE_SU-2019-0586-1.NASL", "SUSE_SU-2019-0645-1.NASL", "SUSE_SU-2019-0672-1.NASL", "SUSE_SU-2019-0683-1.NASL", "SUSE_SU-2019-0709-1.NASL", "SUSE_SU-2019-0722-1.NASL", "SUSE_SU-2019-0765-1.NASL", "SUSE_SU-2019-0767-1.NASL", "SUSE_SU-2019-0784-1.NASL", "SUSE_SU-2019-0828-1.NASL", "SUSE_SU-2019-0901-1.NASL", "SUSE_SU-2019-1287-1.NASL", "SUSE_SU-2019-1289-1.NASL", "SUSE_SU-2019-13937-1.NASL", "SUSE_SU-2019-13979-1.NASL", "SUSE_SU-2019-2263-1.NASL", "SUSE_SU-2019-2299-1.NASL", "SUSE_SU-2020-1118-1.NASL", "SUSE_SU-2020-1119-1.NASL", "SUSE_SU-2020-1123-1.NASL", "SUSE_SU-2020-1141-1.NASL", "SUSE_SU-2020-1142-1.NASL", "SUSE_SU-2020-1146-1.NASL", "SUSE_SU-2020-1255-1.NASL", "SUSE_SU-2020-1275-1.NASL", "SUSE_SU-2020-1663-1.NASL", "SUSE_SU-2021-3929-1.NASL", "SUSE_SU-2021-3935-1.NASL", "UBUNTU_USN-3871-1.NASL", "UBUNTU_USN-3871-2.NASL", "UBUNTU_USN-3871-3.NASL", "UBUNTU_USN-3871-4.NASL", "UBUNTU_USN-3871-5.NASL", "UBUNTU_USN-3872-1.NASL", "UBUNTU_USN-3878-1.NASL", "UBUNTU_USN-3878-2.NASL", "UBUNTU_USN-3879-1.NASL", "UBUNTU_USN-3879-2.NASL", "UBUNTU_USN-3901-1.NASL", "UBUNTU_USN-3901-2.NASL", "UBUNTU_USN-3903-1.NASL", "UBUNTU_USN-3903-2.NASL", "UBUNTU_USN-3910-1.NASL", "UBUNTU_USN-3910-2.NASL", "UBUNTU_USN-3930-1.NASL", "UBUNTU_USN-3930-2.NASL", "UBUNTU_USN-3931-1.NASL", "UBUNTU_USN-3931-2.NASL", "UBUNTU_USN-3932-1.NASL", "UBUNTU_USN-3932-2.NASL", "UBUNTU_USN-3933-1.NASL", "UBUNTU_USN-3980-1.NASL", "UBUNTU_USN-3980-2.NASL", "UBUNTU_USN-3981-1.NASL", "UBUNTU_USN-3981-2.NASL", "UBUNTU_USN-4094-1.NASL", "UBUNTU_USN-4115-1.NASL", "UBUNTU_USN-4115-2.NASL", "UBUNTU_USN-4118-1.NASL", "UBUNTU_USN-4706-1.NASL", "VIRTUOZZO_VZA-2018-089.NASL", "VIRTUOZZO_VZA-2019-006.NASL", "VIRTUOZZO_VZA-2019-042.NASL", "VIRTUOZZO_VZA-2019-045.NASL", "VIRTUOZZO_VZA-2019-046.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704339", "OPENVAS:1361412562310843884", "OPENVAS:1361412562310843885", "OPENVAS:1361412562310843891", "OPENVAS:1361412562310843892", "OPENVAS:1361412562310843893", "OPENVAS:1361412562310843894", "OPENVAS:1361412562310843895", "OPENVAS:1361412562310843897", "OPENVAS:1361412562310843903", "OPENVAS:1361412562310843904", "OPENVAS:1361412562310843923", "OPENVAS:1361412562310843924", "OPENVAS:1361412562310843926", "OPENVAS:1361412562310843927", "OPENVAS:1361412562310843934", "OPENVAS:1361412562310843935", "OPENVAS:1361412562310843951", "OPENVAS:1361412562310843952", "OPENVAS:1361412562310843953", "OPENVAS:1361412562310843954", "OPENVAS:1361412562310843957", "OPENVAS:1361412562310843959", "OPENVAS:1361412562310843960", "OPENVAS:1361412562310844006", "OPENVAS:1361412562310844009", "OPENVAS:1361412562310844010", "OPENVAS:1361412562310844012", "OPENVAS:1361412562310844133", "OPENVAS:1361412562310844156", "OPENVAS:1361412562310844159", "OPENVAS:1361412562310844174", "OPENVAS:1361412562310851846", "OPENVAS:1361412562310851895", "OPENVAS:1361412562310852091", "OPENVAS:1361412562310852240", "OPENVAS:1361412562310852274", "OPENVAS:1361412562310852305", "OPENVAS:1361412562310852327", "OPENVAS:1361412562310852420", "OPENVAS:1361412562310852458", "OPENVAS:1361412562310853121", "OPENVAS:1361412562310874826", "OPENVAS:1361412562310874898", "OPENVAS:1361412562310875325", "OPENVAS:1361412562310875326", "OPENVAS:1361412562310875330", "OPENVAS:1361412562310875348", "OPENVAS:1361412562310875349", "OPENVAS:1361412562310875356", "OPENVAS:1361412562310875368", "OPENVAS:1361412562310875369", "OPENVAS:1361412562310875371", "OPENVAS:1361412562310875404", "OPENVAS:1361412562310875406", "OPENVAS:1361412562310875407", "OPENVAS:1361412562310875414", "OPENVAS:1361412562310875421", "OPENVAS:1361412562310875423", "OPENVAS:1361412562310875426", "OPENVAS:1361412562310875438", "OPENVAS:1361412562310875443", "OPENVAS:1361412562310875458", "OPENVAS:1361412562310875459", "OPENVAS:1361412562310875460", "OPENVAS:1361412562310875476", "OPENVAS:1361412562310875506", "OPENVAS:1361412562310875559", "OPENVAS:1361412562310875566", "OPENVAS:1361412562310875577", "OPENVAS:1361412562310875628", "OPENVAS:1361412562310875629", "OPENVAS:1361412562310875681", "OPENVAS:1361412562310875786", "OPENVAS:1361412562310875801", "OPENVAS:1361412562310875834", "OPENVAS:1361412562310875870", "OPENVAS:1361412562310875910", "OPENVAS:1361412562310875913", "OPENVAS:1361412562310875923", "OPENVAS:1361412562310875946", "OPENVAS:1361412562310875952", "OPENVAS:1361412562310876049", "OPENVAS:1361412562310876095", "OPENVAS:1361412562310876105", "OPENVAS:1361412562310876135", "OPENVAS:1361412562310876177", "OPENVAS:1361412562310876281", "OPENVAS:1361412562310876290", "OPENVAS:1361412562310876300", "OPENVAS:1361412562310876322", "OPENVAS:1361412562310876361", "OPENVAS:1361412562310876377", "OPENVAS:1361412562310876423", "OPENVAS:1361412562310876445", "OPENVAS:1361412562310876479", "OPENVAS:1361412562310876510", "OPENVAS:1361412562310876555", "OPENVAS:1361412562310876586", "OPENVAS:1361412562310876621", "OPENVAS:1361412562310876666", "OPENVAS:1361412562310876750", "OPENVAS:1361412562310876869", "OPENVAS:1361412562310876943", "OPENVAS:1361412562310876995", "OPENVAS:1361412562310882997", "OPENVAS:1361412562310883045", "OPENVAS:1361412562310883095", "OPENVAS:1361412562310891715", "OPENVAS:1361412562310891731", "OPENVAS:1361412562310891771", "OPENVAS:1361412562311220191028", "OPENVAS:1361412562311220191076", "OPENVAS:1361412562311220191131", "OPENVAS:1361412562311220191156", "OPENVAS:1361412562311220191234", "OPENVAS:1361412562311220191244", "OPENVAS:1361412562311220191253", "OPENVAS:1361412562311220191255", "OPENVAS:1361412562311220191259", "OPENVAS:1361412562311220191302", "OPENVAS:1361412562311220191303", "OPENVAS:1361412562311220191304", "OPENVAS:1361412562311220191369", "OPENVAS:1361412562311220191370", "OPENVAS:1361412562311220191372", "OPENVAS:1361412562311220191450", "OPENVAS:1361412562311220191482", "OPENVAS:1361412562311220191486", "OPENVAS:1361412562311220191512", "OPENVAS:1361412562311220191514", "OPENVAS:1361412562311220191519", "OPENVAS:1361412562311220191525", "OPENVAS:1361412562311220191526", "OPENVAS:1361412562311220191531", "OPENVAS:1361412562311220191586", "OPENVAS:1361412562311220191587", "OPENVAS:1361412562311220191636", "OPENVAS:1361412562311220191793", "OPENVAS:1361412562311220192201", "OPENVAS:1361412562311220192531", "OPENVAS:1361412562311220192693", "OPENVAS:1361412562311220201186", "OPENVAS:1361412562311220201269"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2021"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-0163", "ELSA-2019-0818", "ELSA-2019-1873", "ELSA-2019-2029", "ELSA-2019-2703", "ELSA-2019-3517", "ELSA-2019-4509", "ELSA-2019-4510", "ELSA-2019-4528", "ELSA-2019-4541", "ELSA-2019-4570", "ELSA-2019-4575", "ELSA-2019-4596", "ELSA-2019-4600", "ELSA-2019-4612", "ELSA-2019-4642", "ELSA-2019-4643", "ELSA-2019-4644", "ELSA-2019-4646", "ELSA-2019-4670", "ELSA-2020-1016", "ELSA-2020-5841", "ELSA-2020-5845", "ELSA-2020-5866"]}, {"type": "osv", "idList": ["OSV:DLA-1715-1", "OSV:DLA-1731-1", "OSV:DLA-1771-1", "OSV:DSA-4339-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:150748"]}, {"type": "photon", "idList": ["PHSA-2019-0007", "PHSA-2019-0128", "PHSA-2019-0138", "PHSA-2019-0142", "PHSA-2019-0159", "PHSA-2019-0206", "PHSA-2019-0211", "PHSA-2019-0212", "PHSA-2019-0221", "PHSA-2019-0224", "PHSA-2019-1.0-0205", "PHSA-2019-1.0-0206", "PHSA-2019-1.0-0211", "PHSA-2019-1.0-0212", "PHSA-2019-1.0-0221", "PHSA-2019-1.0-0224", "PHSA-2019-2.0-0128", "PHSA-2019-2.0-0138", "PHSA-2019-2.0-0142", "PHSA-2019-2.0-0159"]}, {"type": "redhat", "idList": ["RHSA-2018:2177", "RHSA-2018:2179", "RHSA-2018:2261", "RHSA-2018:2274", "RHSA-2019:0163", "RHSA-2019:0202", "RHSA-2019:0324", "RHSA-2019:0818", "RHSA-2019:0831", "RHSA-2019:0833", "RHSA-2019:1873", "RHSA-2019:1891", "RHSA-2019:2029", "RHSA-2019:2043", "RHSA-2019:2696", "RHSA-2019:2703", "RHSA-2019:2730", "RHSA-2019:2741", "RHSA-2019:2809", "RHSA-2019:3309", "RHSA-2019:3517", "RHSA-2019:3967", "RHSA-2019:4058", "RHSA-2019:4154", "RHSA-2020:0103", "RHSA-2020:0204", "RHSA-2020:1016", "RHSA-2020:1070", "RHSA-2020:2854"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-1128", "RH:CVE-2018-1129", "RH:CVE-2018-14625", "RH:CVE-2018-16862", "RH:CVE-2018-16882", "RH:CVE-2018-16884", "RH:CVE-2018-18397", "RH:CVE-2018-19824", "RH:CVE-2018-19985", "RH:CVE-2019-3701", "RH:CVE-2019-3819", "RH:CVE-2019-6974", "RH:CVE-2019-7221", "RH:CVE-2019-7222", "RH:CVE-2020-25660"]}, {"type": "slackware", "idList": ["SSA-2019-030-01", "SSA-2019-169-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:2283-1", "OPENSUSE-SU-2018:2738-1", "OPENSUSE-SU-2018:3071-1", "OPENSUSE-SU-2019:0065-1", "OPENSUSE-SU-2019:0140-1", "OPENSUSE-SU-2019:0203-1", "OPENSUSE-SU-2019:0274-1", "OPENSUSE-SU-2019:1193-1", "OPENSUSE-SU-2019:1284-1", "OPENSUSE-SU-2020:0543-1"]}, {"type": "ubuntu", "idList": ["USN-3871-1", "USN-3871-2", "USN-3871-3", "USN-3871-4", "USN-3871-5", "USN-3872-1", "USN-3878-1", "USN-3878-2", "USN-3878-3", "USN-3879-1", "USN-3879-2", "USN-3901-1", "USN-3901-2", "USN-3903-1", "USN-3903-2", "USN-3910-1", "USN-3910-2", "USN-3930-1", "USN-3930-2", "USN-3931-1", "USN-3931-2", "USN-3932-1", "USN-3932-2", "USN-3933-1", "USN-3933-2", "USN-3980-1", "USN-3980-2", "USN-3981-1", "USN-3981-2", "USN-4094-1", "USN-4115-1", "USN-4115-2", "USN-4118-1", "USN-4706-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-1128", "UB:CVE-2018-1129", "UB:CVE-2018-14625", "UB:CVE-2018-16862", "UB:CVE-2018-16882", "UB:CVE-2018-16884", "UB:CVE-2018-18397", "UB:CVE-2018-19824", "UB:CVE-2018-19985", "UB:CVE-2019-3701", "UB:CVE-2019-3819", "UB:CVE-2019-6974", "UB:CVE-2019-7221", "UB:CVE-2019-7222", "UB:CVE-2020-25660"]}, {"type": "veracode", "idList": ["VERACODE:20976", "VERACODE:21041", "VERACODE:21074", "VERACODE:21817", "VERACODE:29326"]}, {"type": "virtuozzo", "idList": ["VZA-2018-089", "VZA-2019-006", "VZA-2019-042", "VZA-2019-045", "VZA-2019-046"]}, {"type": "zdt", "idList": ["1337DAY-ID-31779", "1337DAY-ID-32199"]}]}, "vulnersScore": 0.0}, "_state": {"dependencies": 1659998956, "score": 1659973262}, "_internal": {"score_hash": "15f13d27842d14b470bf821941939669"}, "affectedPackage": [{"OS": "Mageia", "OSVersion": "6", "arch": "noarch", "packageVersion": "4.14.100-1", "operator": "lt", "packageFilename": "kernel-linus-4.14.100-1.mga6", "packageName": "kernel-linus"}]}
{"mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "This kernel update is based on the upstream 4.14.100 and fixes at least the following security issues: A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc' descriptor address, which is later used in pi_test_and_clear_on(). A guest user/process could use this flaw to crash the host kernel resulting in DoS or potentially gain privileged access to a system (CVE-2018-16882). A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (CVE-2018-16884). A flaw was found in the Linux kernel in the function hso_probe() which reads if_num value from the USB device (as an u8) and uses it without a length check to index an array, resulting in an OOB memory read in hso_probe() or hso_get_config_data(). An attacker with a forged USB device and physical access to a system (needed to connect such a device) can cause a system crash and a denial of service (CVE-2018-19985). An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames. This is related to cgw_csum_xor_rel. An unprivileged user can trigger a system crash (general protection fault) (CVE-2019-3701). A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user (\"root\") can cause a system lock up and a denial of service (CVE-2019-3819). In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free (CVE-2019-6974). A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor emulates a preemption timer for L2 guests when nested (=1) virtualization is enabled. This high resolution timer(hrtimer) runs when a L2 guest is active. After VM exit, the sync_vmcs12() timer object is stopped. The use-after-free occurs if the timer object is freed before calling sync_vmcs12() routine. A guest user/process could use this flaw to crash the host kernel resulting in a denial of service or, potentially, gain privileged access to a system (CVE-2019-7221). An information leakage issue was found in the way Linux kernel's KVM hypervisor handled page fault exceptions while emulating instructions like VMXON, VMCLEAR, VMPTRLD, and VMWRITE with memory address as an operand. It occurs if the operand is a mmio address, as the returned exception object holds uninitialized stack memory contents. A guest user/process could use this flaw to leak host's stack memory contents to a guest (CVE-2019-7222). Other fixes in this update: * Ndiswrapper has been updated to 1.62 * WireGuard has been updated to 0.0.20190123 For other uptstream fixes in this update, see the referenced changelogs. \n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-02-20T23:50:36", "type": "mageia", "title": "Updated kernel packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16882", "CVE-2018-16884", "CVE-2018-19985", "CVE-2019-3701", "CVE-2019-3819", "CVE-2019-6974", "CVE-2019-7221", "CVE-2019-7222"], "modified": "2019-02-20T23:50:36", "id": "MGASA-2019-0097", "href": "https://advisories.mageia.org/MGASA-2019-0097.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-18T11:19:34", "description": "This kernel update is based on the upstream 4.14.89 and fixes at least the following security issues: Cross-hyperthread Spectre v2 mitigation is now provided by the Single Thread Indirect Branch Predictors (STIBP) support. Note that STIBP also requires the functionality be supported by the Intel microcode in use. It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service (CVE-2018-1128). A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol (CVE-2018-1129). A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (CVE-2018-14625). A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (CVE-2018-16862). The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes) (CVE-2018-18397). In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) (CVE-2018-19824). For other uptstream fixes in this update, see the referenced changelogs. \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-12-21T21:28:39", "type": "mageia", "title": "Updated kernel packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.4, "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1128", "CVE-2018-1129", "CVE-2018-14625", "CVE-2018-16862", "CVE-2018-18397", "CVE-2018-19824"], "modified": "2018-12-21T21:28:39", "id": "MGASA-2018-0487", "href": "https://advisories.mageia.org/MGASA-2018-0487.html", "cvss": {"score": 5.4, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T11:19:34", "description": "This kernel update provides the upstream 4.14.119 that adds the kernel side mitigations for the Microarchitectural Data Sampling (MDS, also called ZombieLoad attack) vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. To complete the mitigations new microcode is also needed, either by installing the microcode-0.20190514-1.mga6 package, or get an updated bios / uefi firmware from the motherboard vendor. The fixed / mitigated issues are: Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126) Microprocessors use a \u2018load port\u2019 subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU\u2019s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127) A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130) Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091) It also fixes at least the following security issues: Cross-hyperthread Spectre v2 mitigation is now provided by the Single Thread Indirect Branch Predictors (STIBP) support. Note that STIBP also requires the functionality be supported by the Intel microcode in use. It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service (CVE-2018-1128). A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol (CVE-2018-1129). A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (CVE-2018-14625). A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (CVE-2018-16862). A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc' descriptor address, which is later used in pi_test_and_clear_on(). A guest user/process could use this flaw to crash the host kernel resulting in DoS or potentially gain privileged access to a system (CVE-2018-16882). A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (CVE-2018-16884). The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes) (CVE-2018-18397). In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) (CVE-2018-19824). A flaw was found in the Linux kernel in the function hso_probe() which reads if_num value from the USB device (as an u8) and uses it without a length check to index an array, resulting in an OOB memory read in hso_probe() or hso_get_config_data(). An attacker with a forged USB device and physical access to a system (needed to connect such a device) can cause a system crash and a denial of service (CVE-2018-19985). Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM (CVE-2018-1000026) An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames. This is related to cgw_csum_xor_rel. An unprivileged user can trigger a system crash (general protection fault) (CVE-2019-3701). A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user (\"root\") can cause a system lock up and a denial of service (CVE-2019-3819). A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS) (CVE-2019-3882). In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free (CVE-2019-6974). A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor emulates a preemption timer for L2 guests when nested (=1) virtualization is enabled. This high resolution timer(hrtimer) runs when a L2 guest is active. After VM exit, the sync_vmcs12() timer object is stopped. The use-after-free occurs if the timer object is freed before calling sync_vmcs12() routine. A guest user/process could use this flaw to crash the host kernel resulting in a denial of service or, potentially, gain privileged access to a system (CVE-2019-7221). An information leakage issue was found in the way Linux kernel's KVM hypervisor handled page fault exceptions while emulating instructions like VMXON, VMCLEAR, VMPTRLD, and VMWRITE with memory address as an operand. It occurs if the operand is a mmio address, as the returned exception object holds uninitialized stack memory contents. A guest user/process could use this flaw to leak host's stack memory contents to a guest (CVE-2019-7222). kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks (CVE-2019-7308). In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (CVE-2019-9213). The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions (CVE-2019-11486). The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls (CVE-2019-11599). It also fixes signal handling issues causing powertop to crash and some tracing tools to fail on execve tests. Ndiswrapper has been updated to 1.62 WireGuard has been updated to 0.0.20190406. For other uptstream fixes in this update, see the referenced changelogs. \n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-05-16T08:25:22", "type": "mageia", "title": "Updated kernel-tmb packages fixes security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000026", "CVE-2018-1128", "CVE-2018-1129", "CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2018-14625", "CVE-2018-16862", "CVE-2018-16882", "CVE-2018-16884", "CVE-2018-18397", "CVE-2018-19824", "CVE-2018-19985", "CVE-2019-11091", "CVE-2019-11486", "CVE-2019-11599", "CVE-2019-3701", "CVE-2019-3819", "CVE-2019-3882", "CVE-2019-6974", "CVE-2019-7221", "CVE-2019-7222", "CVE-2019-7308", "CVE-2019-9213"], "modified": "2019-05-16T08:25:22", "id": "MGASA-2019-0171", "href": "https://advisories.mageia.org/MGASA-2019-0171.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "osv": [{"lastseen": "2022-07-21T08:18:40", "description": "\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\n\n* [CVE-2018-14625](https://security-tracker.debian.org/tracker/CVE-2018-14625)\nA use-after-free bug was found in the vhost driver for the Virtual\n Socket protocol. If this driver is used to communicate with a\n malicious virtual machine guest, the guest could read sensitive\n information from the host kernel.\n* [CVE-2018-16884](https://security-tracker.debian.org/tracker/CVE-2018-16884)\nA flaw was found in the NFS 4.1 client implementation. Mounting\n NFS shares in multiple network namespaces at the same time could\n lead to a user-after-free. Local users might be able to use this\n for denial of service (memory corruption or crash) or possibly\n for privilege escalation.\n\n\nThis can be mitigated by disabling unprivileged users from\n creating user namespaces, which is the default in Debian.\n* [CVE-2018-19824](https://security-tracker.debian.org/tracker/CVE-2018-19824)\nHui Peng and Mathias Payer discovered a use-after-free bug in the\n USB audio driver. A physically present attacker able to attach a\n specially designed USB device could use this for privilege\n escalation.\n* [CVE-2018-19985](https://security-tracker.debian.org/tracker/CVE-2018-19985)\nHui Peng and Mathias Payer discovered a missing bounds check in the\n hso USB serial driver. A physically present user able to attach a\n specially designed USB device could use this to read sensitive\n information from the kernel or to cause a denial of service\n (crash).\n* [CVE-2018-20169](https://security-tracker.debian.org/tracker/CVE-2018-20169)\nHui Peng and Mathias Payer discovered missing bounds checks in the\n USB core. A physically present attacker able to attach a specially\n designed USB device could use this to cause a denial of service\n (crash) or possibly for privilege escalation.\n* [CVE-2018-1000026](https://security-tracker.debian.org/tracker/CVE-2018-1000026)\nIt was discovered that Linux could forward aggregated network\n packets with a segmentation size too large for the output device.\n In the specific case of Broadcom NetXtremeII 10Gb adapters, this\n would result in a denial of service (firmware crash). This update\n adds a mitigation to the bnx2x driver for this hardware.\n* [CVE-2019-3459](https://security-tracker.debian.org/tracker/CVE-2019-3459), [CVE-2019-3460](https://security-tracker.debian.org/tracker/CVE-2019-3460)\nShlomi Oberman, Yuli Shapiro and Karamba Security Ltd. research\n team discovered missing range checks in the Bluetooth L2CAP\n implementation. If Bluetooth is enabled, a nearby attacker\n could use these to read sensitive information from the kernel.\n* [CVE-2019-3701](https://security-tracker.debian.org/tracker/CVE-2019-3701)\nMuyu Yu and Marcus Meissner reported that the CAN gateway\n implementation allowed the frame length to be modified, typically\n resulting in out-of-bounds memory-mapped I/O writes. On a system\n with CAN devices present, a local user with CAP\\_NET\\_ADMIN\n capability in the initial net namespace could use this to cause a\n crash (oops) or other hardware-dependent impact.\n* [CVE-2019-3819](https://security-tracker.debian.org/tracker/CVE-2019-3819)\nA potential infinite loop was discovered in the HID debugfs\n interface exposed under /sys/kernel/debug/hid. A user with access\n to these files could use this for denial of service.\n\n\nThis interface is only accessible to root by default, which fully\n mitigates the issue.\n* [CVE-2019-6974](https://security-tracker.debian.org/tracker/CVE-2019-6974)\nJann Horn reported a use-after-free bug in KVM. A local user\n with access to /dev/kvm could use this to cause a denial of\n service (memory corruption or crash) or possibly for privilege\n escalation.\n* [CVE-2019-7221](https://security-tracker.debian.org/tracker/CVE-2019-7221)\nJim Mattson and Felix Wilhelm reported a user-after-free bug in\n KVM's nested VMX implementation. On systems with Intel CPUs, a\n local user with access to /dev/kvm could use this to cause a\n denial of service (memory corruption or crash) or possibly for\n privilege escalation.\n\n\nNested VMX is disabled by default, which fully mitigates the\n issue.\n* [CVE-2019-7222](https://security-tracker.debian.org/tracker/CVE-2019-7222)\nFelix Wilhelm reported an information leak in KVM for x86.\n A local user with access to /dev/kvm could use this to read\n sensitive information from the kernel.\n* [CVE-2019-8980](https://security-tracker.debian.org/tracker/CVE-2019-8980)\nA bug was discovered in the kernel\\_read\\_file() function used to\n load firmware files. In certain error conditions it could leak\n memory, which might lead to a denial of service. This is probbaly\n not exploitable in a Debian system.\n* [CVE-2019-9213](https://security-tracker.debian.org/tracker/CVE-2019-9213)\nJann Horn reported that privileged tasks could cause stack\n segments, including those in other processes, to grow downward to\n address 0. On systems lacking SMAP (x86) or PAN (ARM), this\n exacerbated other vulnerabilities: a null pointer dereference\n could be exploited for privilege escalation rather than only for\n denial of service.\n\n\nFor Debian 8 Jessie, these problems have been fixed in version\n4.9.168-1~deb8u1. This version also includes fixes for Debian\nbugs #904385, #918103, and #922306; and other fixes included in upstream\nstable updates.\n\n\nWe recommend that you upgrade your linux-4.9 and linux-latest-4.9\npackages. You will need to use `apt-get upgrade --with-new-pkgs`\nor `apt upgrade` as the binary package names have changed.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-03T00:00:00", "type": "osv", "title": "linux-4.9 - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000026", "CVE-2018-14625", "CVE-2018-16884", "CVE-2018-19824", "CVE-2018-19985", "CVE-2018-20169", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3701", "CVE-2019-3819", "CVE-2019-6974", "CVE-2019-7221", "CVE-2019-7222", "CVE-2019-8980", "CVE-2019-9213"], "modified": "2022-07-21T05:52:37", "id": "OSV:DLA-1771-1", "href": "https://osv.dev/vulnerability/DLA-1771-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-08-05T05:18:33", "description": "\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\n\n* [CVE-2016-10741](https://security-tracker.debian.org/tracker/CVE-2016-10741)\nA race condition was discovered in XFS that would result in a\n crash (BUG). A local user permitted to write to an XFS volume\n could use this for denial of service.\n* [CVE-2017-5753](https://security-tracker.debian.org/tracker/CVE-2017-5753)\nFurther instances of code that was vulnerable to Spectre variant 1\n (bounds-check bypass) have been mitigated.\n* [CVE-2017-13305](https://security-tracker.debian.org/tracker/CVE-2017-13305)\nA memory over-read was discovered in the keys subsystem's\n encrypted key type. A local user could use this for denial of\n service or possibly to read sensitive information.\n* [CVE-2018-3639](https://security-tracker.debian.org/tracker/CVE-2018-3639) (SSB)\n\n Multiple researchers have discovered that Speculative Store Bypass\n (SSB), a feature implemented in many processors, could be used to\n read sensitive information from another context. In particular,\n code in a software sandbox may be able to read sensitive\n information from outside the sandbox. This issue is also known as\n Spectre variant 4.\n\n\nThis update fixes bugs in the mitigations for SSB for AMD\n processors.\n* [CVE-2018-5848](https://security-tracker.debian.org/tracker/CVE-2018-5848)\nThe wil6210 wifi driver did not properly validate lengths in scan\n and connection requests, leading to a possible buffer overflow.\n On systems using this driver, a local user with the CAP\\_NET\\_ADMIN\n capability could use this for denial of service (memory corruption\n or crash) or potentially for privilege escalation.\n* [CVE-2018-5953](https://security-tracker.debian.org/tracker/CVE-2018-5953)\nThe swiotlb subsystem printed kernel memory addresses to the\n system log, which could help a local attacker to exploit other\n vulnerabilities.\n* [CVE-2018-12896](https://security-tracker.debian.org/tracker/CVE-2018-12896), [CVE-2018-13053](https://security-tracker.debian.org/tracker/CVE-2018-13053)\nTeam OWL337 reported possible integer overflows in the POSIX\n timer implementation. These might have some security impact.\n* [CVE-2018-16862](https://security-tracker.debian.org/tracker/CVE-2018-16862)\nVasily Averin and Pavel Tikhomirov from Virtuozzo Kernel Team\n discovered that the cleancache memory management feature did not\n invalidate cached data for deleted files. On Xen guests using the\n tmem driver, local users could potentially read data from other\n users' deleted files if they were able to create new files on the\n same volume.\n* [CVE-2018-16884](https://security-tracker.debian.org/tracker/CVE-2018-16884)\nA flaw was found in the NFS 4.1 client implementation. Mounting\n NFS shares in multiple network namespaces at the same time could\n lead to a user-after-free. Local users might be able to use this\n for denial of service (memory corruption or crash) or possibly\n for privilege escalation.\n\n\nThis can be mitigated by disabling unprivileged users from\n creating user namespaces, which is the default in Debian.\n* [CVE-2018-17972](https://security-tracker.debian.org/tracker/CVE-2018-17972)\nJann Horn reported that the /proc/\\*/stack files in procfs leaked\n sensitive data from the kernel. These files are now only readable\n by users with the CAP\\_SYS\\_ADMIN capability (usually only root)\n* [CVE-2018-18281](https://security-tracker.debian.org/tracker/CVE-2018-18281)\nJann Horn reported a race condition in the virtual memory manager\n that can result in a process briefly having access to memory after\n it is freed and reallocated. A local user permitted to create\n containers could possibly exploit this for denial of service\n (memory corruption) or for privilege escalation.\n* [CVE-2018-18690](https://security-tracker.debian.org/tracker/CVE-2018-18690)\nKanda Motohiro reported that XFS did not correctly handle some\n xattr (extended attribute) writes that require changing the disk\n format of the xattr. A user with access to an XFS volume could use\n this for denial of service.\n* [CVE-2018-18710](https://security-tracker.debian.org/tracker/CVE-2018-18710)\nIt was discovered that the cdrom driver does not correctly\n validate the parameter to the CDROM\\_SELECT\\_DISC ioctl. A user with\n access to a cdrom device could use this to read sensitive\n information from the kernel or to cause a denial of service\n (crash).\n* [CVE-2018-19824](https://security-tracker.debian.org/tracker/CVE-2018-19824)\nHui Peng and Mathias Payer discovered a use-after-free bug in the\n USB audio driver. A physically present attacker able to attach a\n specially designed USB device could use this for privilege\n escalation.\n* [CVE-2018-19985](https://security-tracker.debian.org/tracker/CVE-2018-19985)\nHui Peng and Mathias Payer discovered a missing bounds check in the\n hso USB serial driver. A physically present user able to attach a\n specially designed USB device could use this to read sensitive\n information from the kernel or to cause a denial of service\n (crash).\n* [CVE-2018-20169](https://security-tracker.debian.org/tracker/CVE-2018-20169)\nHui Peng and Mathias Payer discovered missing bounds checks in the\n USB core. A physically present attacker able to attach a specially\n designed USB device could use this to cause a denial of service\n (crash) or possibly for privilege escalation.\n* [CVE-2018-20511](https://security-tracker.debian.org/tracker/CVE-2018-20511)\nInfoSect reported an information leak in the AppleTalk IP/DDP\n implemntation. A local user with CAP\\_NET\\_ADMIN capability could\n use this to read sensitive information from the kernel.\n* [CVE-2019-3701](https://security-tracker.debian.org/tracker/CVE-2019-3701)\nMuyu Yu and Marcus Meissner reported that the CAN gateway\n implementation allowed the frame length to be modified, typically\n resulting in out-of-bounds memory-mapped I/O writes. On a system\n with CAN devices present, a local user with CAP\\_NET\\_ADMIN\n capability in the initial net namespace could use this to cause a\n crash (oops) or other hardware-dependent impact.\n* [CVE-2019-3819](https://security-tracker.debian.org/tracker/CVE-2019-3819)\nA potential infinite loop was discovered in the HID debugfs\n interface exposed under /sys/kernel/debug/hid. A user with access\n to these files could use this for denial of service.\n\n\nThis interface is only accessible to root by default, which fully\n mitigates the issue.\n* [CVE-2019-6974](https://security-tracker.debian.org/tracker/CVE-2019-6974)\nJann Horn reported a use-after-free bug in KVM. A local user\n with access to /dev/kvm could use this to cause a denial of\n service (memory corruption or crash) or possibly for privilege\n escalation.\n* [CVE-2019-7221](https://security-tracker.debian.org/tracker/CVE-2019-7221)\nJim Mattson and Felix Wilhelm reported a user-after-free bug in\n KVM's nested VMX implementation. On systems with Intel CPUs, a\n local user with access to /dev/kvm could use this to cause a\n denial of service (memory corruption or crash) or possibly for\n privilege escalation.\n\n\nNested VMX is disabled by default, which fully mitigates the\n issue.\n* [CVE-2019-7222](https://security-tracker.debian.org/tracker/CVE-2019-7222)\nFelix Wilhelm reported an information leak in KVM for x86.\n A local user with access to /dev/kvm could use this to read\n sensitive information from the kernel.\n* [CVE-2019-9213](https://security-tracker.debian.org/tracker/CVE-2019-9213)\nJann Horn reported that privileged tasks could cause stack\n segments, including those in other processes, to grow downward to\n address 0. On systems lacking SMAP (x86) or PAN (ARM), this\n exacerbated other vulnerabilities: a null pointer dereference\n could be exploited for privilege escalation rather than only for\n denial of service.\n\n\nFor Debian 8 Jessie, these problems have been fixed in version\n3.16.64-1.\n\n\nWe recommend that you upgrade your linux packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-03-27T00:00:00", "type": "osv", "title": "linux - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10741", "CVE-2017-13305", "CVE-2017-5753", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-16862", "CVE-2018-16884", "CVE-2018-17972", "CVE-2018-18281", "CVE-2018-18690", "CVE-2018-18710", "CVE-2018-19824", "CVE-2018-19985", "CVE-2018-20169", "CVE-2018-20511", "CVE-2018-3639", "CVE-2018-5848", "CVE-2018-5953", "CVE-2019-3701", "CVE-2019-3819", "CVE-2019-6974", "CVE-2019-7221", "CVE-2019-7222", "CVE-2019-9213"], "modified": "2022-08-05T05:18:25", "id": "OSV:DLA-1731-1", "href": "https://osv.dev/vulnerability/DLA-1731-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-10T07:13:34", "description": "\nMultiple vulnerabilities were discovered in Ceph, a distributed storage\nand file system: The cephx authentication protocol was suspectible to\nreplay attacks and calculated signatures incorrectly, ceph mon did not\nvalidate capabilities for pool operations (resulting in potential\ncorruption or deletion of snapshot images) and a format string\nvulnerability in libradosstriper could result in denial of service.\n\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 10.2.11-1.\n\n\nWe recommend that you upgrade your ceph packages.\n\n\nFor the detailed security status of ceph please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/ceph>\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2018-11-13T00:00:00", "type": "osv", "title": "ceph - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7519", "CVE-2018-10861", "CVE-2018-1128", "CVE-2018-1129"], "modified": "2022-08-10T07:13:29", "id": "OSV:DSA-4339-1", "href": "https://osv.dev/vulnerability/DSA-4339-1", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "nessus": [{"lastseen": "2021-08-19T12:27:07", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\nCVE-2018-14625\n\nA use-after-free bug was found in the vhost driver for the Virtual Socket protocol. If this driver is used to communicate with a malicious virtual machine guest, the guest could read sensitive information from the host kernel.\n\nCVE-2018-16884\n\nA flaw was found in the NFS 4.1 client implementation. Mounting NFS shares in multiple network namespaces at the same time could lead to a user-after-free. Local users might be able to use this for denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nThis can be mitigated by disabling unprivileged users from creating user namespaces, which is the default in Debian.\n\nCVE-2018-19824\n\nHui Peng and Mathias Payer discovered a use-after-free bug in the USB audio driver. A physically present attacker able to attach a specially designed USB device could use this for privilege escalation.\n\nCVE-2018-19985\n\nHui Peng and Mathias Payer discovered a missing bounds check in the hso USB serial driver. A physically present user able to attach a specially designed USB device could use this to read sensitive information from the kernel or to cause a denial of service (crash).\n\nCVE-2018-20169\n\nHui Peng and Mathias Payer discovered missing bounds checks in the USB core. A physically present attacker able to attach a specially designed USB device could use this to cause a denial of service (crash) or possibly for privilege escalation.\n\nCVE-2018-1000026\n\nIt was discovered that Linux could forward aggregated network packets with a segmentation size too large for the output device. In the specific case of Broadcom NetXtremeII 10Gb adapters, this would result in a denial of service (firmware crash). This update adds a mitigation to the bnx2x driver for this hardware.\n\nCVE-2019-3459, CVE-2019-3460\n\nShlomi Oberman, Yuli Shapiro and Karamba Security Ltd. research team discovered missing range checks in the Bluetooth L2CAP implementation.\nIf Bluetooth is enabled, a nearby attacker could use these to read sensitive information from the kernel.\n\nCVE-2019-3701\n\nMuyu Yu and Marcus Meissner reported that the CAN gateway implementation allowed the frame length to be modified, typically resulting in out-of-bounds memory-mapped I/O writes. On a system with CAN devices present, a local user with CAP_NET_ADMIN capability in the initial net namespace could use this to cause a crash (oops) or other hardware-dependent impact.\n\nCVE-2019-3819\n\nA potential infinite loop was discovered in the HID debugfs interface exposed under /sys/kernel/debug/hid. A user with access to these files could use this for denial of service.\n\nThis interface is only accessible to root by default, which fully mitigates the issue.\n\nCVE-2019-6974\n\nJann Horn reported a use-after-free bug in KVM. A local user with access to /dev/kvm could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-7221\n\nJim Mattson and Felix Wilhelm reported a user-after-free bug in KVM's nested VMX implementation. On systems with Intel CPUs, a local user with access to /dev/kvm could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nNested VMX is disabled by default, which fully mitigates the issue.\n\nCVE-2019-7222\n\nFelix Wilhelm reported an information leak in KVM for x86. A local user with access to /dev/kvm could use this to read sensitive information from the kernel.\n\nCVE-2019-8980\n\nA bug was discovered in the kernel_read_file() function used to load firmware files. In certain error conditions it could leak memory, which might lead to a denial of service. This is probbaly not exploitable in a Debian system.\n\nCVE-2019-9213\n\nJann Horn reported that privileged tasks could cause stack segments, including those in other processes, to grow downward to address 0. On systems lacking SMAP (x86) or PAN (ARM), this exacerbated other vulnerabilities: a NULL pointer dereference could be exploited for privilege escalation rather than only for denial of service.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 4.9.168-1~deb8u1. This version also includes fixes for Debian bugs #904385, #918103, and #922306; and other fixes included in upstream stable updates.\n\nWe recommend that you upgrade your linux-4.9 and linux-latest-4.9 packages. You will need to use 'apt-get upgrade --with-new-pkgs' or 'apt upgrade' as the binary package names have changed.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.8, "vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-06T00:00:00", "type": "nessus", "title": "Debian DLA-1771-1 : linux-4.9 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000026", "CVE-2018-14625", "CVE-2018-16884", "CVE-2018-19824", "CVE-2018-19985", "CVE-2018-20169", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3701", "CVE-2019-3819", "CVE-2019-6974", "CVE-2019-7221", "CVE-2019-7222", "CVE-2019-8980", "CVE-2019-9213"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-arm", "p-cpe:/a:debian:debian_linux:linux-doc-4.9", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-marvell", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-marvell", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.9", "p-cpe:/a:debian:debian_linux:linux-manual-4.9", "p-cpe:/a:debian:debian_linux:linux-perf-4.9", "p-cpe:/a:debian:debian_linux:linux-source-4.9", "p-cpe:/a:debian:debian_linux:linux-support-4.9.0-0.bpo.7", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1771.NASL", "href": "https://www.tenable.com/plugins/nessus/124595", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1771-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124595);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-1000026\", \"CVE-2018-14625\", \"CVE-2018-16884\", \"CVE-2018-19824\", \"CVE-2018-19985\", \"CVE-2018-20169\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-3701\", \"CVE-2019-3819\", \"CVE-2019-6974\", \"CVE-2019-7221\", \"CVE-2019-7222\", \"CVE-2019-8980\", \"CVE-2019-9213\");\n\n script_name(english:\"Debian DLA-1771-1 : linux-4.9 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2018-14625\n\nA use-after-free bug was found in the vhost driver for the Virtual\nSocket protocol. If this driver is used to communicate with a\nmalicious virtual machine guest, the guest could read sensitive\ninformation from the host kernel.\n\nCVE-2018-16884\n\nA flaw was found in the NFS 4.1 client implementation. Mounting NFS\nshares in multiple network namespaces at the same time could lead to a\nuser-after-free. Local users might be able to use this for denial of\nservice (memory corruption or crash) or possibly for privilege\nescalation.\n\nThis can be mitigated by disabling unprivileged users from\ncreating user namespaces, which is the default in Debian.\n\nCVE-2018-19824\n\nHui Peng and Mathias Payer discovered a use-after-free bug in the USB\naudio driver. A physically present attacker able to attach a specially\ndesigned USB device could use this for privilege escalation.\n\nCVE-2018-19985\n\nHui Peng and Mathias Payer discovered a missing bounds check in the\nhso USB serial driver. A physically present user able to attach a\nspecially designed USB device could use this to read sensitive\ninformation from the kernel or to cause a denial of service (crash).\n\nCVE-2018-20169\n\nHui Peng and Mathias Payer discovered missing bounds checks in the USB\ncore. A physically present attacker able to attach a specially\ndesigned USB device could use this to cause a denial of service\n(crash) or possibly for privilege escalation.\n\nCVE-2018-1000026\n\nIt was discovered that Linux could forward aggregated network packets\nwith a segmentation size too large for the output device. In the\nspecific case of Broadcom NetXtremeII 10Gb adapters, this would result\nin a denial of service (firmware crash). This update adds a mitigation\nto the bnx2x driver for this hardware.\n\nCVE-2019-3459, CVE-2019-3460\n\nShlomi Oberman, Yuli Shapiro and Karamba Security Ltd. research team\ndiscovered missing range checks in the Bluetooth L2CAP implementation.\nIf Bluetooth is enabled, a nearby attacker could use these to read\nsensitive information from the kernel.\n\nCVE-2019-3701\n\nMuyu Yu and Marcus Meissner reported that the CAN gateway\nimplementation allowed the frame length to be modified, typically\nresulting in out-of-bounds memory-mapped I/O writes. On a system with\nCAN devices present, a local user with CAP_NET_ADMIN capability in the\ninitial net namespace could use this to cause a crash (oops) or other\nhardware-dependent impact.\n\nCVE-2019-3819\n\nA potential infinite loop was discovered in the HID debugfs interface\nexposed under /sys/kernel/debug/hid. A user with access to these files\ncould use this for denial of service.\n\nThis interface is only accessible to root by default, which\nfully mitigates the issue.\n\nCVE-2019-6974\n\nJann Horn reported a use-after-free bug in KVM. A local user with\naccess to /dev/kvm could use this to cause a denial of service (memory\ncorruption or crash) or possibly for privilege escalation.\n\nCVE-2019-7221\n\nJim Mattson and Felix Wilhelm reported a user-after-free bug in KVM's\nnested VMX implementation. On systems with Intel CPUs, a local user\nwith access to /dev/kvm could use this to cause a denial of service\n(memory corruption or crash) or possibly for privilege escalation.\n\nNested VMX is disabled by default, which fully mitigates the\nissue.\n\nCVE-2019-7222\n\nFelix Wilhelm reported an information leak in KVM for x86. A local\nuser with access to /dev/kvm could use this to read sensitive\ninformation from the kernel.\n\nCVE-2019-8980\n\nA bug was discovered in the kernel_read_file() function used to load\nfirmware files. In certain error conditions it could leak memory,\nwhich might lead to a denial of service. This is probbaly not\nexploitable in a Debian system.\n\nCVE-2019-9213\n\nJann Horn reported that privileged tasks could cause stack segments,\nincluding those in other processes, to grow downward to address 0. On\nsystems lacking SMAP (x86) or PAN (ARM), this exacerbated other\nvulnerabilities: a NULL pointer dereference could be exploited for\nprivilege escalation rather than only for denial of service.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n4.9.168-1~deb8u1. This version also includes fixes for Debian bugs\n#904385, #918103, and #922306; and other fixes included in upstream\nstable updates.\n\nWe recommend that you upgrade your linux-4.9 and linux-latest-4.9\npackages. You will need to use 'apt-get upgrade --with-new-pkgs' or\n'apt upgrade' as the binary package names have changed.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/linux-4.9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20169\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-manual-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.9.0-0.bpo.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.9-arm\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-doc-4.9\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-686\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-686-pae\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-amd64\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-armel\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-armhf\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-i386\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-amd64\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-armmp\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-armmp-lpae\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-common\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-common-rt\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-marvell\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-rt-686-pae\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-rt-amd64\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-686\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-686-pae\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-686-pae-dbg\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-amd64\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-amd64-dbg\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-armmp\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-armmp-lpae\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-marvell\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-686-pae\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-amd64\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-amd64-dbg\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-kbuild-4.9\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-manual-4.9\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-perf-4.9\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-source-4.9\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-support-4.9.0-0.bpo.7\", reference:\"4.9.168-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-10T15:45:45", "description": "A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor implements its device control API. While creating a device via kvm_ioctl_create_device(), the device holds a reference to a VM object, later this reference is transferred to the caller's file descriptor table. If such file descriptor was to be closed, reference count to the VM object could become zero, potentially leading to a use-after-free issue. A user/process could use this flaw to crash the guest VM resulting in a denial of service issue or, potentially, gain privileged access to a system.(CVE-2019-6974)\n\nAn information leakage issue was found in the way Linux kernel's KVM hypervisor handled page fault exceptions while emulating instructions like VMXON, VMCLEAR, VMPTRLD, and VMWRITE with memory address as an operand. It occurs if the operand is a mmio address, as the returned exception object holds uninitialized stack memory contents. A guest user/process could use this flaw to leak host's stack memory contents to a guest.(CVE-2019-7222)\n\nA use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor emulates a preemption timer for L2 guests when nested (=1) virtualization is enabled. This high resolution timer(hrtimer) runs when a L2 guest is active. After VM exit, the sync_vmcs12() timer object is stopped. The use-after-free occurs if the timer object is freed before calling sync_vmcs12() routine. A guest user/process could use this flaw to crash the host kernel resulting in a denial of service or, potentially, gain privileged access to a system.(CVE-2019-7221)", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-03-08T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALAS-2019-1165)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-6974", "CVE-2019-7221", "CVE-2019-7222"], "modified": "2019-04-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2019-1165.NASL", "href": "https://www.tenable.com/plugins/nessus/122671", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1165.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122671);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/04/02 21:54:16\");\n\n script_cve_id(\"CVE-2019-6974\", \"CVE-2019-7221\", \"CVE-2019-7222\");\n script_xref(name:\"ALAS\", value:\"2019-1165\");\n\n script_name(english:\"Amazon Linux 2 : kernel (ALAS-2019-1165)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A use-after-free vulnerability was found in the way the Linux kernel's\nKVM hypervisor implements its device control API. While creating a\ndevice via kvm_ioctl_create_device(), the device holds a reference to\na VM object, later this reference is transferred to the caller's file\ndescriptor table. If such file descriptor was to be closed, reference\ncount to the VM object could become zero, potentially leading to a\nuse-after-free issue. A user/process could use this flaw to crash the\nguest VM resulting in a denial of service issue or, potentially, gain\nprivileged access to a system.(CVE-2019-6974)\n\nAn information leakage issue was found in the way Linux kernel's KVM\nhypervisor handled page fault exceptions while emulating instructions\nlike VMXON, VMCLEAR, VMPTRLD, and VMWRITE with memory address as an\noperand. It occurs if the operand is a mmio address, as the returned\nexception object holds uninitialized stack memory contents. A guest\nuser/process could use this flaw to leak host's stack memory contents\nto a guest.(CVE-2019-7222)\n\nA use-after-free vulnerability was found in the way the Linux kernel's\nKVM hypervisor emulates a preemption timer for L2 guests when nested\n(=1) virtualization is enabled. This high resolution timer(hrtimer)\nruns when a L2 guest is active. After VM exit, the sync_vmcs12() timer\nobject is stopped. The use-after-free occurs if the timer object is\nfreed before calling sync_vmcs12() routine. A guest user/process could\nuse this flaw to crash the host kernel resulting in a denial of\nservice or, potentially, gain privileged access to a\nsystem.(CVE-2019-7221)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2019-1165.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update kernel' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-4.14.101-91.76.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-debuginfo-4.14.101-91.76.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.14.101-91.76.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-devel-4.14.101-91.76.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"kernel-headers-4.14.101-91.76.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-tools-4.14.101-91.76.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-4.14.101-91.76.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-tools-devel-4.14.101-91.76.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"perf-4.14.101-91.76.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"perf-debuginfo-4.14.101-91.76.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"python-perf-4.14.101-91.76.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-4.14.101-91.76.amzn2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T15:43:04", "description": "The 4.20.8 stable kernel update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-19T00:00:00", "type": "nessus", "title": "Fedora 28 : kernel / kernel-headers / kernel-tools (2019-3da64f3e61)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-6974", "CVE-2019-7221", "CVE-2019-7222"], "modified": "2019-09-23T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "p-cpe:/a:fedoraproject:fedora:kernel-headers", "p-cpe:/a:fedoraproject:fedora:kernel-tools", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2019-3DA64F3E61.NASL", "href": "https://www.tenable.com/plugins/nessus/122278", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-3da64f3e61.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122278);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/09/23 11:21:10\");\n\n script_cve_id(\"CVE-2019-6974\", \"CVE-2019-7221\", \"CVE-2019-7222\");\n script_xref(name:\"FEDORA\", value:\"2019-3da64f3e61\");\n\n script_name(english:\"Fedora 28 : kernel / kernel-headers / kernel-tools (2019-3da64f3e61)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.20.8 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-3da64f3e61\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected kernel, kernel-headers and / or kernel-tools\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-6974\", \"CVE-2019-7221\", \"CVE-2019-7222\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2019-3da64f3e61\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"kernel-4.20.8-100.fc28\")) flag++;\nif (rpm_check(release:\"FC28\", reference:\"kernel-headers-4.20.8-100.fc28\")) flag++;\nif (rpm_check(release:\"FC28\", reference:\"kernel-tools-4.20.8-100.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-headers / kernel-tools\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T15:43:05", "description": "The 4.20.8 stable kernel update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-19T00:00:00", "type": "nessus", "title": "Fedora 29 : kernel / kernel-headers / kernel-tools (2019-164946aa7f)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-6974", "CVE-2019-7221", "CVE-2019-7222"], "modified": "2019-09-23T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "p-cpe:/a:fedoraproject:fedora:kernel-headers", "p-cpe:/a:fedoraproject:fedora:kernel-tools", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2019-164946AA7F.NASL", "href": "https://www.tenable.com/plugins/nessus/122275", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-164946aa7f.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122275);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/09/23 11:21:09\");\n\n script_cve_id(\"CVE-2019-6974\", \"CVE-2019-7221\", \"CVE-2019-7222\");\n script_xref(name:\"FEDORA\", value:\"2019-164946aa7f\");\n\n script_name(english:\"Fedora 29 : kernel / kernel-headers / kernel-tools (2019-164946aa7f)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.20.8 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-164946aa7f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected kernel, kernel-headers and / or kernel-tools\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-6974\", \"CVE-2019-7221\", \"CVE-2019-7222\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2019-164946aa7f\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"kernel-4.20.8-200.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"kernel-headers-4.20.8-200.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"kernel-tools-4.20.8-200.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-headers / kernel-tools\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T15:46:06", "description": "A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor emulates a preemption timer for L2 guests when nested (=1) virtualization is enabled. This high resolution timer(hrtimer) runs when a L2 guest is active. After VM exit, the sync_vmcs12() timer object is stopped. The use-after-free occurs if the timer object is freed before calling sync_vmcs12() routine. A guest user/process could use this flaw to crash the host kernel resulting in a denial of service or, potentially, gain privileged access to a system.\n(CVE-2019-7221)\n\nA use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor implements its device control API. While creating a device via kvm_ioctl_create_device(), the device holds a reference to a VM object, later this reference is transferred to the caller's file descriptor table. If such file descriptor was to be closed, reference count to the VM object could become zero, potentially leading to a use-after-free issue. A user/process could use this flaw to crash the guest VM resulting in a denial of service issue or, potentially, gain privileged access to a system. (CVE-2019-6974)\n\nAn information leakage issue was found in the way Linux kernel's KVM hypervisor handled page fault exceptions while emulating instructions like VMXON, VMCLEAR, VMPTRLD, and VMWRITE with memory address as an operand. It occurs if the operand is a mmio address, as the returned exception object holds uninitialized stack memory contents. A guest user/process could use this flaw to leak host's stack memory contents to a guest. (CVE-2019-7222)", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-03-05T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2019-1165)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-6974", "CVE-2019-7221", "CVE-2019-7222"], "modified": "2019-04-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2019-1165.NASL", "href": "https://www.tenable.com/plugins/nessus/122602", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2019-1165.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122602);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/04/02 21:54:16\");\n\n script_cve_id(\"CVE-2019-6974\", \"CVE-2019-7221\", \"CVE-2019-7222\");\n script_xref(name:\"ALAS\", value:\"2019-1165\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2019-1165)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A use-after-free vulnerability was found in the way the Linux kernel's\nKVM hypervisor emulates a preemption timer for L2 guests when nested\n(=1) virtualization is enabled. This high resolution timer(hrtimer)\nruns when a L2 guest is active. After VM exit, the sync_vmcs12() timer\nobject is stopped. The use-after-free occurs if the timer object is\nfreed before calling sync_vmcs12() routine. A guest user/process could\nuse this flaw to crash the host kernel resulting in a denial of\nservice or, potentially, gain privileged access to a system.\n(CVE-2019-7221)\n\nA use-after-free vulnerability was found in the way the Linux kernel's\nKVM hypervisor implements its device control API. While creating a\ndevice via kvm_ioctl_create_device(), the device holds a reference to\na VM object, later this reference is transferred to the caller's file\ndescriptor table. If such file descriptor was to be closed, reference\ncount to the VM object could become zero, potentially leading to a\nuse-after-free issue. A user/process could use this flaw to crash the\nguest VM resulting in a denial of service issue or, potentially, gain\nprivileged access to a system. (CVE-2019-6974)\n\nAn information leakage issue was found in the way Linux kernel's KVM\nhypervisor handled page fault exceptions while emulating instructions\nlike VMXON, VMCLEAR, VMPTRLD, and VMWRITE with memory address as an\noperand. It occurs if the operand is a mmio address, as the returned\nexception object holds uninitialized stack memory contents. A guest\nuser/process could use this flaw to leak host's stack memory contents\nto a guest. (CVE-2019-7222)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2019-1165.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update kernel' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-4.14.101-75.76.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-4.14.101-75.76.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-4.14.101-75.76.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.14.101-75.76.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-4.14.101-75.76.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-4.14.101-75.76.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-4.14.101-75.76.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-4.14.101-75.76.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-devel-4.14.101-75.76.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-4.14.101-75.76.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-debuginfo-4.14.101-75.76.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-11T15:16:16", "description": "The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841).\n\n - CVE-2018-14625: An attacker might have bene able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (bnc#1106615).\n\n - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bsc#1120743).\n\n - CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946).\n\n - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to\n __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714).\n\n - CVE-2018-18397: The userfaultfd implementation mishandled access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656).\n\n - CVE-2018-12232: In net/socket.c there was a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash (bnc#1097593).\n\n - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319).\n\n - CVE-2018-16862: A security flaw was found in the way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186).\n\n - CVE-2018-19854: An issue was discovered in the crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker did not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option) (bnc#1118428).\n\n - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152).\n\nThe following non-security bugs were fixed :\n\n - ACPI / CPPC: Check for valid PCC subspace only if PCC is used (bsc#1117115).\n\n - ACPI / CPPC: Update all pr_(debug/err) messages to log the susbspace id (bsc#1117115).\n\n - aio: fix spectre gadget in lookup_ioctx (bsc#1120594).\n\n - alsa: cs46xx: Potential NULL dereference in probe (bsc#1051510).\n\n - alsa: emu10k1: Fix potential Spectre v1 vulnerabilities (bsc#1051510).\n\n - alsa: emux: Fix potential Spectre v1 vulnerabilities (bsc#1051510).\n\n - alsa: fireface: fix for state to fetch PCM frames (bsc#1051510).\n\n - alsa: fireface: fix reference to wrong register for clock configuration (bsc#1051510).\n\n - alsa: firewire-lib: fix wrong assignment for 'out_packet_without_header' tracepoint (bsc#1051510).\n\n - alsa: firewire-lib: fix wrong handling payload_length as payload_quadlet (bsc#1051510).\n\n - alsa: firewire-lib: use the same print format for 'without_header' tracepoints (bsc#1051510).\n\n - alsa: hda: add mute LED support for HP EliteBook 840 G4 (bsc#1051510).\n\n - alsa: hda: Add support for AMD Stoney Ridge (bsc#1051510).\n\n - alsa: hda/ca0132 - make pci_iounmap() call conditional (bsc#1051510).\n\n - alsa: hda: fix front speakers on Huawei MBXP (bsc#1051510).\n\n - alsa: hda/realtek - Add support for Acer Aspire C24-860 headset mic (bsc#1051510).\n\n - alsa: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225 (bsc#1051510).\n\n - alsa: hda/realtek: ALC286 mic and headset-mode fixups for Acer Aspire U27-880 (bsc#1051510).\n\n - alsa: hda/realtek: ALC294 mic and headset-mode fixups for ASUS X542UN (bsc#1051510).\n\n - alsa: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bsc#1051510).\n\n - alsa: hda/realtek: Enable audio jacks of ASUS UX391UA with ALC294 (bsc#1051510).\n\n - alsa: hda/realtek: Enable audio jacks of ASUS UX433FN/UX333FA with ALC294 (bsc#1051510).\n\n - alsa: hda/realtek: Enable audio jacks of ASUS UX533FD with ALC294 (bsc#1051510).\n\n - alsa: hda/realtek: Enable the headset mic auto detection for ASUS laptops (bsc#1051510).\n\n - alsa: hda/realtek - Fixed headphone issue for ALC700 (bsc#1051510).\n\n - alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4660G (bsc#1051510).\n\n - alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4860G/Z6860G (bsc#1051510).\n\n - alsa: hda/realtek - Fix speaker output regression on Thinkpad T570 (bsc#1051510).\n\n - alsa: hda/realtek - Fix the mute LED regresion on Lenovo X1 Carbon (bsc#1051510).\n\n - alsa: hda/realtek - Support Dell headset mode for New AIO platform (bsc#1051510).\n\n - alsa: hda/tegra: clear pending irq handlers (bsc#1051510).\n\n - alsa: pcm: Call snd_pcm_unlink() conditionally at closing (bsc#1051510).\n\n - alsa: pcm: Fix interval evaluation with openmin/max (bsc#1051510).\n\n - alsa: pcm: Fix potential Spectre v1 vulnerability (bsc#1051510).\n\n - alsa: pcm: Fix starvation on down_write_nonblock() (bsc#1051510).\n\n - alsa: rme9652: Fix potential Spectre v1 vulnerability (bsc#1051510).\n\n - alsa: trident: Suppress gcc string warning (bsc#1051510).\n\n - alsa: usb-audio: Add SMSL D1 to quirks for native DSD support (bsc#1051510).\n\n - alsa: usb-audio: Add support for Encore mDSD USB DAC (bsc#1051510).\n\n - alsa: usb-audio: Avoid access before bLength check in build_audio_procunit() (bsc#1051510).\n\n - alsa: usb-audio: Fix an out-of-bound read in create_composite_quirks (bsc#1051510).\n\n - alsa: x86: Fix runtime PM for hdmi-lpe-audio (bsc#1051510).\n\n - apparmor: do not try to replace stale label in ptrace access check (git-fixes).\n\n - apparmor: do not try to replace stale label in ptraceme check (git-fixes).\n\n - apparmor: Fix uninitialized value in aa_split_fqname (git-fixes).\n\n - arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bsc#1120612).\n\n - arm64: atomics: Remove '&' from '+&' asm constraint in lse atomics (bsc#1120613).\n\n - arm64: cpu_errata: include required headers (bsc#1120615).\n\n - arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing (bsc#1120633).\n\n - arm64: Fix /proc/iomem for reserved but not memory regions (bsc#1120632).\n\n - arm64: lse: Add early clobbers to some input/output asm operands (bsc#1120614).\n\n - arm64: lse: remove -fcall-used-x0 flag (bsc#1120618).\n\n - arm64: mm: always enable CONFIG_HOLES_IN_ZONE (bsc#1120617).\n\n - arm64/numa: Report correct memblock range for the dummy node (bsc#1120620).\n\n - arm64/numa: Unify common error path in numa_init() (bsc#1120621).\n\n - arm64: remove no-op -p linker flag (bsc#1120616).\n\n - ASoC: dapm: Recalculate audio map forcely when card instantiated (bsc#1051510).\n\n - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Clapper (bsc#1051510).\n\n - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Gnawty (bsc#1051510).\n\n - ASoC: intel: mrfld: fix uninitialized variable access (bsc#1051510).\n\n - ASoC: omap-abe-twl6040: Fix missing audio card caused by deferred probing (bsc#1051510).\n\n - ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE (bsc#1051510).\n\n - ASoC: omap-mcbsp: Fix latency value calculation for pm_qos (bsc#1051510).\n\n - ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE (bsc#1051510).\n\n - ASoC: rsnd: fixup clock start checker (bsc#1051510).\n\n - ASoC: wm_adsp: Fix dma-unsafe read of scratch registers (bsc#1051510).\n\n - ath10k: do not assume this is a PCI dev in generic code (bsc#1051510).\n\n - ath6kl: Only use match sets when firmware supports it (bsc#1051510).\n\n - b43: Fix error in cordic routine (bsc#1051510).\n\n - bcache: fix miss key refill->end in writeback (Git-fixes).\n\n - bcache: trace missed reading by cache_missed (Git-fixes).\n\n - blk-mq: remove synchronize_rcu() from blk_mq_del_queue_tag_set() (Git-fixes).\n\n - block: allow max_discard_segments to be stacked (Git-fixes).\n\n - block: blk_init_allocated_queue() set q->fq as NULL in the fail case (Git-fixes).\n\n - block: really disable runtime-pm for blk-mq (Git-fixes).\n\n - block: reset bi_iter.bi_done after splitting bio (Git-fixes).\n\n - block/swim: Fix array bounds check (Git-fixes).\n\n - bnxt_en: do not try to offload VLAN 'modify' action (bsc#1050242 ).\n\n - bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request (bsc#1086282).\n\n - bnxt_en: Fix VNIC reservations on the PF (bsc#1086282 ).\n\n - bnxt_en: get the reduced max_irqs by the ones used by RDMA (bsc#1050242).\n\n - bpf: fix check of allowed specifiers in bpf_trace_printk (bsc#1083647).\n\n - bpf: use per htab salt for bucket hash (git-fixes).\n\n - btrfs: Always try all copies when reading extent buffers (git-fixes).\n\n - btrfs: delete dead code in btrfs_orphan_add() (bsc#1111469).\n\n - btrfs: delete dead code in btrfs_orphan_commit_root() (bsc#1111469).\n\n - btrfs: do not BUG_ON() in btrfs_truncate_inode_items() (bsc#1111469).\n\n - btrfs: do not check inode's runtime flags under root->orphan_lock (bsc#1111469).\n\n - btrfs: do not return ino to ino cache if inode item removal fails (bsc#1111469).\n\n - btrfs: fix ENOSPC caused by orphan items reservations (bsc#1111469).\n\n - btrfs: Fix error handling in btrfs_cleanup_ordered_extents (git-fixes).\n\n - btrfs: fix error handling in btrfs_truncate() (bsc#1111469).\n\n - btrfs: fix error handling in btrfs_truncate_inode_items() (bsc#1111469).\n\n - btrfs: fix fsync of files with multiple hard links in new directories (1120173).\n\n - btrfs: Fix memory barriers usage with device stats counters (git-fixes).\n\n - btrfs: fix use-after-free on root->orphan_block_rsv (bsc#1111469).\n\n - btrfs: get rid of BTRFS_INODE_HAS_ORPHAN_ITEM (bsc#1111469).\n\n - btrfs: get rid of unused orphan infrastructure (bsc#1111469).\n\n - btrfs: move btrfs_truncate_block out of trans handle (bsc#1111469).\n\n - btrfs: qgroup: Dirty all qgroups before rescan (bsc#1120036).\n\n - btrfs: refactor btrfs_evict_inode() reserve refill dance (bsc#1111469).\n\n - btrfs: renumber BTRFS_INODE_ runtime flags and switch to enums (bsc#1111469).\n\n - btrfs: reserve space for O_TMPFILE orphan item deletion (bsc#1111469).\n\n - btrfs: run delayed items before dropping the snapshot (bsc#1121263, bsc#1111188).\n\n - btrfs: stop creating orphan items for truncate (bsc#1111469).\n\n - btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875).\n\n - btrfs: update stale comments referencing vmtruncate() (bsc#1111469).\n\n - can: flexcan: flexcan_irq(): fix indention (bsc#1051510).\n\n - cdrom: do not attempt to fiddle with cdo->capability (bsc#1051510).\n\n - ceph: do not update importing cap's mseq when handing cap export (bsc#1121273).\n\n - char_dev: extend dynamic allocation of majors into a higher range (bsc#1121058).\n\n - char_dev: Fix off-by-one bugs in find_dynamic_major() (bsc#1121058).\n\n - clk: mmp: Off by one in mmp_clk_add() (bsc#1051510).\n\n - clk: mvebu: Off by one bugs in cp110_of_clk_get() (bsc#1051510).\n\n - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations (git-fixes).\n\n - config: arm64: enable erratum 1024718\n\n - cpufeature: avoid warning when compiling with clang (Git-fixes).\n\n - cpufreq / CPPC: Add cpuinfo_cur_freq support for CPPC (bsc#1117115).\n\n - cpufreq: CPPC: fix build in absence of v3 support (bsc#1117115).\n\n - cpupower: remove stringop-truncation waring (git-fixes).\n\n - crypto: bcm - fix normal/non key hash algorithm failure (bsc#1051510).\n\n - crypto: ccp - Add DOWNLOAD_FIRMWARE SEV command ().\n\n - crypto: ccp - Add GET_ID SEV command ().\n\n - crypto: ccp - Add psp enabled message when initialization succeeds ().\n\n - crypto: ccp - Add support for new CCP/PSP device ID ().\n\n - crypto: ccp - Allow SEV firmware to be chosen based on Family and Model ().\n\n - crypto: ccp - Fix static checker warning ().\n\n - crypto: ccp - Remove unused #defines ().\n\n - crypto: ccp - Support register differences between PSP devices ().\n\n - dasd: fix deadlock in dasd_times_out (bsc#1121477, LTC#174111).\n\n - dax: Check page->mapping isn't NULL (bsc#1120054).\n\n - dax: Do not access a freed inode (bsc#1120055).\n\n - device property: Define type of PROPERTY_ENRTY_*() macros (bsc#1051510).\n\n - device property: fix fwnode_graph_get_next_endpoint() documentation (bsc#1051510).\n\n - disable stringop truncation warnings for now (git-fixes).\n\n - dm: allocate struct mapped_device with kvzalloc (Git-fixes).\n\n - dm cache: destroy migration_cache if cache target registration failed (Git-fixes).\n\n - dm cache: fix resize crash if user does not reload cache table (Git-fixes).\n\n - dm cache metadata: ignore hints array being too small during resize (Git-fixes).\n\n - dm cache metadata: save in-core policy_hint_size to on-disk superblock (Git-fixes).\n\n - dm cache metadata: set dirty on all cache blocks after a crash (Git-fixes).\n\n - dm cache: only allow a single io_mode cache feature to be requested (Git-fixes).\n\n - dm crypt: do not decrease device limits (Git-fixes).\n\n - dm: fix report zone remapping to account for partition offset (Git-fixes).\n\n - dm integrity: change 'suspending' variable from bool to int (Git-fixes).\n\n - dm ioctl: harden copy_params()'s copy_from_user() from malicious users (Git-fixes).\n\n - dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled (Git-fixes).\n\n - dm linear: fix linear_end_io conditional definition (Git-fixes).\n\n - dm thin: handle running out of data space vs concurrent discard (Git-fixes).\n\n - dm thin metadata: remove needless work from\n __commit_transaction (Git-fixes).\n\n - dm thin: stop no_space_timeout worker when switching to write-mode (Git-fixes).\n\n - dm writecache: fix a crash due to reading past end of dirty_bitmap (Git-fixes).\n\n - dm writecache: report start_sector in status line (Git-fixes).\n\n - dm zoned: fix metadata block ref counting (Git-fixes).\n\n - dm zoned: fix various dmz_get_mblock() issues (Git-fixes).\n\n - doc/README.SUSE: correct GIT url No more gitorious, github we use.\n\n - drivers/net/usb: add device id for TP-LINK UE300 USB 3.0 Ethernet (bsc#1119749).\n\n - drivers/net/usb/r8152: remove the unneeded variable 'ret' in rtl8152_system_suspend (bsc#1119749).\n\n - drm/amdgpu/gmc8: update MC firmware for polaris (bsc#1113722)\n\n - drm/amdgpu: update mc firmware image for polaris12 variants (bsc#1113722)\n\n - drm/amdgpu: update SMC firmware image for polaris10 variants (bsc#1113722)\n\n - drm/i915/execlists: Apply a full mb before execution for Braswell (bsc#1113722)\n\n - drm/ioctl: Fix Spectre v1 vulnerabilities (bsc#1113722)\n\n - drm/nouveau/kms: Fix memory leak in nv50_mstm_del() (bsc#1113722)\n\n - drm: rcar-du: Fix external clock error checks (bsc#1113722)\n\n - drm: rcar-du: Fix vblank initialization (bsc#1113722)\n\n - drm/rockchip: psr: do not dereference encoder before it is null (bsc#1113722)\n\n - drm: set is_master to 0 upon drm_new_set_master() failure (bsc#1113722)\n\n - drm/vc4: Set ->is_yuv to false when num_planes == 1 (bsc#1113722)\n\n - drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE (bsc#1113722)\n\n - dt-bindings: add compatible string for Allwinner V3s SoC (git-fixes).\n\n - dt-bindings: arm: Document SoC compatible value for Armadillo-800 EVA (git-fixes).\n\n - dt-bindings: clock: add rk3399 DDR3 standard speed bins (git-fixes).\n\n - dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4 (git-fixes).\n\n - dt-bindings: mfd: axp20x: Add AXP806 to supported list of chips (git-fixes).\n\n - dt-bindings: net: Remove duplicate NSP Ethernet MAC binding document (git-fixes).\n\n - dt-bindings: panel: lvds: Fix path to display timing bindings (git-fixes).\n\n - dt-bindings: phy: sun4i-usb-phy: Add property descriptions for H3 (git-fixes).\n\n - dt-bindings: pwm: renesas: tpu: Fix 'compatible' prop description (git-fixes).\n\n - dt-bindings: rcar-dmac: Document missing error interrupt (git-fixes).\n\n - edac, (i7core,sb,skx)_edac: Fix uncorrected error counting (bsc#1114279).\n\n - edac, skx_edac: Fix logical channel intermediate decoding (bsc#1114279).\n\n - efi: Move some sysfs files to be read-only by root (bsc#1051510).\n\n - ethernet: fman: fix wrong of_node_put() in probe function (bsc#1119017).\n\n - exportfs: fix 'passing zero to ERR_PTR()' warning (bsc#1118773).\n\n - ext2: fix potential use after free (bsc#1118775).\n\n - ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760).\n\n - ext4: fix EXT4_IOC_GROUP_ADD ioctl (bsc#1120604).\n\n - ext4: fix possible use after free in ext4_quota_enable (bsc#1120602).\n\n - ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() (bsc#1120603).\n\n - extable: Consolidate *kernel_text_address() functions (bsc#1120092).\n\n - extable: Enable RCU if it is not watching in kernel_text_address() (bsc#1120092).\n\n - fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1113722)\n\n - fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1113722)\n\n - firmware: add firmware_request_nowarn() - load firmware without warnings ().\n\n - Fix the breakage of KMP build on x86_64 (bsc#1121017)\n\n - fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (Git-fixes).\n\n - fscache: Pass the correct cancelled indications to fscache_op_complete() (Git-fixes).\n\n - fs: fix lost error code in dio_complete (bsc#1118762).\n\n - fs/xfs: Use %pS printk format for direct addresses (git-fixes).\n\n - fuse: fix blocked_waitq wakeup (git-fixes).\n\n - fuse: fix leaked notify reply (git-fixes).\n\n - fuse: fix possibly missed wake-up after abort (git-fixes).\n\n - fuse: Fix use-after-free in fuse_dev_do_read() (git-fixes).\n\n - fuse: Fix use-after-free in fuse_dev_do_write() (git-fixes).\n\n - fuse: fix use-after-free in fuse_direct_IO() (git-fixes).\n\n - fuse: set FR_SENT while locked (git-fixes).\n\n - gcc-plugins: Add include required by GCC release 8 (git-fixes).\n\n - gcc-plugins: Use dynamic initializers (git-fixes).\n\n - gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd (bsc#1118769).\n\n - gfs2: Fix loop in gfs2_rbm_find (bsc#1120601).\n\n - gfs2: Get rid of potential double-freeing in gfs2_create_inode (bsc#1120600).\n\n - gfs2_meta: ->mount() can get NULL dev_name (bsc#1118768).\n\n - gfs2: Put bitmap buffers in put_super (bsc#1118772).\n\n - git_sort.py: Remove non-existent remote tj/libata\n\n - gpio: davinci: Remove unused member of davinci_gpio_controller (git-fixes).\n\n - gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers (bsc#1051510).\n\n - gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (bsc#1051510).\n\n - gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bsc#1051510).\n\n - gpio: mvebu: only fail on missing clk if pwm is actually to be used (bsc#1051510).\n\n - HID: Add quirk for Primax PIXART OEM mice (bsc#1119410).\n\n - HID: input: Ignore battery reported by Symbol DS4308 (bsc#1051510).\n\n - HID: multitouch: Add pointstick support for Cirque Touchpad (bsc#1051510).\n\n - hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336).\n\n - i2c: axxia: properly handle master timeout (bsc#1051510).\n\n - i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node (bsc#1051510).\n\n - ib/hfi1: Add mtu check for operational data VLs (bsc#1060463 ).\n\n - ibmvnic: Convert reset work item mutex to spin lock ().\n\n - ibmvnic: Fix non-atomic memory allocation in IRQ context ().\n\n - ib/rxe: support for 802.1q VLAN on the listener (bsc#1082387).\n\n - ieee802154: 6lowpan: set IFLA_LINK (bsc#1051510).\n\n - ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510).\n\n - ieee802154: at86rf230: use __func__ macro for debug messages (bsc#1051510).\n\n - ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510).\n\n - Include modules.fips in kernel-binary as well as kernel-binary-base ().\n\n - initramfs: fix initramfs rebuilds w/ compression after disabling (git-fixes).\n\n - input: add official Raspberry Pi's touchscreen driver ().\n\n - input: cros_ec_keyb - fix button/switch capability reports (bsc#1051510).\n\n - input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bsc#1051510).\n\n - input: elan_i2c - add ELAN0620 to the ACPI table (bsc#1051510).\n\n - input: elan_i2c - add support for ELAN0621 touchpad (bsc#1051510).\n\n - input: hyper-v - fix wakeup from suspend-to-idle (bsc#1051510).\n\n - input: matrix_keypad - check for errors from of_get_named_gpio() (bsc#1051510).\n\n - input: nomadik-ske-keypad - fix a loop timeout test (bsc#1051510).\n\n - input: omap-keypad - fix keyboard debounce configuration (bsc#1051510).\n\n - input: synaptics - add PNP ID for ThinkPad P50 to SMBus (bsc#1051510).\n\n - input: synaptics - enable SMBus for HP 15-ay000 (bsc#1051510).\n\n - input: xpad - quirk all PDP Xbox One gamepads (bsc#1051510).\n\n - integrity/security: fix digsig.c build error with header file (bsc#1051510).\n\n - intel_th: msu: Fix an off-by-one in attribute store (bsc#1051510).\n\n - iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105).\n\n - iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105).\n\n - iwlwifi: add new cards for 9560, 9462, 9461 and killer series (bsc#1051510).\n\n - iwlwifi: fix LED command capability bit (bsc#1119086).\n\n - iwlwifi: nvm: get num of hw addresses from firmware (bsc#1119086).\n\n - iwlwifi: pcie: do not reset TXQ write pointer (bsc#1051510).\n\n - jffs2: free jffs2_sb_info through jffs2_kill_sb() (bsc#1118767).\n\n - jump_label: Split out code under the hotplug lock (bsc#1106913).\n\n - kabi: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336).\n\n - kabi protect hnae_ae_ops (bsc#1104353).\n\n - kbuild: allow to use GCC toolchain not in Clang search path (git-fixes).\n\n - kbuild: fix linker feature test macros when cross compiling with Clang (git-fixes).\n\n - kbuild: make missing $DEPMOD a Warning instead of an Error (git-fixes).\n\n - kbuild: rpm-pkg: keep spec file until make mrproper (git-fixes).\n\n - kbuild: suppress packed-not-aligned warning for default setting only (git-fixes).\n\n - kbuild: verify that $DEPMOD is installed (git-fixes).\n\n - kernfs: Replace strncpy with memcpy (bsc#1120053).\n\n - keys: Fix the use of the C++ keyword 'private' in uapi/linux/keyctl.h (Git-fixes).\n\n - kobject: Replace strncpy with memcpy (git-fixes).\n\n - kprobes: Make list and blacklist root user read only (git-fixes).\n\n - kvm: PPC: Book3S PR: Enable use on POWER9 inside HPT-mode guests (bsc#1118484).\n\n - kvm: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb (bsc#1114279).\n\n - libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bsc#1051510).\n\n - libceph: fall back to sendmsg for slab pages (bsc#1118316).\n\n - libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1118962).\n\n - lib/raid6: Fix arm64 test build (bsc#1051510).\n\n - lib/ubsan.c: do not mark\n __ubsan_handle_builtin_unreachable as noreturn (bsc#1051510).\n\n - Limit max FW API version for QCA9377 (bsc#1121714, bsc#1121715).\n\n - linux/bitmap.h: fix type of nbits in bitmap_shift_right() (bsc#1051510).\n\n - locking/barriers: Convert users of lockless_dereference() to READ_ONCE() (Git-fixes).\n\n - locking/static_keys: Improve uninitialized key warning (bsc#1106913).\n\n - mac80211: Clear beacon_int in ieee80211_do_stop (bsc#1051510).\n\n - mac80211: fix reordering of buffered broadcast packets (bsc#1051510).\n\n - mac80211_hwsim: fix module init error paths for netlink (bsc#1051510).\n\n - mac80211_hwsim: Timer should be initialized before device registered (bsc#1051510).\n\n - mac80211: ignore NullFunc frames in the duplicate detection (bsc#1051510).\n\n - mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext (bsc#1051510).\n\n - Mark HI and TASKLET softirq synchronous (git-fixes).\n\n - media: em28xx: Fix use-after-free when disconnecting (bsc#1051510).\n\n - media: em28xx: make v4l2-compliance happier by starting sequence on zero (bsc#1051510).\n\n - media: omap3isp: Unregister media device as first (bsc#1051510).\n\n - mmc: bcm2835: reset host on timeout (bsc#1051510).\n\n - mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support (bsc#1051510).\n\n - mmc: core: Reset HPI enabled state during re-init and in case of errors (bsc#1051510).\n\n - mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl (bsc#1051510).\n\n - mmc: dw_mmc-bluefield: Add driver extension (bsc#1118752).\n\n - mmc: dw_mmc-k3: add sd support for hi3660 (bsc#1118752).\n\n - MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bsc#1051510).\n\n - mmc: omap_hsmmc: fix DMA API warning (bsc#1051510).\n\n - mmc: sdhci: fix the timeout check window for clock and reset (bsc#1051510).\n\n - mm: do not miss the last page because of round-off error (bnc#1118798).\n\n - mm: do not warn about large allocations for slab (git fixes (slab)).\n\n - mm/huge_memory.c: reorder operations in\n __split_huge_page_tail() (VM Functionality bsc#1119962).\n\n - mm: hugetlb: yield when prepping struct pages (git fixes (memory initialisation)).\n\n - mm: lower the printk loglevel for __dump_page messages (generic hotplug debugability).\n\n - mm, memory_hotplug: be more verbose for memory offline failures (generic hotplug debugability).\n\n - mm, memory_hotplug: drop pointless block alignment checks from __offline_pages (generic hotplug debugability).\n\n - mm, memory_hotplug: print reason for the offlining failure (generic hotplug debugability).\n\n - mm: migration: fix migration of huge PMD shared pages (bnc#1086423).\n\n - mm: only report isolation failures when offlining memory (generic hotplug debugability).\n\n - mm: print more information about mapping in __dump_page (generic hotplug debugability).\n\n - mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272).\n\n - mm: sections are not offlined during memory hotremove (bnc#1119968).\n\n - mm: shmem.c: Correctly annotate new inodes for lockdep (Git fixes: shmem).\n\n - mm/vmstat.c: fix NUMA statistics updates (git fixes).\n\n - Move dell_rbu fix to sorted section (bsc#1087978).\n\n - mtd: cfi: convert inline functions to macros (git-fixes).\n\n - mtd: Fix comparison in map_word_andequal() (git-fixes).\n\n - namei: allow restricted O_CREAT of FIFOs and regular files (bsc#1118766).\n\n - nbd: do not allow invalid blocksize settings (Git-fixes).\n\n - net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() (bsc#1051510).\n\n - net: dsa: mv88e6xxx: Fix binding documentation for MDIO busses (git-fixes).\n\n - net: dsa: qca8k: Add QCA8334 binding documentation (git-fixes).\n\n - net: ena: fix crash during ena_remove() (bsc#1111696 bsc#1117561).\n\n - net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1111696 bsc#1117561).\n\n - net: hns3: Add nic state check before calling netif_tx_wake_queue (bsc#1104353).\n\n - net: hns3: Add support for hns3_nic_netdev_ops.ndo_do_ioctl (bsc#1104353).\n\n - net: hns3: bugfix for buffer not free problem during resetting (bsc#1104353).\n\n - net: hns3: bugfix for handling mailbox while the command queue reinitialized (bsc#1104353).\n\n - net: hns3: bugfix for hclge_mdio_write and hclge_mdio_read (bsc#1104353).\n\n - net: hns3: bugfix for is_valid_csq_clean_head() (bsc#1104353 ).\n\n - net: hns3: bugfix for reporting unknown vector0 interrupt repeatly problem (bsc#1104353).\n\n - net: hns3: bugfix for rtnl_lock's range in the hclgevf_reset() (bsc#1104353).\n\n - net: hns3: bugfix for the initialization of command queue's spin lock (bsc#1104353).\n\n - net: hns3: Check hdev state when getting link status (bsc#1104353).\n\n - net: hns3: Clear client pointer when initialize client failed or unintialize finished (bsc#1104353).\n\n - net: hns3: Fix cmdq registers initialization issue for vf (bsc#1104353).\n\n - net: hns3: Fix error of checking used vlan id (bsc#1104353 ).\n\n - net: hns3: Fix ets validate issue (bsc#1104353).\n\n - net: hns3: Fix for netdev not up problem when setting mtu (bsc#1104353).\n\n - net: hns3: Fix for out-of-bounds access when setting pfc back pressure (bsc#1104353).\n\n - net: hns3: Fix for packet buffer setting bug (bsc#1104353 ).\n\n - net: hns3: Fix for rx vlan id handle to support Rev 0x21 hardware (bsc#1104353).\n\n - net: hns3: Fix for setting speed for phy failed problem (bsc#1104353).\n\n - net: hns3: Fix for vf vlan delete failed problem (bsc#1104353 ).\n\n - net: hns3: Fix loss of coal configuration while doing reset (bsc#1104353).\n\n - net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() (bsc#1104353).\n\n - net: hns3: Fix ping exited problem when doing lp selftest (bsc#1104353).\n\n - net: hns3: Preserve vlan 0 in hardware table (bsc#1104353 ).\n\n - net: hns3: remove unnecessary queue reset in the hns3_uninit_all_ring() (bsc#1104353).\n\n - net: hns3: Set STATE_DOWN bit of hdev state when stopping net (bsc#1104353).\n\n - net/mlx4_core: Correctly set PFC param if global pause is turned off (bsc#1046299).\n\n - net: usb: r8152: constify usb_device_id (bsc#1119749).\n\n - net: usb: r8152: use irqsave() in USB's complete callback (bsc#1119749).\n\n - nospec: Allow index argument to have const-qualified type (git-fixes)\n\n - nospec: Kill array_index_nospec_mask_check() (git-fixes).\n\n - nvme-fc: resolve io failures during connect (bsc#1116803).\n\n - nvme-multipath: zero out ANA log buffer (bsc#1105168).\n\n - nvme: validate controller state before rescheduling keep alive (bsc#1103257).\n\n - objtool: Detect RIP-relative switch table references (bsc#1058115).\n\n - objtool: Detect RIP-relative switch table references, part 2 (bsc#1058115).\n\n - objtool: Fix another switch table detection issue (bsc#1058115).\n\n - objtool: Fix double-free in .cold detection error path (bsc#1058115).\n\n - objtool: Fix GCC 8 cold subfunction detection for aliased functions (bsc#1058115).\n\n - objtool: Fix 'noreturn' detection for recursive sibling calls (bsc#1058115).\n\n - objtool: Fix segfault in .cold detection with\n -ffunction-sections (bsc#1058115).\n\n - objtool: Support GCC 8's cold subfunctions (bsc#1058115).\n\n - objtool: Support GCC 8 switch tables (bsc#1058115).\n\n - panic: avoid deadlocks in re-entrant console drivers (bsc#1088386).\n\n - PCI: Add ACS quirk for Ampere root ports (bsc#1120058).\n\n - PCI: Add ACS quirk for APM X-Gene devices (bsc#1120058).\n\n - PCI: Convert device-specific ACS quirks from NULL termination to ARRAY_SIZE (bsc#1120058).\n\n - PCI: Delay after FLR of Intel DC P3700 NVMe (bsc#1120058).\n\n - PCI: Disable Samsung SM961/PM961 NVMe before FLR (bsc#1120058).\n\n - PCI: Export pcie_has_flr() (bsc#1120058).\n\n - PCI: iproc: Activate PAXC bridge quirk for more devices (bsc#1120058).\n\n - PCI: Mark Ceton InfiniTV4 INTx masking as broken (bsc#1120058).\n\n - PCI: Mark fall-through switch cases before enabling\n -Wimplicit-fallthrough (bsc#1120058).\n\n - PCI: Mark Intel XXV710 NIC INTx masking as broken (bsc#1120058).\n\n - perf tools: Fix tracing_path_mount proper path (git-fixes).\n\n - platform-msi: Free descriptors in platform_msi_domain_free() (bsc#1051510).\n\n - powerpc/64s: consolidate MCE counter increment (bsc#1094244).\n\n - powerpc/64s/radix: Fix process table entry cache invalidation (bsc#1055186, git-fixes).\n\n - powerpc/boot: Expose Kconfig symbols to wrapper (bsc#1065729).\n\n - powerpc/boot: Fix build failures with -j 1 (bsc#1065729).\n\n - powerpc/pkeys: Fix handling of pkey state across fork() (bsc#1078248, git-fixes).\n\n - powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle) (bsc#1055121).\n\n - powerpc/pseries: Track LMB nid instead of using device tree (bsc#1108270).\n\n - powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244).\n\n - power: supply: olpc_battery: correct the temperature units (bsc#1051510).\n\n - ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS (bsc#1106913).\n\n - qed: Add driver support for 20G link speed (bsc#1110558).\n\n - qed: Add support for virtual link (bsc#1111795).\n\n - qede: Add driver support for 20G link speed (bsc#1110558).\n\n - r8152: add byte_enable for ocp_read_word function (bsc#1119749).\n\n - r8152: add Linksys USB3GIGV1 id (bsc#1119749).\n\n - r8152: add r8153_phy_status function (bsc#1119749).\n\n - r8152: adjust lpm settings for RTL8153 (bsc#1119749).\n\n - r8152: adjust rtl8153_runtime_enable function (bsc#1119749).\n\n - r8152: adjust the settings about MAC clock speed down for RTL8153 (bsc#1119749).\n\n - r8152: adjust U2P3 for RTL8153 (bsc#1119749).\n\n - r8152: avoid rx queue more than 1000 packets (bsc#1119749).\n\n - r8152: check if disabling ALDPS is finished (bsc#1119749).\n\n - r8152: correct the definition (bsc#1119749).\n\n - r8152: disable RX aggregation on Dell TB16 dock (bsc#1119749).\n\n - r8152: disable RX aggregation on new Dell TB16 dock (bsc#1119749).\n\n - r8152: fix wrong checksum status for received IPv4 packets (bsc#1119749).\n\n - r8152: move calling delay_autosuspend function (bsc#1119749).\n\n - r8152: move the default coalesce setting for RTL8153 (bsc#1119749).\n\n - r8152: move the initialization to reset_resume function (bsc#1119749).\n\n - r8152: move the setting of rx aggregation (bsc#1119749).\n\n - r8152: replace napi_complete with napi_complete_done (bsc#1119749).\n\n - r8152: set rx mode early when linking on (bsc#1119749).\n\n - r8152: split rtl8152_resume function (bsc#1119749).\n\n - r8152: support new chip 8050 (bsc#1119749).\n\n - r8152: support RTL8153B (bsc#1119749).\n\n - rbd: whitelist RBD_FEATURE_OPERATIONS feature bit (Git-fixes).\n\n - rcu: Allow for page faults in NMI handlers (bsc#1120092).\n\n - rdma/bnxt_re: Add missing spin lock initialization (bsc#1050244 ).\n\n - rdma/bnxt_re: Avoid accessing the device structure after it is freed (bsc#1050244).\n\n - rdma/bnxt_re: Avoid NULL check after accessing the pointer (bsc#1086283).\n\n - rdma/bnxt_re: Fix system hang when registration with L2 driver fails (bsc#1086283).\n\n - rdma/hns: Bugfix pbl configuration for rereg mr (bsc#1104427 ).\n\n - rdma_rxe: make rxe work over 802.1q VLAN devices (bsc#1082387).\n\n - reset: remove remaining WARN_ON() in <linux/reset.h> (Git-fixes).\n\n - Revert commit ef9209b642f 'staging: rtl8723bs: Fix indenting errors and an off-by-one mistake in core/rtw_mlme_ext.c' (bsc#1051510).\n\n - Revert 'iommu/io-pgtable-arm: Check for v7s-incapable systems' (bsc#1106105).\n\n - Revert 'PCI/ASPM: Do not initialize link state when aspm_disabled is set' (bsc#1051510).\n\n - Revert 'scsi: lpfc: ls_rjt erroneus FLOGIs' (bsc#1119322).\n\n - ring-buffer: Allow for rescheduling when removing pages (bsc#1120238).\n\n - ring-buffer: Do no reuse reader page if still in use (bsc#1120096).\n\n - ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094).\n\n - rtc: hctosys: Add missing range error reporting (bsc#1051510).\n\n - rtc: m41t80: Correct alarm month range with RTC reads (bsc#1051510).\n\n - rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write (bsc#1051510).\n\n - rtc: snvs: Add timeouts to avoid kernel lockups (bsc#1051510).\n\n - rtl8xxxu: Fix missing break in switch (bsc#1051510).\n\n - s390/dasd: simplify locking in dasd_times_out (bsc#1104967,).\n\n - s390/kdump: Fix elfcorehdr size calculation (bsc#1117953, LTC#171112).\n\n - s390/kdump: Make elfcorehdr size calculation ABI compliant (bsc#1117953, LTC#171112).\n\n - s390/qeth: fix length check in SNMP processing (bsc#1117953, LTC#173657).\n\n - s390/qeth: remove outdated portname debug msg (bsc#1117953, LTC#172960).\n\n - s390/qeth: sanitize strings in debug messages (bsc#1117953, LTC#172960).\n\n - sbitmap: fix race in wait batch accounting (Git-fixes).\n\n - sched/core: Fix cpu.max vs. cpuhotplug deadlock (bsc#1106913).\n\n - sched/fair: Fix infinite loop in update_blocked_averages() by reverting a9e7f6544b9c (Git fixes (scheduler)).\n\n - sched/smt: Expose sched_smt_present static key (bsc#1106913).\n\n - sched/smt: Make sched_smt_present track topology (bsc#1106913).\n\n - sched, tracing: Fix trace_sched_pi_setprio() for deboosting (bsc#1120228).\n\n - scripts/git-pre-commit: make executable.\n\n - scripts/git_sort/git_sort.py: change SCSI git repos to make series sorting more failsafe.\n\n - scsi: lpfc: Cap NPIV vports to 256 (bsc#1118215).\n\n - scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE (bsc#1118215).\n\n - scsi: lpfc: Correct topology type reporting on G7 adapters (bsc#1118215).\n\n - scsi: lpfc: Defer LS_ACC to FLOGI on point to point logins (bsc#1118215).\n\n - scsi: lpfc: Enable Management features for IF_TYPE=6 (bsc#1119322).\n\n - scsi: lpfc: Fix a duplicate 0711 log message number (bsc#1118215).\n\n - scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935).\n\n - scsi: lpfc: Fix dif and first burst use in write commands (bsc#1118215).\n\n - scsi: lpfc: Fix discovery failures during port failovers with lots of vports (bsc#1118215).\n\n - scsi: lpfc: Fix driver release of fw-logging buffers (bsc#1118215).\n\n - scsi: lpfc: Fix kernel Oops due to null pring pointers (bsc#1118215).\n\n - scsi: lpfc: Fix panic when FW-log buffsize is not initialized (bsc#1118215).\n\n - scsi: lpfc: ls_rjt erroneus FLOGIs (bsc#1118215).\n\n - scsi: lpfc: refactor mailbox structure context fields (bsc#1118215).\n\n - scsi: lpfc: rport port swap discovery issue (bsc#1118215).\n\n - scsi: lpfc: update driver version to 12.0.0.9 (bsc#1118215).\n\n - scsi: lpfc: update manufacturer attribute to reflect Broadcom (bsc#1118215).\n\n - scsi: target: add emulate_pr backstore attr to toggle PR support (bsc#1091405).\n\n - scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405).\n\n - scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bsc#1121483, LTC#174588).\n\n - skd: Avoid that module unloading triggers a use-after-free (Git-fixes).\n\n - skd: Submit requests to firmware before triggering the doorbell (Git-fixes).\n\n - soc: bcm2835: sync firmware properties with downstream ()\n\n - spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode (bsc#1051510).\n\n - spi: bcm2835: Fix book-keeping of DMA termination (bsc#1051510).\n\n - spi: bcm2835: Fix race on DMA termination (bsc#1051510).\n\n - spi: bcm2835: Unbreak the build of esoteric configs (bsc#1051510).\n\n - splice: do not read more than available pipe space (bsc#1119212).\n\n - staging: bcm2835-camera: Abort probe if there is no camera (bsc#1051510).\n\n - staging: rtl8712: Fix possible buffer overrun (bsc#1051510).\n\n - staging: rtl8723bs: Add missing return for cfg80211_rtw_get_station (bsc#1051510).\n\n - staging: rts5208: fix gcc-8 logic error warning (bsc#1051510).\n\n - staging: wilc1000: fix missing read_write setting when reading data (bsc#1051510).\n\n - Stop building F2FS (boo#1109665) As per the information in the bugzilla issue f2fs is no longer supported on opensuse distributions.\n\n - supported.conf: add raspberrypi-ts driver\n\n - supported.conf: whitelist bluefield eMMC driver\n\n - target/iscsi: avoid NULL dereference in CHAP auth error path (bsc#1117165).\n\n - target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405).\n\n - team: no need to do team_notify_peers or team_mcast_rejoin when disabling port (bsc#1051510).\n\n - termios, tty/tty_baudrate.c: fix buffer overrun (bsc#1051510).\n\n - test_hexdump: use memcpy instead of strncpy (bsc#1051510).\n\n - tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset (bsc#1051510).\n\n - tools: hv: fcopy: set 'error' in case an unknown operation was requested (git-fixes).\n\n - tools: hv: include string.h in hv_fcopy_daemon (git-fixes).\n\n - tools/power/cpupower: fix compilation with STATIC=true (git-fixes).\n\n - tools/power turbostat: fix possible sprintf buffer overflow (git-fixes).\n\n - tracing/blktrace: Fix to allow setting same value (Git-fixes).\n\n - tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046).\n\n - tracing: Fix crash when freeing instances with event triggers (bsc#1120230).\n\n - tracing: Fix crash when it fails to alloc ring buffer (bsc#1120097).\n\n - tracing: Fix double free of event_trigger_data (bsc#1120234).\n\n - tracing: Fix missing return symbol in function_graph output (bsc#1120232).\n\n - tracing: Fix possible double free in event_enable_trigger_func() (bsc#1120235).\n\n - tracing: Fix possible double free on failure of allocating trace buffer (bsc#1120214).\n\n - tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223).\n\n - tracing: Fix trace_pipe behavior for instance traces (bsc#1120088).\n\n - tracing: Remove RCU work arounds from stack tracer (bsc#1120092).\n\n - tracing/samples: Fix creation and deletion of simple_thread_fn creation (git-fixes).\n\n - tty: Do not return -EAGAIN in blocking read (bsc#1116040).\n\n - tty: do not set TTY_IO_ERROR flag if console port (bsc#1051510).\n\n - tty: serial: 8250_mtk: always resume the device in probe (bsc#1051510).\n\n - ubifs: Handle re-linking of inodes correctly while recovery (bsc#1120598).\n\n - udf: Allow mounting volumes with incorrect identification strings (bsc#1118774).\n\n - unifdef: use memcpy instead of strncpy (bsc#1051510).\n\n - usb: appledisplay: Add 27' Apple Cinema Display (bsc#1051510).\n\n - usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series (bsc#1051510).\n\n - usb: dwc2: host: use hrtimer for NAK retries (git-fixes).\n\n - usb: hso: Fix OOB memory access in hso_probe/hso_get_config_data (bsc#1051510).\n\n - usbip: vhci_hcd: check rhport before using in vhci_hub_control() (bsc#1090888).\n\n - usb: omap_udc: fix crashes on probe error and module removal (bsc#1051510).\n\n - usb: omap_udc: fix omap_udc_start() on 15xx machines (bsc#1051510).\n\n - usb: omap_udc: fix USB gadget functionality on Palm Tungsten E (bsc#1051510).\n\n - usb: omap_udc: use devm_request_irq() (bsc#1051510).\n\n - usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bsc#1051510).\n\n - usb: serial: option: add Fibocom NL668 series (bsc#1051510).\n\n - usb: serial: option: add GosunCn ZTE WeLink ME3630 (bsc#1051510).\n\n - usb: serial: option: add HP lt4132 (bsc#1051510).\n\n - usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) (bsc#1051510).\n\n - usb: serial: option: add Telit LN940 series (bsc#1051510).\n\n - usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() (bsc#1106110).\n\n - usb: usb-storage: Add new IDs to ums-realtek (bsc#1051510).\n\n - usb: xhci: fix uninitialized completion when USB3 port got wrong status (bsc#1051510).\n\n - usb: xhci: Prevent bus suspend if a port connect change or polling state is detected (bsc#1051510).\n\n - userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails (bsc#1118761).\n\n - userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (bsc#1118809).\n\n - v9fs_dir_readdir: fix double-free on p9stat_read error (bsc#1118771).\n\n - watchdog/core: Add missing prototypes for weak functions (git-fixes).\n\n - wireless: airo: potential buffer overflow in sprintf() (bsc#1051510).\n\n - wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()' (bsc#1051510).\n\n - x86/bugs: Add AMD's SPEC_CTRL MSR usage (bsc#1106913).\n\n - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bsc#1106913).\n\n - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features (bsc#1106913).\n\n - x86/decoder: Fix and update the opcodes map (bsc#1058115).\n\n - x86/kabi: Fix cpu_tlbstate issue (bsc#1106913).\n\n - x86/l1tf: Show actual SMT state (bsc#1106913).\n\n - x86/MCE/AMD: Fix the thresholding machinery initialization order (bsc#1114279).\n\n - x86/mm: Fix decoy address handling vs 32-bit builds (bsc#1120606).\n\n - x86/PCI: Add additional VMD device root ports to VMD AER quirk (bsc#1120058).\n\n - x86/PCI: Add 'pci=big_root_window' option for AMD 64-bit windows (bsc#1120058).\n\n - x86/PCI: Apply VMD's AERSID fixup generically (bsc#1120058).\n\n - x86/PCI: Avoid AMD SB7xx EHCI USB wakeup defect (bsc#1120058).\n\n - x86/PCI: Enable a 64bit BAR on AMD Family 15h (Models 00-1f, 30-3f, 60-7f) (bsc#1120058).\n\n - x86/PCI: Enable AMD 64-bit window on resume (bsc#1120058).\n\n - x86/PCI: Fix infinite loop in search for 64bit BAR placement (bsc#1120058).\n\n - x86/PCI: Move and shrink AMD 64-bit window to avoid conflict (bsc#1120058).\n\n - x86/PCI: Move VMD quirk to x86 fixups (bsc#1120058).\n\n - x86/PCI: Only enable a 64bit BAR on single-socket AMD Family 15h (bsc#1120058).\n\n - x86/PCI: Use is_vmd() rather than relying on the domain number (bsc#1120058).\n\n - x86/process: Consolidate and simplify switch_to_xtra() code (bsc#1106913).\n\n - x86/pti: Document fix wrong index (git-fixes).\n\n - x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support (bsc#1106913).\n\n - x86/retpoline: Remove minimal retpoline support (bsc#1106913).\n\n - x86/speculataion: Mark command line parser data\n __initdata (bsc#1106913).\n\n - x86/speculation: Add command line control for indirect branch speculation (bsc#1106913).\n\n - x86/speculation: Add prctl() control for indirect branch speculation (bsc#1106913).\n\n - x86/speculation: Add seccomp Spectre v2 user space protection mode (bsc#1106913).\n\n - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (bsc#1106913).\n\n - x86/speculation: Avoid __switch_to_xtra() calls (bsc#1106913).\n\n - x86/speculation: Clean up spectre_v2_parse_cmdline() (bsc#1106913).\n\n - x86/speculation: Disable STIBP when enhanced IBRS is in use (bsc#1106913).\n\n - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1106913).\n\n - x86/speculation: Enable prctl mode for spectre_v2_user (bsc#1106913).\n\n - x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off (bnc#1114871).\n\n - x86/speculation: Mark string arrays const correctly (bsc#1106913).\n\n - x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (bsc#1106913).\n\n - x86/speculation: Prepare arch_smt_update() for PRCTL mode (bsc#1106913).\n\n - x86/speculation: Prepare for conditional IBPB in switch_mm() (bsc#1106913).\n\n - x86/speculation: Prepare for per task indirect branch speculation control (bsc#1106913).\n\n - x86/speculation: Prevent stale SPEC_CTRL msr content (bsc#1106913).\n\n - x86/speculation: Propagate information about RSB filling mitigation to sysfs (bsc#1106913).\n\n - x86/speculation: Provide IBPB always command line options (bsc#1106913).\n\n - x86/speculation: Remove unnecessary ret variable in cpu_show_common() (bsc#1106913).\n\n - x86/speculation: Rename SSBD update functions (bsc#1106913).\n\n - x86/speculation: Reorder the spec_v2 code (bsc#1106913).\n\n - x86/speculation: Reorganize speculation control MSRs update (bsc#1106913).\n\n - x86/speculation: Rework SMT state change (bsc#1106913).\n\n - x86/speculation: Split out TIF update (bsc#1106913).\n\n - x86/speculation: Unify conditional spectre v2 print functions (bsc#1106913).\n\n - x86/speculation: Update the TIF_SSBD comment (bsc#1106913).\n\n - xen/netfront: tolerate frags with no data (bnc#1119804).\n\n - xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183).\n\n - xfs: Align compat attrlist_by_handle with native implementation (git-fixes).\n\n - xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat (git-fixes).\n\n - xfs: xfs_buf: drop useless LIST_HEAD (git-fixes).\n\n - xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc (bsc#1117162).\n\n - xhci: Do not prevent USB2 bus suspend in state check intended for USB3 only (bsc#1051510).\n\n - xhci: Prevent U1/U2 link pm states if exit latency is too long (bsc#1051510).\n\n - xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621).", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-22T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2019-65)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-2547", "CVE-2018-12232", "CVE-2018-14625", "CVE-2018-16862", "CVE-2018-16884", "CVE-2018-18397", "CVE-2018-19407", "CVE-2018-19824", "CVE-2018-19854", "CVE-2018-19985", "CVE-2018-20169", "CVE-2018-9568"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-65.NASL", "href": "https://www.tenable.com/plugins/nessus/121289", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-65.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121289);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-2547\", \"CVE-2018-12232\", \"CVE-2018-14625\", \"CVE-2018-16862\", \"CVE-2018-16884\", \"CVE-2018-18397\", \"CVE-2018-19407\", \"CVE-2018-19824\", \"CVE-2018-19854\", \"CVE-2018-19985\", \"CVE-2018-20169\", \"CVE-2018-9568\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2019-65)\");\n script_summary(english:\"Check for the openSUSE-2019-65 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 15.0 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2018-19407: The vcpu_scan_ioapic function in\n arch/x86/kvm/x86.c allowed local users to cause a denial\n of service (NULL pointer dereference and BUG) via\n crafted system calls that reach a situation where ioapic\n is uninitialized (bnc#1116841).\n\n - CVE-2018-14625: An attacker might have bene able to have\n an uncontrolled read to kernel-memory from within a vm\n guest. A race condition between connect() and close()\n function may allow an attacker using the AF_VSOCK\n protocol to gather a 4 byte information leak or possibly\n intercept or corrupt AF_VSOCK messages destined to other\n clients (bnc#1106615).\n\n - CVE-2018-19985: The function hso_probe read if_num from\n the USB device (as an u8) and used it without a length\n check to index an array, resulting in an OOB memory read\n in hso_probe or hso_get_config_data that could be used\n by local attackers (bsc#1120743).\n\n - CVE-2018-16884: NFS41+ shares mounted in different\n network namespaces at the same time can make\n bc_svc_process() use wrong back-channel IDs and cause a\n use-after-free vulnerability. Thus a malicious container\n user can cause a host kernel memory corruption and a\n system panic. Due to the nature of the flaw, privilege\n escalation cannot be fully ruled out (bnc#1119946).\n\n - CVE-2018-20169: The USB subsystem mishandled size checks\n during the reading of an extra descriptor, related to\n __usb_get_extra_descriptor in drivers/usb/core/usb.c\n (bnc#1119714).\n\n - CVE-2018-18397: The userfaultfd implementation\n mishandled access control for certain UFFDIO_ ioctl\n calls, as demonstrated by allowing local users to write\n data into holes in a tmpfs file (if the user has\n read-only access to that file, and that file contains\n holes), related to fs/userfaultfd.c and mm/userfaultfd.c\n (bnc#1117656).\n\n - CVE-2018-12232: In net/socket.c there was a race\n condition between fchownat and close in cases where they\n target the same socket file descriptor, related to the\n sock_close and sockfs_setattr functions. fchownat did\n not increment the file descriptor reference count, which\n allowed close to set the socket to NULL during\n fchownat's execution, leading to a NULL pointer\n dereference and system crash (bnc#1097593).\n\n - CVE-2018-9568: In sk_clone_lock of sock.c, there is a\n possible memory corruption due to type confusion. This\n could lead to local escalation of privilege with no\n additional execution privileges needed. User interaction\n is not needed for exploitation. (bnc#1118319).\n\n - CVE-2018-16862: A security flaw was found in the way\n that the cleancache subsystem clears an inode after the\n final file truncation (removal). The new file created\n with the same inode may contain leftover pages from\n cleancache and the old file data instead of the new one\n (bnc#1117186).\n\n - CVE-2018-19854: An issue was discovered in the\n crypto_report_one() and related functions in\n crypto/crypto_user.c (the crypto user configuration API)\n do not fully initialize structures that are copied to\n userspace, potentially leaking sensitive memory to user\n programs. NOTE: this is a CVE-2013-2547 regression but\n with easier exploitability because the attacker did not\n need a capability (however, the system must have the\n CONFIG_CRYPTO_USER kconfig option) (bnc#1118428).\n\n - CVE-2018-19824: A local user could exploit a\n use-after-free in the ALSA driver by supplying a\n malicious USB Sound device (with zero interfaces) that\n is mishandled in usb_audio_probe in sound/usb/card.c\n (bnc#1118152).\n\nThe following non-security bugs were fixed :\n\n - ACPI / CPPC: Check for valid PCC subspace only if PCC is\n used (bsc#1117115).\n\n - ACPI / CPPC: Update all pr_(debug/err) messages to log\n the susbspace id (bsc#1117115).\n\n - aio: fix spectre gadget in lookup_ioctx (bsc#1120594).\n\n - alsa: cs46xx: Potential NULL dereference in probe\n (bsc#1051510).\n\n - alsa: emu10k1: Fix potential Spectre v1 vulnerabilities\n (bsc#1051510).\n\n - alsa: emux: Fix potential Spectre v1 vulnerabilities\n (bsc#1051510).\n\n - alsa: fireface: fix for state to fetch PCM frames\n (bsc#1051510).\n\n - alsa: fireface: fix reference to wrong register for\n clock configuration (bsc#1051510).\n\n - alsa: firewire-lib: fix wrong assignment for\n 'out_packet_without_header' tracepoint (bsc#1051510).\n\n - alsa: firewire-lib: fix wrong handling payload_length as\n payload_quadlet (bsc#1051510).\n\n - alsa: firewire-lib: use the same print format for\n 'without_header' tracepoints (bsc#1051510).\n\n - alsa: hda: add mute LED support for HP EliteBook 840 G4\n (bsc#1051510).\n\n - alsa: hda: Add support for AMD Stoney Ridge\n (bsc#1051510).\n\n - alsa: hda/ca0132 - make pci_iounmap() call conditional\n (bsc#1051510).\n\n - alsa: hda: fix front speakers on Huawei MBXP\n (bsc#1051510).\n\n - alsa: hda/realtek - Add support for Acer Aspire C24-860\n headset mic (bsc#1051510).\n\n - alsa: hda/realtek - Add unplug function into unplug\n state of Headset Mode for ALC225 (bsc#1051510).\n\n - alsa: hda/realtek: ALC286 mic and headset-mode fixups\n for Acer Aspire U27-880 (bsc#1051510).\n\n - alsa: hda/realtek: ALC294 mic and headset-mode fixups\n for ASUS X542UN (bsc#1051510).\n\n - alsa: hda/realtek - Disable headset Mic VREF for headset\n mode of ALC225 (bsc#1051510).\n\n - alsa: hda/realtek: Enable audio jacks of ASUS UX391UA\n with ALC294 (bsc#1051510).\n\n - alsa: hda/realtek: Enable audio jacks of ASUS\n UX433FN/UX333FA with ALC294 (bsc#1051510).\n\n - alsa: hda/realtek: Enable audio jacks of ASUS UX533FD\n with ALC294 (bsc#1051510).\n\n - alsa: hda/realtek: Enable the headset mic auto detection\n for ASUS laptops (bsc#1051510).\n\n - alsa: hda/realtek - Fixed headphone issue for ALC700\n (bsc#1051510).\n\n - alsa: hda/realtek: Fix mic issue on Acer AIO Veriton\n Z4660G (bsc#1051510).\n\n - alsa: hda/realtek: Fix mic issue on Acer AIO Veriton\n Z4860G/Z6860G (bsc#1051510).\n\n - alsa: hda/realtek - Fix speaker output regression on\n Thinkpad T570 (bsc#1051510).\n\n - alsa: hda/realtek - Fix the mute LED regresion on Lenovo\n X1 Carbon (bsc#1051510).\n\n - alsa: hda/realtek - Support Dell headset mode for New\n AIO platform (bsc#1051510).\n\n - alsa: hda/tegra: clear pending irq handlers\n (bsc#1051510).\n\n - alsa: pcm: Call snd_pcm_unlink() conditionally at\n closing (bsc#1051510).\n\n - alsa: pcm: Fix interval evaluation with openmin/max\n (bsc#1051510).\n\n - alsa: pcm: Fix potential Spectre v1 vulnerability\n (bsc#1051510).\n\n - alsa: pcm: Fix starvation on down_write_nonblock()\n (bsc#1051510).\n\n - alsa: rme9652: Fix potential Spectre v1 vulnerability\n (bsc#1051510).\n\n - alsa: trident: Suppress gcc string warning\n (bsc#1051510).\n\n - alsa: usb-audio: Add SMSL D1 to quirks for native DSD\n support (bsc#1051510).\n\n - alsa: usb-audio: Add support for Encore mDSD USB DAC\n (bsc#1051510).\n\n - alsa: usb-audio: Avoid access before bLength check in\n build_audio_procunit() (bsc#1051510).\n\n - alsa: usb-audio: Fix an out-of-bound read in\n create_composite_quirks (bsc#1051510).\n\n - alsa: x86: Fix runtime PM for hdmi-lpe-audio\n (bsc#1051510).\n\n - apparmor: do not try to replace stale label in ptrace\n access check (git-fixes).\n\n - apparmor: do not try to replace stale label in ptraceme\n check (git-fixes).\n\n - apparmor: Fix uninitialized value in aa_split_fqname\n (git-fixes).\n\n - arm64: Add work around for Arm Cortex-A55 Erratum\n 1024718 (bsc#1120612).\n\n - arm64: atomics: Remove '&' from '+&' asm constraint in\n lse atomics (bsc#1120613).\n\n - arm64: cpu_errata: include required headers\n (bsc#1120615).\n\n - arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing\n (bsc#1120633).\n\n - arm64: Fix /proc/iomem for reserved but not memory\n regions (bsc#1120632).\n\n - arm64: lse: Add early clobbers to some input/output asm\n operands (bsc#1120614).\n\n - arm64: lse: remove -fcall-used-x0 flag (bsc#1120618).\n\n - arm64: mm: always enable CONFIG_HOLES_IN_ZONE\n (bsc#1120617).\n\n - arm64/numa: Report correct memblock range for the dummy\n node (bsc#1120620).\n\n - arm64/numa: Unify common error path in numa_init()\n (bsc#1120621).\n\n - arm64: remove no-op -p linker flag (bsc#1120616).\n\n - ASoC: dapm: Recalculate audio map forcely when card\n instantiated (bsc#1051510).\n\n - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0\n quirk for Chromebook Clapper (bsc#1051510).\n\n - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0\n quirk for Chromebook Gnawty (bsc#1051510).\n\n - ASoC: intel: mrfld: fix uninitialized variable access\n (bsc#1051510).\n\n - ASoC: omap-abe-twl6040: Fix missing audio card caused by\n deferred probing (bsc#1051510).\n\n - ASoC: omap-dmic: Add pm_qos handling to avoid overruns\n with CPU_IDLE (bsc#1051510).\n\n - ASoC: omap-mcbsp: Fix latency value calculation for\n pm_qos (bsc#1051510).\n\n - ASoC: omap-mcpdm: Add pm_qos handling to avoid\n under/overruns with CPU_IDLE (bsc#1051510).\n\n - ASoC: rsnd: fixup clock start checker (bsc#1051510).\n\n - ASoC: wm_adsp: Fix dma-unsafe read of scratch registers\n (bsc#1051510).\n\n - ath10k: do not assume this is a PCI dev in generic code\n (bsc#1051510).\n\n - ath6kl: Only use match sets when firmware supports it\n (bsc#1051510).\n\n - b43: Fix error in cordic routine (bsc#1051510).\n\n - bcache: fix miss key refill->end in writeback\n (Git-fixes).\n\n - bcache: trace missed reading by cache_missed\n (Git-fixes).\n\n - blk-mq: remove synchronize_rcu() from\n blk_mq_del_queue_tag_set() (Git-fixes).\n\n - block: allow max_discard_segments to be stacked\n (Git-fixes).\n\n - block: blk_init_allocated_queue() set q->fq as NULL in\n the fail case (Git-fixes).\n\n - block: really disable runtime-pm for blk-mq (Git-fixes).\n\n - block: reset bi_iter.bi_done after splitting bio\n (Git-fixes).\n\n - block/swim: Fix array bounds check (Git-fixes).\n\n - bnxt_en: do not try to offload VLAN 'modify' action\n (bsc#1050242 ).\n\n - bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG\n request (bsc#1086282).\n\n - bnxt_en: Fix VNIC reservations on the PF (bsc#1086282 ).\n\n - bnxt_en: get the reduced max_irqs by the ones used by\n RDMA (bsc#1050242).\n\n - bpf: fix check of allowed specifiers in bpf_trace_printk\n (bsc#1083647).\n\n - bpf: use per htab salt for bucket hash (git-fixes).\n\n - btrfs: Always try all copies when reading extent buffers\n (git-fixes).\n\n - btrfs: delete dead code in btrfs_orphan_add()\n (bsc#1111469).\n\n - btrfs: delete dead code in btrfs_orphan_commit_root()\n (bsc#1111469).\n\n - btrfs: do not BUG_ON() in btrfs_truncate_inode_items()\n (bsc#1111469).\n\n - btrfs: do not check inode's runtime flags under\n root->orphan_lock (bsc#1111469).\n\n - btrfs: do not return ino to ino cache if inode item\n removal fails (bsc#1111469).\n\n - btrfs: fix ENOSPC caused by orphan items reservations\n (bsc#1111469).\n\n - btrfs: Fix error handling in\n btrfs_cleanup_ordered_extents (git-fixes).\n\n - btrfs: fix error handling in btrfs_truncate()\n (bsc#1111469).\n\n - btrfs: fix error handling in\n btrfs_truncate_inode_items() (bsc#1111469).\n\n - btrfs: fix fsync of files with multiple hard links in\n new directories (1120173).\n\n - btrfs: Fix memory barriers usage with device stats\n counters (git-fixes).\n\n - btrfs: fix use-after-free on root->orphan_block_rsv\n (bsc#1111469).\n\n - btrfs: get rid of BTRFS_INODE_HAS_ORPHAN_ITEM\n (bsc#1111469).\n\n - btrfs: get rid of unused orphan infrastructure\n (bsc#1111469).\n\n - btrfs: move btrfs_truncate_block out of trans handle\n (bsc#1111469).\n\n - btrfs: qgroup: Dirty all qgroups before rescan\n (bsc#1120036).\n\n - btrfs: refactor btrfs_evict_inode() reserve refill dance\n (bsc#1111469).\n\n - btrfs: renumber BTRFS_INODE_ runtime flags and switch to\n enums (bsc#1111469).\n\n - btrfs: reserve space for O_TMPFILE orphan item deletion\n (bsc#1111469).\n\n - btrfs: run delayed items before dropping the snapshot\n (bsc#1121263, bsc#1111188).\n\n - btrfs: stop creating orphan items for truncate\n (bsc#1111469).\n\n - btrfs: tree-checker: Do not check max block group size\n as current max chunk size limit is unreliable (fixes for\n bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877,\n bsc#1102875).\n\n - btrfs: update stale comments referencing vmtruncate()\n (bsc#1111469).\n\n - can: flexcan: flexcan_irq(): fix indention\n (bsc#1051510).\n\n - cdrom: do not attempt to fiddle with cdo->capability\n (bsc#1051510).\n\n - ceph: do not update importing cap's mseq when handing\n cap export (bsc#1121273).\n\n - char_dev: extend dynamic allocation of majors into a\n higher range (bsc#1121058).\n\n - char_dev: Fix off-by-one bugs in find_dynamic_major()\n (bsc#1121058).\n\n - clk: mmp: Off by one in mmp_clk_add() (bsc#1051510).\n\n - clk: mvebu: Off by one bugs in cp110_of_clk_get()\n (bsc#1051510).\n\n - compiler-gcc.h: Add __attribute__((gnu_inline)) to all\n inline declarations (git-fixes).\n\n - config: arm64: enable erratum 1024718\n\n - cpufeature: avoid warning when compiling with clang\n (Git-fixes).\n\n - cpufreq / CPPC: Add cpuinfo_cur_freq support for CPPC\n (bsc#1117115).\n\n - cpufreq: CPPC: fix build in absence of v3 support\n (bsc#1117115).\n\n - cpupower: remove stringop-truncation waring (git-fixes).\n\n - crypto: bcm - fix normal/non key hash algorithm failure\n (bsc#1051510).\n\n - crypto: ccp - Add DOWNLOAD_FIRMWARE SEV command ().\n\n - crypto: ccp - Add GET_ID SEV command ().\n\n - crypto: ccp - Add psp enabled message when\n initialization succeeds ().\n\n - crypto: ccp - Add support for new CCP/PSP device ID ().\n\n - crypto: ccp - Allow SEV firmware to be chosen based on\n Family and Model ().\n\n - crypto: ccp - Fix static checker warning ().\n\n - crypto: ccp - Remove unused #defines ().\n\n - crypto: ccp - Support register differences between PSP\n devices ().\n\n - dasd: fix deadlock in dasd_times_out (bsc#1121477,\n LTC#174111).\n\n - dax: Check page->mapping isn't NULL (bsc#1120054).\n\n - dax: Do not access a freed inode (bsc#1120055).\n\n - device property: Define type of PROPERTY_ENRTY_*()\n macros (bsc#1051510).\n\n - device property: fix fwnode_graph_get_next_endpoint()\n documentation (bsc#1051510).\n\n - disable stringop truncation warnings for now\n (git-fixes).\n\n - dm: allocate struct mapped_device with kvzalloc\n (Git-fixes).\n\n - dm cache: destroy migration_cache if cache target\n registration failed (Git-fixes).\n\n - dm cache: fix resize crash if user does not reload cache\n table (Git-fixes).\n\n - dm cache metadata: ignore hints array being too small\n during resize (Git-fixes).\n\n - dm cache metadata: save in-core policy_hint_size to\n on-disk superblock (Git-fixes).\n\n - dm cache metadata: set dirty on all cache blocks after a\n crash (Git-fixes).\n\n - dm cache: only allow a single io_mode cache feature to\n be requested (Git-fixes).\n\n - dm crypt: do not decrease device limits (Git-fixes).\n\n - dm: fix report zone remapping to account for partition\n offset (Git-fixes).\n\n - dm integrity: change 'suspending' variable from bool to\n int (Git-fixes).\n\n - dm ioctl: harden copy_params()'s copy_from_user() from\n malicious users (Git-fixes).\n\n - dm linear: eliminate linear_end_io call if\n CONFIG_DM_ZONED disabled (Git-fixes).\n\n - dm linear: fix linear_end_io conditional definition\n (Git-fixes).\n\n - dm thin: handle running out of data space vs concurrent\n discard (Git-fixes).\n\n - dm thin metadata: remove needless work from\n __commit_transaction (Git-fixes).\n\n - dm thin: stop no_space_timeout worker when switching to\n write-mode (Git-fixes).\n\n - dm writecache: fix a crash due to reading past end of\n dirty_bitmap (Git-fixes).\n\n - dm writecache: report start_sector in status line\n (Git-fixes).\n\n - dm zoned: fix metadata block ref counting (Git-fixes).\n\n - dm zoned: fix various dmz_get_mblock() issues\n (Git-fixes).\n\n - doc/README.SUSE: correct GIT url No more gitorious,\n github we use.\n\n - drivers/net/usb: add device id for TP-LINK UE300 USB 3.0\n Ethernet (bsc#1119749).\n\n - drivers/net/usb/r8152: remove the unneeded variable\n 'ret' in rtl8152_system_suspend (bsc#1119749).\n\n - drm/amdgpu/gmc8: update MC firmware for polaris\n (bsc#1113722)\n\n - drm/amdgpu: update mc firmware image for polaris12\n variants (bsc#1113722)\n\n - drm/amdgpu: update SMC firmware image for polaris10\n variants (bsc#1113722)\n\n - drm/i915/execlists: Apply a full mb before execution for\n Braswell (bsc#1113722)\n\n - drm/ioctl: Fix Spectre v1 vulnerabilities (bsc#1113722)\n\n - drm/nouveau/kms: Fix memory leak in nv50_mstm_del()\n (bsc#1113722)\n\n - drm: rcar-du: Fix external clock error checks\n (bsc#1113722)\n\n - drm: rcar-du: Fix vblank initialization (bsc#1113722)\n\n - drm/rockchip: psr: do not dereference encoder before it\n is null (bsc#1113722)\n\n - drm: set is_master to 0 upon drm_new_set_master()\n failure (bsc#1113722)\n\n - drm/vc4: Set ->is_yuv to false when num_planes == 1\n (bsc#1113722)\n\n - drm/vc4: ->x_scaling[1] should never be set to\n VC4_SCALING_NONE (bsc#1113722)\n\n - dt-bindings: add compatible string for Allwinner V3s SoC\n (git-fixes).\n\n - dt-bindings: arm: Document SoC compatible value for\n Armadillo-800 EVA (git-fixes).\n\n - dt-bindings: clock: add rk3399 DDR3 standard speed bins\n (git-fixes).\n\n - dt-bindings: clock: mediatek: add binding for\n fixed-factor clock axisel_d4 (git-fixes).\n\n - dt-bindings: mfd: axp20x: Add AXP806 to supported list\n of chips (git-fixes).\n\n - dt-bindings: net: Remove duplicate NSP Ethernet MAC\n binding document (git-fixes).\n\n - dt-bindings: panel: lvds: Fix path to display timing\n bindings (git-fixes).\n\n - dt-bindings: phy: sun4i-usb-phy: Add property\n descriptions for H3 (git-fixes).\n\n - dt-bindings: pwm: renesas: tpu: Fix 'compatible' prop\n description (git-fixes).\n\n - dt-bindings: rcar-dmac: Document missing error interrupt\n (git-fixes).\n\n - edac, (i7core,sb,skx)_edac: Fix uncorrected error\n counting (bsc#1114279).\n\n - edac, skx_edac: Fix logical channel intermediate\n decoding (bsc#1114279).\n\n - efi: Move some sysfs files to be read-only by root\n (bsc#1051510).\n\n - ethernet: fman: fix wrong of_node_put() in probe\n function (bsc#1119017).\n\n - exportfs: fix 'passing zero to ERR_PTR()' warning\n (bsc#1118773).\n\n - ext2: fix potential use after free (bsc#1118775).\n\n - ext4: avoid possible double brelse() in add_new_gdb() on\n error path (bsc#1118760).\n\n - ext4: fix EXT4_IOC_GROUP_ADD ioctl (bsc#1120604).\n\n - ext4: fix possible use after free in ext4_quota_enable\n (bsc#1120602).\n\n - ext4: missing unlock/put_page() in\n ext4_try_to_write_inline_data() (bsc#1120603).\n\n - extable: Consolidate *kernel_text_address() functions\n (bsc#1120092).\n\n - extable: Enable RCU if it is not watching in\n kernel_text_address() (bsc#1120092).\n\n - fbdev: fbcon: Fix unregister crash when more than one\n framebuffer (bsc#1113722)\n\n - fbdev: fbmem: behave better with small rotated displays\n and many CPUs (bsc#1113722)\n\n - firmware: add firmware_request_nowarn() - load firmware\n without warnings ().\n\n - Fix the breakage of KMP build on x86_64 (bsc#1121017)\n\n - fscache: Fix race in fscache_op_complete() due to split\n atomic_sub & read (Git-fixes).\n\n - fscache: Pass the correct cancelled indications to\n fscache_op_complete() (Git-fixes).\n\n - fs: fix lost error code in dio_complete (bsc#1118762).\n\n - fs/xfs: Use %pS printk format for direct addresses\n (git-fixes).\n\n - fuse: fix blocked_waitq wakeup (git-fixes).\n\n - fuse: fix leaked notify reply (git-fixes).\n\n - fuse: fix possibly missed wake-up after abort\n (git-fixes).\n\n - fuse: Fix use-after-free in fuse_dev_do_read()\n (git-fixes).\n\n - fuse: Fix use-after-free in fuse_dev_do_write()\n (git-fixes).\n\n - fuse: fix use-after-free in fuse_direct_IO()\n (git-fixes).\n\n - fuse: set FR_SENT while locked (git-fixes).\n\n - gcc-plugins: Add include required by GCC release 8\n (git-fixes).\n\n - gcc-plugins: Use dynamic initializers (git-fixes).\n\n - gfs2: Do not leave s_fs_info pointing to freed memory in\n init_sbd (bsc#1118769).\n\n - gfs2: Fix loop in gfs2_rbm_find (bsc#1120601).\n\n - gfs2: Get rid of potential double-freeing in\n gfs2_create_inode (bsc#1120600).\n\n - gfs2_meta: ->mount() can get NULL dev_name\n (bsc#1118768).\n\n - gfs2: Put bitmap buffers in put_super (bsc#1118772).\n\n - git_sort.py: Remove non-existent remote tj/libata\n\n - gpio: davinci: Remove unused member of\n davinci_gpio_controller (git-fixes).\n\n - gpiolib-acpi: Only defer request_irq for GpioInt ACPI\n event handlers (bsc#1051510).\n\n - gpiolib: Fix return value of gpio_to_desc() stub if\n !GPIOLIB (bsc#1051510).\n\n - gpio: max7301: fix driver for use with CONFIG_VMAP_STACK\n (bsc#1051510).\n\n - gpio: mvebu: only fail on missing clk if pwm is actually\n to be used (bsc#1051510).\n\n - HID: Add quirk for Primax PIXART OEM mice (bsc#1119410).\n\n - HID: input: Ignore battery reported by Symbol DS4308\n (bsc#1051510).\n\n - HID: multitouch: Add pointstick support for Cirque\n Touchpad (bsc#1051510).\n\n - hwpoison, memory_hotplug: allow hwpoisoned pages to be\n offlined (bnc#1116336).\n\n - i2c: axxia: properly handle master timeout\n (bsc#1051510).\n\n - i2c: scmi: Fix probe error on devices with an empty\n SMB0001 ACPI device node (bsc#1051510).\n\n - ib/hfi1: Add mtu check for operational data VLs\n (bsc#1060463 ).\n\n - ibmvnic: Convert reset work item mutex to spin lock ().\n\n - ibmvnic: Fix non-atomic memory allocation in IRQ context\n ().\n\n - ib/rxe: support for 802.1q VLAN on the listener\n (bsc#1082387).\n\n - ieee802154: 6lowpan: set IFLA_LINK (bsc#1051510).\n\n - ieee802154: at86rf230: switch from BUG_ON() to WARN_ON()\n on problem (bsc#1051510).\n\n - ieee802154: at86rf230: use __func__ macro for debug\n messages (bsc#1051510).\n\n - ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on\n problem (bsc#1051510).\n\n - Include modules.fips in kernel-binary as well as\n kernel-binary-base ().\n\n - initramfs: fix initramfs rebuilds w/ compression after\n disabling (git-fixes).\n\n - input: add official Raspberry Pi's touchscreen driver\n ().\n\n - input: cros_ec_keyb - fix button/switch capability\n reports (bsc#1051510).\n\n - input: elan_i2c - add ACPI ID for Lenovo IdeaPad\n 330-15ARR (bsc#1051510).\n\n - input: elan_i2c - add ELAN0620 to the ACPI table\n (bsc#1051510).\n\n - input: elan_i2c - add support for ELAN0621 touchpad\n (bsc#1051510).\n\n - input: hyper-v - fix wakeup from suspend-to-idle\n (bsc#1051510).\n\n - input: matrix_keypad - check for errors from\n of_get_named_gpio() (bsc#1051510).\n\n - input: nomadik-ske-keypad - fix a loop timeout test\n (bsc#1051510).\n\n - input: omap-keypad - fix keyboard debounce configuration\n (bsc#1051510).\n\n - input: synaptics - add PNP ID for ThinkPad P50 to SMBus\n (bsc#1051510).\n\n - input: synaptics - enable SMBus for HP 15-ay000\n (bsc#1051510).\n\n - input: xpad - quirk all PDP Xbox One gamepads\n (bsc#1051510).\n\n - integrity/security: fix digsig.c build error with header\n file (bsc#1051510).\n\n - intel_th: msu: Fix an off-by-one in attribute store\n (bsc#1051510).\n\n - iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105).\n\n - iommu/vt-d: Handle domain agaw being less than iommu\n agaw (bsc#1106105).\n\n - iwlwifi: add new cards for 9560, 9462, 9461 and killer\n series (bsc#1051510).\n\n - iwlwifi: fix LED command capability bit (bsc#1119086).\n\n - iwlwifi: nvm: get num of hw addresses from firmware\n (bsc#1119086).\n\n - iwlwifi: pcie: do not reset TXQ write pointer\n (bsc#1051510).\n\n - jffs2: free jffs2_sb_info through jffs2_kill_sb()\n (bsc#1118767).\n\n - jump_label: Split out code under the hotplug lock\n (bsc#1106913).\n\n - kabi: hwpoison, memory_hotplug: allow hwpoisoned pages\n to be offlined (bnc#1116336).\n\n - kabi protect hnae_ae_ops (bsc#1104353).\n\n - kbuild: allow to use GCC toolchain not in Clang search\n path (git-fixes).\n\n - kbuild: fix linker feature test macros when cross\n compiling with Clang (git-fixes).\n\n - kbuild: make missing $DEPMOD a Warning instead of an\n Error (git-fixes).\n\n - kbuild: rpm-pkg: keep spec file until make mrproper\n (git-fixes).\n\n - kbuild: suppress packed-not-aligned warning for default\n setting only (git-fixes).\n\n - kbuild: verify that $DEPMOD is installed (git-fixes).\n\n - kernfs: Replace strncpy with memcpy (bsc#1120053).\n\n - keys: Fix the use of the C++ keyword 'private' in\n uapi/linux/keyctl.h (Git-fixes).\n\n - kobject: Replace strncpy with memcpy (git-fixes).\n\n - kprobes: Make list and blacklist root user read only\n (git-fixes).\n\n - kvm: PPC: Book3S PR: Enable use on POWER9 inside\n HPT-mode guests (bsc#1118484).\n\n - kvm: svm: Ensure an IBPB on all affected CPUs when\n freeing a vmcb (bsc#1114279).\n\n - libata: whitelist all SAMSUNG MZ7KM* solid-state disks\n (bsc#1051510).\n\n - libceph: fall back to sendmsg for slab pages\n (bsc#1118316).\n\n - libnvdimm, pfn: Pad pfn namespaces relative to other\n regions (bsc#1118962).\n\n - lib/raid6: Fix arm64 test build (bsc#1051510).\n\n - lib/ubsan.c: do not mark\n __ubsan_handle_builtin_unreachable as noreturn\n (bsc#1051510).\n\n - Limit max FW API version for QCA9377 (bsc#1121714,\n bsc#1121715).\n\n - linux/bitmap.h: fix type of nbits in\n bitmap_shift_right() (bsc#1051510).\n\n - locking/barriers: Convert users of\n lockless_dereference() to READ_ONCE() (Git-fixes).\n\n - locking/static_keys: Improve uninitialized key warning\n (bsc#1106913).\n\n - mac80211: Clear beacon_int in ieee80211_do_stop\n (bsc#1051510).\n\n - mac80211: fix reordering of buffered broadcast packets\n (bsc#1051510).\n\n - mac80211_hwsim: fix module init error paths for netlink\n (bsc#1051510).\n\n - mac80211_hwsim: Timer should be initialized before\n device registered (bsc#1051510).\n\n - mac80211: ignore NullFunc frames in the duplicate\n detection (bsc#1051510).\n\n - mac80211: ignore tx status for PS stations in\n ieee80211_tx_status_ext (bsc#1051510).\n\n - Mark HI and TASKLET softirq synchronous (git-fixes).\n\n - media: em28xx: Fix use-after-free when disconnecting\n (bsc#1051510).\n\n - media: em28xx: make v4l2-compliance happier by starting\n sequence on zero (bsc#1051510).\n\n - media: omap3isp: Unregister media device as first\n (bsc#1051510).\n\n - mmc: bcm2835: reset host on timeout (bsc#1051510).\n\n - mmc: core: Allow BKOPS and CACHE ctrl even if no HPI\n support (bsc#1051510).\n\n - mmc: core: Reset HPI enabled state during re-init and in\n case of errors (bsc#1051510).\n\n - mmc: core: Use a minimum 1600ms timeout when enabling\n CACHE ctrl (bsc#1051510).\n\n - mmc: dw_mmc-bluefield: Add driver extension\n (bsc#1118752).\n\n - mmc: dw_mmc-k3: add sd support for hi3660 (bsc#1118752).\n\n - MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310\n (bsc#1051510).\n\n - mmc: omap_hsmmc: fix DMA API warning (bsc#1051510).\n\n - mmc: sdhci: fix the timeout check window for clock and\n reset (bsc#1051510).\n\n - mm: do not miss the last page because of round-off error\n (bnc#1118798).\n\n - mm: do not warn about large allocations for slab (git\n fixes (slab)).\n\n - mm/huge_memory.c: reorder operations in\n __split_huge_page_tail() (VM Functionality bsc#1119962).\n\n - mm: hugetlb: yield when prepping struct pages (git fixes\n (memory initialisation)).\n\n - mm: lower the printk loglevel for __dump_page messages\n (generic hotplug debugability).\n\n - mm, memory_hotplug: be more verbose for memory offline\n failures (generic hotplug debugability).\n\n - mm, memory_hotplug: drop pointless block alignment\n checks from __offline_pages (generic hotplug\n debugability).\n\n - mm, memory_hotplug: print reason for the offlining\n failure (generic hotplug debugability).\n\n - mm: migration: fix migration of huge PMD shared pages\n (bnc#1086423).\n\n - mm: only report isolation failures when offlining memory\n (generic hotplug debugability).\n\n - mm: print more information about mapping in __dump_page\n (generic hotplug debugability).\n\n - mm: put_and_wait_on_page_locked() while page is migrated\n (bnc#1109272).\n\n - mm: sections are not offlined during memory hotremove\n (bnc#1119968).\n\n - mm: shmem.c: Correctly annotate new inodes for lockdep\n (Git fixes: shmem).\n\n - mm/vmstat.c: fix NUMA statistics updates (git fixes).\n\n - Move dell_rbu fix to sorted section (bsc#1087978).\n\n - mtd: cfi: convert inline functions to macros\n (git-fixes).\n\n - mtd: Fix comparison in map_word_andequal() (git-fixes).\n\n - namei: allow restricted O_CREAT of FIFOs and regular\n files (bsc#1118766).\n\n - nbd: do not allow invalid blocksize settings\n (Git-fixes).\n\n - net: bgmac: Fix endian access in\n bgmac_dma_tx_ring_free() (bsc#1051510).\n\n - net: dsa: mv88e6xxx: Fix binding documentation for MDIO\n busses (git-fixes).\n\n - net: dsa: qca8k: Add QCA8334 binding documentation\n (git-fixes).\n\n - net: ena: fix crash during ena_remove() (bsc#1111696\n bsc#1117561).\n\n - net: ena: update driver version from 2.0.1 to 2.0.2\n (bsc#1111696 bsc#1117561).\n\n - net: hns3: Add nic state check before calling\n netif_tx_wake_queue (bsc#1104353).\n\n - net: hns3: Add support for\n hns3_nic_netdev_ops.ndo_do_ioctl (bsc#1104353).\n\n - net: hns3: bugfix for buffer not free problem during\n resetting (bsc#1104353).\n\n - net: hns3: bugfix for handling mailbox while the command\n queue reinitialized (bsc#1104353).\n\n - net: hns3: bugfix for hclge_mdio_write and\n hclge_mdio_read (bsc#1104353).\n\n - net: hns3: bugfix for is_valid_csq_clean_head()\n (bsc#1104353 ).\n\n - net: hns3: bugfix for reporting unknown vector0\n interrupt repeatly problem (bsc#1104353).\n\n - net: hns3: bugfix for rtnl_lock's range in the\n hclgevf_reset() (bsc#1104353).\n\n - net: hns3: bugfix for the initialization of command\n queue's spin lock (bsc#1104353).\n\n - net: hns3: Check hdev state when getting link status\n (bsc#1104353).\n\n - net: hns3: Clear client pointer when initialize client\n failed or unintialize finished (bsc#1104353).\n\n - net: hns3: Fix cmdq registers initialization issue for\n vf (bsc#1104353).\n\n - net: hns3: Fix error of checking used vlan id\n (bsc#1104353 ).\n\n - net: hns3: Fix ets validate issue (bsc#1104353).\n\n - net: hns3: Fix for netdev not up problem when setting\n mtu (bsc#1104353).\n\n - net: hns3: Fix for out-of-bounds access when setting pfc\n back pressure (bsc#1104353).\n\n - net: hns3: Fix for packet buffer setting bug\n (bsc#1104353 ).\n\n - net: hns3: Fix for rx vlan id handle to support Rev 0x21\n hardware (bsc#1104353).\n\n - net: hns3: Fix for setting speed for phy failed problem\n (bsc#1104353).\n\n - net: hns3: Fix for vf vlan delete failed problem\n (bsc#1104353 ).\n\n - net: hns3: Fix loss of coal configuration while doing\n reset (bsc#1104353).\n\n - net: hns3: Fix parameter type for q_id in\n hclge_tm_q_to_qs_map_cfg() (bsc#1104353).\n\n - net: hns3: Fix ping exited problem when doing lp\n selftest (bsc#1104353).\n\n - net: hns3: Preserve vlan 0 in hardware table\n (bsc#1104353 ).\n\n - net: hns3: remove unnecessary queue reset in the\n hns3_uninit_all_ring() (bsc#1104353).\n\n - net: hns3: Set STATE_DOWN bit of hdev state when\n stopping net (bsc#1104353).\n\n - net/mlx4_core: Correctly set PFC param if global pause\n is turned off (bsc#1046299).\n\n - net: usb: r8152: constify usb_device_id (bsc#1119749).\n\n - net: usb: r8152: use irqsave() in USB's complete\n callback (bsc#1119749).\n\n - nospec: Allow index argument to have const-qualified\n type (git-fixes)\n\n - nospec: Kill array_index_nospec_mask_check()\n (git-fixes).\n\n - nvme-fc: resolve io failures during connect\n (bsc#1116803).\n\n - nvme-multipath: zero out ANA log buffer (bsc#1105168).\n\n - nvme: validate controller state before rescheduling keep\n alive (bsc#1103257).\n\n - objtool: Detect RIP-relative switch table references\n (bsc#1058115).\n\n - objtool: Detect RIP-relative switch table references,\n part 2 (bsc#1058115).\n\n - objtool: Fix another switch table detection issue\n (bsc#1058115).\n\n - objtool: Fix double-free in .cold detection error path\n (bsc#1058115).\n\n - objtool: Fix GCC 8 cold subfunction detection for\n aliased functions (bsc#1058115).\n\n - objtool: Fix 'noreturn' detection for recursive sibling\n calls (bsc#1058115).\n\n - objtool: Fix segfault in .cold detection with\n -ffunction-sections (bsc#1058115).\n\n - objtool: Support GCC 8's cold subfunctions\n (bsc#1058115).\n\n - objtool: Support GCC 8 switch tables (bsc#1058115).\n\n - panic: avoid deadlocks in re-entrant console drivers\n (bsc#1088386).\n\n - PCI: Add ACS quirk for Ampere root ports (bsc#1120058).\n\n - PCI: Add ACS quirk for APM X-Gene devices (bsc#1120058).\n\n - PCI: Convert device-specific ACS quirks from NULL\n termination to ARRAY_SIZE (bsc#1120058).\n\n - PCI: Delay after FLR of Intel DC P3700 NVMe\n (bsc#1120058).\n\n - PCI: Disable Samsung SM961/PM961 NVMe before FLR\n (bsc#1120058).\n\n - PCI: Export pcie_has_flr() (bsc#1120058).\n\n - PCI: iproc: Activate PAXC bridge quirk for more devices\n (bsc#1120058).\n\n - PCI: Mark Ceton InfiniTV4 INTx masking as broken\n (bsc#1120058).\n\n - PCI: Mark fall-through switch cases before enabling\n -Wimplicit-fallthrough (bsc#1120058).\n\n - PCI: Mark Intel XXV710 NIC INTx masking as broken\n (bsc#1120058).\n\n - perf tools: Fix tracing_path_mount proper path\n (git-fixes).\n\n - platform-msi: Free descriptors in\n platform_msi_domain_free() (bsc#1051510).\n\n - powerpc/64s: consolidate MCE counter increment\n (bsc#1094244).\n\n - powerpc/64s/radix: Fix process table entry cache\n invalidation (bsc#1055186, git-fixes).\n\n - powerpc/boot: Expose Kconfig symbols to wrapper\n (bsc#1065729).\n\n - powerpc/boot: Fix build failures with -j 1\n (bsc#1065729).\n\n - powerpc/pkeys: Fix handling of pkey state across fork()\n (bsc#1078248, git-fixes).\n\n - powerpc/powernv: Fix save/restore of SPRG3 on entry/exit\n from stop (idle) (bsc#1055121).\n\n - powerpc/pseries: Track LMB nid instead of using device\n tree (bsc#1108270).\n\n - powerpc/traps: restore recoverability of machine_check\n interrupts (bsc#1094244).\n\n - power: supply: olpc_battery: correct the temperature\n units (bsc#1051510).\n\n - ptrace: Remove unused ptrace_may_access_sched() and\n MODE_IBRS (bsc#1106913).\n\n - qed: Add driver support for 20G link speed\n (bsc#1110558).\n\n - qed: Add support for virtual link (bsc#1111795).\n\n - qede: Add driver support for 20G link speed\n (bsc#1110558).\n\n - r8152: add byte_enable for ocp_read_word function\n (bsc#1119749).\n\n - r8152: add Linksys USB3GIGV1 id (bsc#1119749).\n\n - r8152: add r8153_phy_status function (bsc#1119749).\n\n - r8152: adjust lpm settings for RTL8153 (bsc#1119749).\n\n - r8152: adjust rtl8153_runtime_enable function\n (bsc#1119749).\n\n - r8152: adjust the settings about MAC clock speed down\n for RTL8153 (bsc#1119749).\n\n - r8152: adjust U2P3 for RTL8153 (bsc#1119749).\n\n - r8152: avoid rx queue more than 1000 packets\n (bsc#1119749).\n\n - r8152: check if disabling ALDPS is finished\n (bsc#1119749).\n\n - r8152: correct the definition (bsc#1119749).\n\n - r8152: disable RX aggregation on Dell TB16 dock\n (bsc#1119749).\n\n - r8152: disable RX aggregation on new Dell TB16 dock\n (bsc#1119749).\n\n - r8152: fix wrong checksum status for received IPv4\n packets (bsc#1119749).\n\n - r8152: move calling delay_autosuspend function\n (bsc#1119749).\n\n - r8152: move the default coalesce setting for RTL8153\n (bsc#1119749).\n\n - r8152: move the initialization to reset_resume function\n (bsc#1119749).\n\n - r8152: move the setting of rx aggregation (bsc#1119749).\n\n - r8152: replace napi_complete with napi_complete_done\n (bsc#1119749).\n\n - r8152: set rx mode early when linking on (bsc#1119749).\n\n - r8152: split rtl8152_resume function (bsc#1119749).\n\n - r8152: support new chip 8050 (bsc#1119749).\n\n - r8152: support RTL8153B (bsc#1119749).\n\n - rbd: whitelist RBD_FEATURE_OPERATIONS feature bit\n (Git-fixes).\n\n - rcu: Allow for page faults in NMI handlers\n (bsc#1120092).\n\n - rdma/bnxt_re: Add missing spin lock initialization\n (bsc#1050244 ).\n\n - rdma/bnxt_re: Avoid accessing the device structure after\n it is freed (bsc#1050244).\n\n - rdma/bnxt_re: Avoid NULL check after accessing the\n pointer (bsc#1086283).\n\n - rdma/bnxt_re: Fix system hang when registration with L2\n driver fails (bsc#1086283).\n\n - rdma/hns: Bugfix pbl configuration for rereg mr\n (bsc#1104427 ).\n\n - rdma_rxe: make rxe work over 802.1q VLAN devices\n (bsc#1082387).\n\n - reset: remove remaining WARN_ON() in <linux/reset.h>\n (Git-fixes).\n\n - Revert commit ef9209b642f 'staging: rtl8723bs: Fix\n indenting errors and an off-by-one mistake in\n core/rtw_mlme_ext.c' (bsc#1051510).\n\n - Revert 'iommu/io-pgtable-arm: Check for v7s-incapable\n systems' (bsc#1106105).\n\n - Revert 'PCI/ASPM: Do not initialize link state when\n aspm_disabled is set' (bsc#1051510).\n\n - Revert 'scsi: lpfc: ls_rjt erroneus FLOGIs'\n (bsc#1119322).\n\n - ring-buffer: Allow for rescheduling when removing pages\n (bsc#1120238).\n\n - ring-buffer: Do no reuse reader page if still in use\n (bsc#1120096).\n\n - ring-buffer: Mask out the info bits when returning\n buffer page length (bsc#1120094).\n\n - rtc: hctosys: Add missing range error reporting\n (bsc#1051510).\n\n - rtc: m41t80: Correct alarm month range with RTC reads\n (bsc#1051510).\n\n - rtc: pcf2127: fix a kmemleak caused in\n pcf2127_i2c_gather_write (bsc#1051510).\n\n - rtc: snvs: Add timeouts to avoid kernel lockups\n (bsc#1051510).\n\n - rtl8xxxu: Fix missing break in switch (bsc#1051510).\n\n - s390/dasd: simplify locking in dasd_times_out\n (bsc#1104967,).\n\n - s390/kdump: Fix elfcorehdr size calculation\n (bsc#1117953, LTC#171112).\n\n - s390/kdump: Make elfcorehdr size calculation ABI\n compliant (bsc#1117953, LTC#171112).\n\n - s390/qeth: fix length check in SNMP processing\n (bsc#1117953, LTC#173657).\n\n - s390/qeth: remove outdated portname debug msg\n (bsc#1117953, LTC#172960).\n\n - s390/qeth: sanitize strings in debug messages\n (bsc#1117953, LTC#172960).\n\n - sbitmap: fix race in wait batch accounting (Git-fixes).\n\n - sched/core: Fix cpu.max vs. cpuhotplug deadlock\n (bsc#1106913).\n\n - sched/fair: Fix infinite loop in\n update_blocked_averages() by reverting a9e7f6544b9c (Git\n fixes (scheduler)).\n\n - sched/smt: Expose sched_smt_present static key\n (bsc#1106913).\n\n - sched/smt: Make sched_smt_present track topology\n (bsc#1106913).\n\n - sched, tracing: Fix trace_sched_pi_setprio() for\n deboosting (bsc#1120228).\n\n - scripts/git-pre-commit: make executable.\n\n - scripts/git_sort/git_sort.py: change SCSI git repos to\n make series sorting more failsafe.\n\n - scsi: lpfc: Cap NPIV vports to 256 (bsc#1118215).\n\n - scsi: lpfc: Correct code setting non existent bits in\n sli4 ABORT WQE (bsc#1118215).\n\n - scsi: lpfc: Correct topology type reporting on G7\n adapters (bsc#1118215).\n\n - scsi: lpfc: Defer LS_ACC to FLOGI on point to point\n logins (bsc#1118215).\n\n - scsi: lpfc: Enable Management features for IF_TYPE=6\n (bsc#1119322).\n\n - scsi: lpfc: Fix a duplicate 0711 log message number\n (bsc#1118215).\n\n - scsi: lpfc: fix block guard enablement on SLI3 adapters\n (bsc#1079935).\n\n - scsi: lpfc: Fix dif and first burst use in write\n commands (bsc#1118215).\n\n - scsi: lpfc: Fix discovery failures during port failovers\n with lots of vports (bsc#1118215).\n\n - scsi: lpfc: Fix driver release of fw-logging buffers\n (bsc#1118215).\n\n - scsi: lpfc: Fix kernel Oops due to null pring pointers\n (bsc#1118215).\n\n - scsi: lpfc: Fix panic when FW-log buffsize is not\n initialized (bsc#1118215).\n\n - scsi: lpfc: ls_rjt erroneus FLOGIs (bsc#1118215).\n\n - scsi: lpfc: refactor mailbox structure context fields\n (bsc#1118215).\n\n - scsi: lpfc: rport port swap discovery issue\n (bsc#1118215).\n\n - scsi: lpfc: update driver version to 12.0.0.9\n (bsc#1118215).\n\n - scsi: lpfc: update manufacturer attribute to reflect\n Broadcom (bsc#1118215).\n\n - scsi: target: add emulate_pr backstore attr to toggle PR\n support (bsc#1091405).\n\n - scsi: target: drop unused pi_prot_format attribute\n storage (bsc#1091405).\n\n - scsi: zfcp: fix posting too many status read buffers\n leading to adapter shutdown (bsc#1121483, LTC#174588).\n\n - skd: Avoid that module unloading triggers a\n use-after-free (Git-fixes).\n\n - skd: Submit requests to firmware before triggering the\n doorbell (Git-fixes).\n\n - soc: bcm2835: sync firmware properties with downstream\n ()\n\n - spi: bcm2835: Avoid finishing transfer prematurely in\n IRQ mode (bsc#1051510).\n\n - spi: bcm2835: Fix book-keeping of DMA termination\n (bsc#1051510).\n\n - spi: bcm2835: Fix race on DMA termination (bsc#1051510).\n\n - spi: bcm2835: Unbreak the build of esoteric configs\n (bsc#1051510).\n\n - splice: do not read more than available pipe space\n (bsc#1119212).\n\n - staging: bcm2835-camera: Abort probe if there is no\n camera (bsc#1051510).\n\n - staging: rtl8712: Fix possible buffer overrun\n (bsc#1051510).\n\n - staging: rtl8723bs: Add missing return for\n cfg80211_rtw_get_station (bsc#1051510).\n\n - staging: rts5208: fix gcc-8 logic error warning\n (bsc#1051510).\n\n - staging: wilc1000: fix missing read_write setting when\n reading data (bsc#1051510).\n\n - Stop building F2FS (boo#1109665) As per the information\n in the bugzilla issue f2fs is no longer supported on\n opensuse distributions.\n\n - supported.conf: add raspberrypi-ts driver\n\n - supported.conf: whitelist bluefield eMMC driver\n\n - target/iscsi: avoid NULL dereference in CHAP auth error\n path (bsc#1117165).\n\n - target: se_dev_attrib.emulate_pr ABI stability\n (bsc#1091405).\n\n - team: no need to do team_notify_peers or\n team_mcast_rejoin when disabling port (bsc#1051510).\n\n - termios, tty/tty_baudrate.c: fix buffer overrun\n (bsc#1051510).\n\n - test_hexdump: use memcpy instead of strncpy\n (bsc#1051510).\n\n - tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with\n a negative offset (bsc#1051510).\n\n - tools: hv: fcopy: set 'error' in case an unknown\n operation was requested (git-fixes).\n\n - tools: hv: include string.h in hv_fcopy_daemon\n (git-fixes).\n\n - tools/power/cpupower: fix compilation with STATIC=true\n (git-fixes).\n\n - tools/power turbostat: fix possible sprintf buffer\n overflow (git-fixes).\n\n - tracing/blktrace: Fix to allow setting same value\n (Git-fixes).\n\n - tracing: Fix bad use of igrab in trace_uprobe.c\n (bsc#1120046).\n\n - tracing: Fix crash when freeing instances with event\n triggers (bsc#1120230).\n\n - tracing: Fix crash when it fails to alloc ring buffer\n (bsc#1120097).\n\n - tracing: Fix double free of event_trigger_data\n (bsc#1120234).\n\n - tracing: Fix missing return symbol in function_graph\n output (bsc#1120232).\n\n - tracing: Fix possible double free in\n event_enable_trigger_func() (bsc#1120235).\n\n - tracing: Fix possible double free on failure of\n allocating trace buffer (bsc#1120214).\n\n - tracing: Fix regex_match_front() to not over compare the\n test string (bsc#1120223).\n\n - tracing: Fix trace_pipe behavior for instance traces\n (bsc#1120088).\n\n - tracing: Remove RCU work arounds from stack tracer\n (bsc#1120092).\n\n - tracing/samples: Fix creation and deletion of\n simple_thread_fn creation (git-fixes).\n\n - tty: Do not return -EAGAIN in blocking read\n (bsc#1116040).\n\n - tty: do not set TTY_IO_ERROR flag if console port\n (bsc#1051510).\n\n - tty: serial: 8250_mtk: always resume the device in probe\n (bsc#1051510).\n\n - ubifs: Handle re-linking of inodes correctly while\n recovery (bsc#1120598).\n\n - udf: Allow mounting volumes with incorrect\n identification strings (bsc#1118774).\n\n - unifdef: use memcpy instead of strncpy (bsc#1051510).\n\n - usb: appledisplay: Add 27' Apple Cinema Display\n (bsc#1051510).\n\n - usb: core: quirks: add RESET_RESUME quirk for Cherry\n G230 Stream series (bsc#1051510).\n\n - usb: dwc2: host: use hrtimer for NAK retries\n (git-fixes).\n\n - usb: hso: Fix OOB memory access in\n hso_probe/hso_get_config_data (bsc#1051510).\n\n - usbip: vhci_hcd: check rhport before using in\n vhci_hub_control() (bsc#1090888).\n\n - usb: omap_udc: fix crashes on probe error and module\n removal (bsc#1051510).\n\n - usb: omap_udc: fix omap_udc_start() on 15xx machines\n (bsc#1051510).\n\n - usb: omap_udc: fix USB gadget functionality on Palm\n Tungsten E (bsc#1051510).\n\n - usb: omap_udc: use devm_request_irq() (bsc#1051510).\n\n - usb: quirk: add no-LPM quirk on SanDisk Ultra Flair\n device (bsc#1051510).\n\n - usb: serial: option: add Fibocom NL668 series\n (bsc#1051510).\n\n - usb: serial: option: add GosunCn ZTE WeLink ME3630\n (bsc#1051510).\n\n - usb: serial: option: add HP lt4132 (bsc#1051510).\n\n - usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM\n mode) (bsc#1051510).\n\n - usb: serial: option: add Telit LN940 series\n (bsc#1051510).\n\n - usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in\n vhci_hub_control() (bsc#1106110).\n\n - usb: usb-storage: Add new IDs to ums-realtek\n (bsc#1051510).\n\n - usb: xhci: fix uninitialized completion when USB3 port\n got wrong status (bsc#1051510).\n\n - usb: xhci: Prevent bus suspend if a port connect change\n or polling state is detected (bsc#1051510).\n\n - userfaultfd: clear the vma->vm_userfaultfd_ctx if\n UFFD_EVENT_FORK fails (bsc#1118761).\n\n - userfaultfd: remove uffd flags from vma->vm_flags if\n UFFD_EVENT_FORK fails (bsc#1118809).\n\n - v9fs_dir_readdir: fix double-free on p9stat_read error\n (bsc#1118771).\n\n - watchdog/core: Add missing prototypes for weak functions\n (git-fixes).\n\n - wireless: airo: potential buffer overflow in sprintf()\n (bsc#1051510).\n\n - wlcore: Fix the return value in case of error in\n 'wlcore_vendor_cmd_smart_config_start()' (bsc#1051510).\n\n - x86/bugs: Add AMD's SPEC_CTRL MSR usage (bsc#1106913).\n\n - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR\n (bsc#1106913).\n\n - x86/bugs: Switch the selection of mitigation from CPU\n vendor to CPU features (bsc#1106913).\n\n - x86/decoder: Fix and update the opcodes map\n (bsc#1058115).\n\n - x86/kabi: Fix cpu_tlbstate issue (bsc#1106913).\n\n - x86/l1tf: Show actual SMT state (bsc#1106913).\n\n - x86/MCE/AMD: Fix the thresholding machinery\n initialization order (bsc#1114279).\n\n - x86/mm: Fix decoy address handling vs 32-bit builds\n (bsc#1120606).\n\n - x86/PCI: Add additional VMD device root ports to VMD AER\n quirk (bsc#1120058).\n\n - x86/PCI: Add 'pci=big_root_window' option for AMD 64-bit\n windows (bsc#1120058).\n\n - x86/PCI: Apply VMD's AERSID fixup generically\n (bsc#1120058).\n\n - x86/PCI: Avoid AMD SB7xx EHCI USB wakeup defect\n (bsc#1120058).\n\n - x86/PCI: Enable a 64bit BAR on AMD Family 15h (Models\n 00-1f, 30-3f, 60-7f) (bsc#1120058).\n\n - x86/PCI: Enable AMD 64-bit window on resume\n (bsc#1120058).\n\n - x86/PCI: Fix infinite loop in search for 64bit BAR\n placement (bsc#1120058).\n\n - x86/PCI: Move and shrink AMD 64-bit window to avoid\n conflict (bsc#1120058).\n\n - x86/PCI: Move VMD quirk to x86 fixups (bsc#1120058).\n\n - x86/PCI: Only enable a 64bit BAR on single-socket AMD\n Family 15h (bsc#1120058).\n\n - x86/PCI: Use is_vmd() rather than relying on the domain\n number (bsc#1120058).\n\n - x86/process: Consolidate and simplify switch_to_xtra()\n code (bsc#1106913).\n\n - x86/pti: Document fix wrong index (git-fixes).\n\n - x86/retpoline: Make CONFIG_RETPOLINE depend on compiler\n support (bsc#1106913).\n\n - x86/retpoline: Remove minimal retpoline support\n (bsc#1106913).\n\n - x86/speculataion: Mark command line parser data\n __initdata (bsc#1106913).\n\n - x86/speculation: Add command line control for indirect\n branch speculation (bsc#1106913).\n\n - x86/speculation: Add prctl() control for indirect branch\n speculation (bsc#1106913).\n\n - x86/speculation: Add seccomp Spectre v2 user space\n protection mode (bsc#1106913).\n\n - x86/speculation: Apply IBPB more strictly to avoid\n cross-process data leak (bsc#1106913).\n\n - x86/speculation: Avoid __switch_to_xtra() calls\n (bsc#1106913).\n\n - x86/speculation: Clean up spectre_v2_parse_cmdline()\n (bsc#1106913).\n\n - x86/speculation: Disable STIBP when enhanced IBRS is in\n use (bsc#1106913).\n\n - x86/speculation: Enable cross-hyperthread spectre v2\n STIBP mitigation (bsc#1106913).\n\n - x86/speculation: Enable prctl mode for spectre_v2_user\n (bsc#1106913).\n\n - x86/speculation/l1tf: Drop the swap storage limit\n restriction when l1tf=off (bnc#1114871).\n\n - x86/speculation: Mark string arrays const correctly\n (bsc#1106913).\n\n - x86/speculation: Move STIPB/IBPB string conditionals out\n of cpu_show_common() (bsc#1106913).\n\n - x86/speculation: Prepare arch_smt_update() for PRCTL\n mode (bsc#1106913).\n\n - x86/speculation: Prepare for conditional IBPB in\n switch_mm() (bsc#1106913).\n\n - x86/speculation: Prepare for per task indirect branch\n speculation control (bsc#1106913).\n\n - x86/speculation: Prevent stale SPEC_CTRL msr content\n (bsc#1106913).\n\n - x86/speculation: Propagate information about RSB filling\n mitigation to sysfs (bsc#1106913).\n\n - x86/speculation: Provide IBPB always command line\n options (bsc#1106913).\n\n - x86/speculation: Remove unnecessary ret variable in\n cpu_show_common() (bsc#1106913).\n\n - x86/speculation: Rename SSBD update functions\n (bsc#1106913).\n\n - x86/speculation: Reorder the spec_v2 code (bsc#1106913).\n\n - x86/speculation: Reorganize speculation control MSRs\n update (bsc#1106913).\n\n - x86/speculation: Rework SMT state change (bsc#1106913).\n\n - x86/speculation: Split out TIF update (bsc#1106913).\n\n - x86/speculation: Unify conditional spectre v2 print\n functions (bsc#1106913).\n\n - x86/speculation: Update the TIF_SSBD comment\n (bsc#1106913).\n\n - xen/netfront: tolerate frags with no data (bnc#1119804).\n\n - xen/x86: add diagnostic printout to xen_mc_flush() in\n case of error (bnc#1116183).\n\n - xfs: Align compat attrlist_by_handle with native\n implementation (git-fixes).\n\n - xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat\n (git-fixes).\n\n - xfs: xfs_buf: drop useless LIST_HEAD (git-fixes).\n\n - xhci: Add quirk to workaround the errata seen on Cavium\n Thunder-X2 Soc (bsc#1117162).\n\n - xhci: Do not prevent USB2 bus suspend in state check\n intended for USB3 only (bsc#1051510).\n\n - xhci: Prevent U1/U2 link pm states if exit latency is\n too long (bsc#1051510).\n\n - xfs: fix quotacheck dquot id overflow infinite loop\n (bsc#1121621).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1024718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1046299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055121\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1060463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1078248\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1079935\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082387\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1083647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086282\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086283\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1087978\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1088386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1090888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1091405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1102875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1102877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1102879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1102882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1102896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103257\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104967\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1105168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108270\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109272\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111696\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1116841\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117165\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117656\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117953\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118316\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118319\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118484\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118760\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118761\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118766\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118768\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118771\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118773\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118809\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118962\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119212\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119749\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119946\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119962\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119968\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120036\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120046\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120054\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120055\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120088\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120092\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120173\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120223\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120228\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120230\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120238\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120601\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120606\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120613\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120614\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120616\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120617\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120620\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120621\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120632\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120743\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1121017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1121058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1121263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1121273\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1121477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1121483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1121621\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1121714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1121715\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-9568\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/03/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-4.12.14-lp150.12.45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-base-4.12.14-lp150.12.45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-base-debuginfo-4.12.14-lp150.12.45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-debuginfo-4.12.14-lp150.12.45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-debugsource-4.12.14-lp150.12.45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-devel-4.12.14-lp150.12.45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-devel-debuginfo-4.12.14-lp150.12.45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-4.12.14-lp150.12.45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-base-4.12.14-lp150.12.45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-base-debuginfo-4.12.14-lp150.12.45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-debuginfo-4.12.14-lp150.12.45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-debugsource-4.12.14-lp150.12.45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-devel-4.12.14-lp150.12.45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-devel-debuginfo-4.12.14-lp150.12.45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-devel-4.12.14-lp150.12.45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-docs-html-4.12.14-lp150.12.45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-4.12.14-lp150.12.45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-base-4.12.14-lp150.12.45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-lp150.12.45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-lp150.12.45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-debugsource-4.12.14-lp150.12.45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-devel-4.12.14-lp150.12.45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-lp150.12.45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-macros-4.12.14-lp150.12.45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-build-4.12.14-lp150.12.45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-build-debugsource-4.12.14-lp150.12.45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-qa-4.12.14-lp150.12.45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-source-4.12.14-lp150.12.45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-source-vanilla-4.12.14-lp150.12.45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-syms-4.12.14-lp150.12.45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-4.12.14-lp150.12.45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-base-4.12.14-lp150.12.45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-lp150.12.45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-debuginfo-4.12.14-lp150.12.45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-debugsource-4.12.14-lp150.12.45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-devel-4.12.14-lp150.12.45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-lp150.12.45.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-10T15:46:08", "description": "The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.175 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free. (bnc#1124728)\n\nCVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124732).\n\nCVE-2019-7222: Fixed an information leakage in the KVM hypervisor related to handling page fault exceptions, which allowed a guest user/process to use this flaw to leak the host's stack memory contents to a guest (bsc#1124735).\n\nCVE-2018-1120: By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker could have caused utilities from psutils or procps (such as ps, w) or any other program which made a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks) (bnc#1093158).\n</pid></pid>\n\nCVE-2018-16862: A security flaw was found in a way that the cleancache subsystem clears an inode after the final file truncation (removal).\nThe new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186).\n\nCVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946).\n\nCVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841).\n\nCVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152).\n\nCVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743).\n\nCVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714).\n\nCVE-2018-5391: The Linux kernel was vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size (bnc#1103097).\n\nCVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319).\n\nCVE-2019-3459,CVE-2019-3460: Two remote information leak vulnerabilities in the Bluetooth stack were fixed that could potentially leak kernel information (bsc#1120758)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-03-05T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:0541-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1120", "CVE-2018-16862", "CVE-2018-16884", "CVE-2018-19407", "CVE-2018-19824", "CVE-2018-19985", "CVE-2018-20169", "CVE-2018-5391", "CVE-2018-9568", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-6974", "CVE-2019-7221", "CVE-2019-7222"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-0541-1.NASL", "href": "https://www.tenable.com/plugins/nessus/122609", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0541-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122609);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\n \"CVE-2018-1120\",\n \"CVE-2018-5391\",\n \"CVE-2018-9568\",\n \"CVE-2018-16862\",\n \"CVE-2018-16884\",\n \"CVE-2018-19407\",\n \"CVE-2018-19824\",\n \"CVE-2018-19985\",\n \"CVE-2018-20169\",\n \"CVE-2019-3459\",\n \"CVE-2019-3460\",\n \"CVE-2019-6974\",\n \"CVE-2019-7221\",\n \"CVE-2019-7222\"\n );\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:0541-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.175 to\nreceive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c\nmishandled reference counting because of a race condition, leading to\na use-after-free. (bnc#1124728)\n\nCVE-2019-7221: Fixed a user-after-free vulnerability in the KVM\nhypervisor related to the emulation of a preemption timer, allowing an\nguest user/process to crash the host kernel. (bsc#1124732).\n\nCVE-2019-7222: Fixed an information leakage in the KVM hypervisor\nrelated to handling page fault exceptions, which allowed a guest\nuser/process to use this flaw to leak the host's stack memory contents\nto a guest (bsc#1124735).\n\nCVE-2018-1120: By mmap()ing a FUSE-backed file onto a process's memory\ncontaining command line arguments (or environment strings), an\nattacker could have caused utilities from psutils or procps (such as\nps, w) or any other program which made a read() call to the\n/proc/<pid>/cmdline (or /proc/<pid>/environ) files to block\nindefinitely (denial of service) or for some controlled time (as a\nsynchronization primitive for other attacks) (bnc#1093158).\n</pid></pid>\n\nCVE-2018-16862: A security flaw was found in a way that the cleancache\nsubsystem clears an inode after the final file truncation (removal).\nThe new file created with the same inode may contain leftover pages\nfrom cleancache and the old file data instead of the new one\n(bnc#1117186).\n\nCVE-2018-16884: NFS41+ shares mounted in different network namespaces\nat the same time can make bc_svc_process() use wrong back-channel IDs\nand cause a use-after-free vulnerability. Thus a malicious container\nuser can cause a host kernel memory corruption and a system panic. Due\nto the nature of the flaw, privilege escalation cannot be fully ruled\nout (bnc#1119946).\n\nCVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c\nallowed local users to cause a denial of service (NULL pointer\ndereference and BUG) via crafted system calls that reach a situation\nwhere ioapic is uninitialized (bnc#1116841).\n\nCVE-2018-19824: A local user could exploit a use-after-free in the\nALSA driver by supplying a malicious USB Sound device (with zero\ninterfaces) that is mishandled in usb_audio_probe in sound/usb/card.c\n(bnc#1118152).\n\nCVE-2018-19985: The function hso_probe read if_num from the USB device\n(as an u8) and used it without a length check to index an array,\nresulting in an OOB memory read in hso_probe or hso_get_config_data\nthat could be used by local attackers (bnc#1120743).\n\nCVE-2018-20169: The USB subsystem mishandled size checks during the\nreading of an extra descriptor, related to __usb_get_extra_descriptor\nin drivers/usb/core/usb.c (bnc#1119714).\n\nCVE-2018-5391: The Linux kernel was vulnerable to a denial of service\nattack with low rates of specially modified packets targeting IP\nfragment re-assembly. An attacker may cause a denial of service\ncondition by sending specially crafted IP fragments. Various\nvulnerabilities in IP fragmentation have been discovered and fixed\nover the years. The current vulnerability (CVE-2018-5391) became\nexploitable in the Linux kernel with the increase of the IP fragment\nreassembly queue size (bnc#1103097).\n\nCVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory\ncorruption due to type confusion. This could lead to local escalation\nof privilege with no additional execution privileges needed. User\ninteraction is not needed for exploitation. (bnc#1118319).\n\nCVE-2019-3459,CVE-2019-3460: Two remote information leak\nvulnerabilities in the Bluetooth stack were fixed that could\npotentially leak kernel information (bsc#1120758)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015336\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015337\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015340\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020413\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023175\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027260\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043083\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046264\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048916\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066223\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1068032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1070805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078355\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1079935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1091405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1093158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094823\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099523\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1100105\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102439\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102875\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103257\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104098\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104731\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106061\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106105\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106237\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106929\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107866\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109272\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109806\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111174\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111809\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112246\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113412\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113766\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114190\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114417\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114475\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114763\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114839\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115433\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115482\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116183\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116336\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116345\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116497\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116841\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116924\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117165\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117562\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118152\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118316\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118319\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118505\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118798\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118915\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118922\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118926\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118936\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119680\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119714\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119970\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120743\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121239\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121275\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121621\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122885\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123321\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123357\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123933\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124735\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124777\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124811\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125000\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125794\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125796\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125808\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125809\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125892\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=985031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-1120/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16862/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16884/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-19407/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-19824/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-19985/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20169/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-5391/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-9568/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3459/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3460/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-6974/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-7221/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-7222/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190541-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3754f527\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2019-541=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2019-541=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-541=1\n\nSUSE Linux Enterprise Live Patching 12-SP3:zypper in -t patch\nSUSE-SLE-Live-Patching-12-SP3-2019-541=1\n\nSUSE Linux Enterprise High Availability 12-SP3:zypper in -t patch\nSUSE-SLE-HA-12-SP3-2019-541=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2019-541=1\n\nSUSE CaaS Platform ALL :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nSUSE CaaS Platform 3.0 :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-9568\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-6974\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.175-94.79.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-4.4.175-94.79.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-4.4.175-94.79.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-debuginfo-4.4.175-94.79.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debuginfo-4.4.175-94.79.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debugsource-4.4.175-94.79.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-devel-4.4.175-94.79.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-syms-4.4.175-94.79.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-4.4.175-94.79.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.4.175-94.79.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.4.175-94.79.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.4.175-94.79.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-extra-4.4.175-94.79.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-4.4.175-94.79.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-syms-4.4.175-94.79.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-10T15:48:28", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4612 advisory.\n\n - An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field.\n The privileged user root with CAP_NET_ADMIN can create a CAN frame modification rule that makes the data length code a higher value than the available CAN frame data size. In combination with a configured checksum calculation where the result is stored relatively to the end of the data (e.g. cgw_csum_xor_rel) the tail of the skb (e.g. frag_list pointer in skb_shared_info) can be rewritten which finally can cause a system crash. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames.\n (CVE-2019-3701)\n\n - In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. (CVE-2019-6974)\n\n - The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. (CVE-2019-7221)\n\n - The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. (CVE-2019-7222)\n\n - A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.\n (CVE-2019-8980)\n\n - In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task. (CVE-2019-9213)\n\n - In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr. (CVE-2019-8912)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-04-15T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4612)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-3701", "CVE-2019-6974", "CVE-2019-7221", "CVE-2019-7222", "CVE-2019-8912", "CVE-2019-8980", "CVE-2019-9213"], "modified": "2022-05-20T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2019-4612.NASL", "href": "https://www.tenable.com/plugins/nessus/124048", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4612.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124048);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/20\");\n\n script_cve_id(\n \"CVE-2019-3701\",\n \"CVE-2019-6974\",\n \"CVE-2019-7221\",\n \"CVE-2019-7222\",\n \"CVE-2019-8912\",\n \"CVE-2019-8980\",\n \"CVE-2019-9213\"\n );\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4612)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2019-4612 advisory.\n\n - An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN\n frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field.\n The privileged user root with CAP_NET_ADMIN can create a CAN frame modification rule that makes the data\n length code a higher value than the available CAN frame data size. In combination with a configured\n checksum calculation where the result is stored relatively to the end of the data (e.g. cgw_csum_xor_rel)\n the tail of the skb (e.g. frag_list pointer in skb_shared_info) can be rewritten which finally can cause a\n system crash. Because of a missing check, the CAN drivers may write arbitrary content beyond the data\n registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames.\n (CVE-2019-3701)\n\n - In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference\n counting because of a race condition, leading to a use-after-free. (CVE-2019-6974)\n\n - The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. (CVE-2019-7221)\n\n - The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. (CVE-2019-7222)\n\n - A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows\n attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.\n (CVE-2019-8980)\n\n - In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum\n address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP\n platforms. This is related to a capability check for the wrong task. (CVE-2019-9213)\n\n - In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for\n a certain structure member, which leads to a use-after-free in sockfs_setattr. (CVE-2019-8912)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-4612.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-8912\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-6974\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.14.35-1844.4.5.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-4612');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.14.35-1844.4.5.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-4.14.35-1844.4.5.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-1844.4.5.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-1844.4.5.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-1844.4.5.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-1844.4.5.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-1844.4.5.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-1844.4.5.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-doc-4.14.35-1844.4.5.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.14.35'},\n {'reference':'kernel-uek-headers-4.14.35-1844.4.5.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-1844.4.5.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-1844.4.5.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-libs-4.14.35-1844.4.5.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-4.14.35'},\n {'reference':'kernel-uek-tools-libs-devel-4.14.35-1844.4.5.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-devel-4.14.35'},\n {'reference':'perf-4.14.35-1844.4.5.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.35-1844.4.5.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-11T15:14:51", "description": "The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319).\n\nCVE-2018-12232: In net/socket.c in the there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash (bnc#1097593).\n\nCVE-2018-14625: A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (bnc#1106615).\n\nCVE-2018-16862: A security flaw was found in a way that the cleancache subsystem clears an inode after the final file truncation (removal).\nThe new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186).\n\nCVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946).\n\nCVE-2018-18397: The userfaultfd implementation mishandled access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656).\n\nCVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841).\n\nCVE-2018-19854: An issue was discovered in the crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs.\nNOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker did not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option) (bnc#1118428).\n\nCVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743).\n\nCVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8, "vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-30T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:0196-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-2547", "CVE-2018-12232", "CVE-2018-14625", "CVE-2018-16862", "CVE-2018-16884", "CVE-2018-18397", "CVE-2018-19407", "CVE-2018-19854", "CVE-2018-19985", "CVE-2018-20169", "CVE-2018-9568"], "modified": "2022-05-24T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-0196-1.NASL", "href": "https://www.tenable.com/plugins/nessus/121466", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0196-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121466);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/24\");\n\n script_cve_id(\n \"CVE-2013-2547\",\n \"CVE-2018-9568\",\n \"CVE-2018-12232\",\n \"CVE-2018-14625\",\n \"CVE-2018-16862\",\n \"CVE-2018-16884\",\n \"CVE-2018-18397\",\n \"CVE-2018-19407\",\n \"CVE-2018-19854\",\n \"CVE-2018-19985\",\n \"CVE-2018-20169\"\n );\n script_bugtraq_id(58382);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:0196-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory\ncorruption due to type confusion. This could lead to local escalation\nof privilege with no additional execution privileges needed. User\ninteraction is not needed for exploitation. (bnc#1118319).\n\nCVE-2018-12232: In net/socket.c in the there is a race condition\nbetween fchownat and close in cases where they target the same socket\nfile descriptor, related to the sock_close and sockfs_setattr\nfunctions. fchownat did not increment the file descriptor reference\ncount, which allowed close to set the socket to NULL during fchownat's\nexecution, leading to a NULL pointer dereference and system crash\n(bnc#1097593).\n\nCVE-2018-14625: A flaw was found where an attacker may be able to have\nan uncontrolled read to kernel-memory from within a vm guest. A race\ncondition between connect() and close() function may allow an attacker\nusing the AF_VSOCK protocol to gather a 4 byte information leak or\npossibly intercept or corrupt AF_VSOCK messages destined to other\nclients (bnc#1106615).\n\nCVE-2018-16862: A security flaw was found in a way that the cleancache\nsubsystem clears an inode after the final file truncation (removal).\nThe new file created with the same inode may contain leftover pages\nfrom cleancache and the old file data instead of the new one\n(bnc#1117186).\n\nCVE-2018-16884: NFS41+ shares mounted in different network namespaces\nat the same time can make bc_svc_process() use wrong back-channel IDs\nand cause a use-after-free vulnerability. Thus a malicious container\nuser can cause a host kernel memory corruption and a system panic. Due\nto the nature of the flaw, privilege escalation cannot be fully ruled\nout (bnc#1119946).\n\nCVE-2018-18397: The userfaultfd implementation mishandled access\ncontrol for certain UFFDIO_ ioctl calls, as demonstrated by allowing\nlocal users to write data into holes in a tmpfs file (if the user has\nread-only access to that file, and that file contains holes), related\nto fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656).\n\nCVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c\nallowed local users to cause a denial of service (NULL pointer\ndereference and BUG) via crafted system calls that reach a situation\nwhere ioapic is uninitialized (bnc#1116841).\n\nCVE-2018-19854: An issue was discovered in the crypto_report_one() and\nrelated functions in crypto/crypto_user.c (the crypto user\nconfiguration API) do not fully initialize structures that are copied\nto userspace, potentially leaking sensitive memory to user programs.\nNOTE: this is a CVE-2013-2547 regression but with easier\nexploitability because the attacker did not need a capability\n(however, the system must have the CONFIG_CRYPTO_USER kconfig option)\n(bnc#1118428).\n\nCVE-2018-19985: The function hso_probe read if_num from the USB device\n(as an u8) and used it without a length check to index an array,\nresulting in an OOB memory read in hso_probe or hso_get_config_data\nthat could be used by local attackers (bnc#1120743).\n\nCVE-2018-20169: The USB subsystem mishandled size checks during the\nreading of an extra descriptor, related to __usb_get_extra_descriptor\nin drivers/usb/core/usb.c (bnc#1119714).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024718\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046299\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1060463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078248\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1079935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082387\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087084\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1091405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102875\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103257\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106105\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106110\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106913\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108270\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109272\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111188\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111469\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111795\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112128\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116336\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116803\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116841\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117165\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117561\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117953\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118215\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118319\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118484\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118505\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118766\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118768\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118771\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118798\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118809\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119212\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119714\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119968\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120053\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120088\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120173\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120214\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120223\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120228\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120230\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120232\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120234\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120235\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120238\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120594\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120618\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120621\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120633\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120743\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120954\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121263\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121273\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121483\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121621\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121714\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-12232/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-14625/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16862/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16884/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-18397/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-19407/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-19854/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-19985/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20169/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-9568/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190196-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b7b6ad1b\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP4:zypper in -t patch\nSUSE-SLE-WE-12-SP4-2019-196=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-196=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-196=1\n\nSUSE Linux Enterprise Live Patching 12-SP4:zypper in -t patch\nSUSE-SLE-Live-Patching-12-SP4-2019-196=1\n\nSUSE Linux Enterprise High Availability 12-SP4:zypper in -t patch\nSUSE-SLE-HA-12-SP4-2019-196=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-196=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-9568\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-16884\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/03/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-95.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-95.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-4.12.14-95.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-base-4.12.14-95.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-base-debuginfo-4.12.14-95.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-debuginfo-4.12.14-95.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-debugsource-4.12.14-95.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-devel-4.12.14-95.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-syms-4.12.14-95.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-4.12.14-95.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.12.14-95.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.12.14-95.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.12.14-95.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-95.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-extra-4.12.14-95.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-4.12.14-95.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-syms-4.12.14-95.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-11T15:21:32", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in can_can_gw_rcv() in the net/can/gw.c in the Linux kernel. The CAN driver may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames because of a missing check.\n A local user with CAP_NET_ADMIN capability granted in the initial namespace can exploit this vulnerability to cause a system crash and thus a denial of service (DoS).i1/4^CVE-2019-3701i1/4%0\n\n - A flaw was found in the Linux kernel in the function hso_probe() which reads if_num value from the USB device (as an u8) and uses it without a length check to index an array, resulting in an OOB memory read in hso_probe() or hso_get_config_data(). An attacker with a forged USB device and physical access to a system (needed to connect such a device) can cause a system crash and a denial of service.i1/4^CVE-2018-19985i1/4%0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 4.6, "vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-04-04T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.4 : kernel (EulerOS-SA-2019-1234)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-19985", "CVE-2019-3701"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "cpe:/o:huawei:euleros:uvp:2.5.4"], "id": "EULEROS_SA-2019-1234.NASL", "href": "https://www.tenable.com/plugins/nessus/123702", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123702);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-19985\",\n \"CVE-2019-3701\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.4 : kernel (EulerOS-SA-2019-1234)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - An issue was discovered in can_can_gw_rcv() in the\n net/can/gw.c in the Linux kernel. The CAN driver may\n write arbitrary content beyond the data registers in\n the CAN controller's I/O memory when processing can-gw\n manipulated outgoing frames because of a missing check.\n A local user with CAP_NET_ADMIN capability granted in\n the initial namespace can exploit this vulnerability to\n cause a system crash and thus a denial of service\n (DoS).i1/4^CVE-2019-3701i1/4%0\n\n - A flaw was found in the Linux kernel in the function\n hso_probe() which reads if_num value from the USB\n device (as an u8) and uses it without a length check to\n index an array, resulting in an OOB memory read in\n hso_probe() or hso_get_config_data(). An attacker with\n a forged USB device and physical access to a system\n (needed to connect such a device) can cause a system\n crash and a denial of service.i1/4^CVE-2018-19985i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1234\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?482cb2f8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-19985\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.4\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.4\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.4\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.1_58\",\n \"kernel-devel-3.10.0-862.14.1.1_58\",\n \"kernel-headers-3.10.0-862.14.1.1_58\",\n \"kernel-tools-3.10.0-862.14.1.1_58\",\n \"kernel-tools-libs-3.10.0-862.14.1.1_58\",\n \"kernel-tools-libs-devel-3.10.0-862.14.1.1_58\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-16T16:14:34", "description": "The SUSE Linux Enterprise 12 SP4 kernel for Azure was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic was uninitialized (bnc#1116841).\n\nCVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946).\n\nCVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714).\n\nCVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1118319).\n\nCVE-2018-16862: A security flaw was found in the way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186).\n\nCVE-2018-14625: A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (bnc#1106615).\n\nCVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743).\n\nCVE-2018-12232: In net/socket.c there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions.\nfchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash (bnc#1097593).\n\nCVE-2018-18397: The userfaultfd implementation mishandled access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656).\n\nCVE-2018-19854: An issue was discovered in the crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs.\nNOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker did not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option) (bnc#1118428).\n\nCVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152).\n\nCVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769).\n\nCVE-2017-5753: Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1074578)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8, "vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-04T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0222-1) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-2547", "CVE-2017-5753", "CVE-2018-12232", "CVE-2018-14625", "CVE-2018-16862", "CVE-2018-16884", "CVE-2018-18281", "CVE-2018-18397", "CVE-2018-19407", "CVE-2018-19824", "CVE-2018-19854", "CVE-2018-19985", "CVE-2018-20169", "CVE-2018-9568"], "modified": "2022-05-24T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-base", "p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debugsource", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-0222-1.NASL", "href": "https://www.tenable.com/plugins/nessus/121569", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0222-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121569);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/24\");\n\n script_cve_id(\n \"CVE-2013-2547\",\n \"CVE-2017-5753\",\n \"CVE-2018-9568\",\n \"CVE-2018-12232\",\n \"CVE-2018-14625\",\n \"CVE-2018-16862\",\n \"CVE-2018-16884\",\n \"CVE-2018-18281\",\n \"CVE-2018-18397\",\n \"CVE-2018-19407\",\n \"CVE-2018-19824\",\n \"CVE-2018-19854\",\n \"CVE-2018-19985\",\n \"CVE-2018-20169\"\n );\n script_bugtraq_id(58382);\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0222-1) (Spectre)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP4 kernel for Azure was updated to\nreceive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c\nallowed local users to cause a denial of service (NULL pointer\ndereference and BUG) via crafted system calls that reach a situation\nwhere ioapic was uninitialized (bnc#1116841).\n\nCVE-2018-16884: NFS41+ shares mounted in different network namespaces\nat the same time can make bc_svc_process() use wrong back-channel IDs\nand cause a use-after-free vulnerability. Thus a malicious container\nuser can cause a host kernel memory corruption and a system panic. Due\nto the nature of the flaw, privilege escalation cannot be fully ruled\nout (bnc#1119946).\n\nCVE-2018-20169: The USB subsystem mishandled size checks during the\nreading of an extra descriptor, related to __usb_get_extra_descriptor\nin drivers/usb/core/usb.c (bnc#1119714).\n\nCVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory\ncorruption due to type confusion. This could lead to local escalation\nof privilege with no additional execution privileges needed. User\ninteraction is not needed for exploitation (bnc#1118319).\n\nCVE-2018-16862: A security flaw was found in the way that the\ncleancache subsystem clears an inode after the final file truncation\n(removal). The new file created with the same inode may contain\nleftover pages from cleancache and the old file data instead of the\nnew one (bnc#1117186).\n\nCVE-2018-14625: A flaw was found where an attacker may be able to have\nan uncontrolled read to kernel-memory from within a vm guest. A race\ncondition between connect() and close() function may allow an attacker\nusing the AF_VSOCK protocol to gather a 4 byte information leak or\npossibly intercept or corrupt AF_VSOCK messages destined to other\nclients (bnc#1106615).\n\nCVE-2018-19985: The function hso_probe read if_num from the USB device\n(as an u8) and used it without a length check to index an array,\nresulting in an OOB memory read in hso_probe or hso_get_config_data\nthat could be used by local attackers (bnc#1120743).\n\nCVE-2018-12232: In net/socket.c there is a race condition between\nfchownat and close in cases where they target the same socket file\ndescriptor, related to the sock_close and sockfs_setattr functions.\nfchownat did not increment the file descriptor reference count, which\nallowed close to set the socket to NULL during fchownat's execution,\nleading to a NULL pointer dereference and system crash (bnc#1097593).\n\nCVE-2018-18397: The userfaultfd implementation mishandled access\ncontrol for certain UFFDIO_ ioctl calls, as demonstrated by allowing\nlocal users to write data into holes in a tmpfs file (if the user has\nread-only access to that file, and that file contains holes), related\nto fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656).\n\nCVE-2018-19854: An issue was discovered in the crypto_report_one() and\nrelated functions in crypto/crypto_user.c (the crypto user\nconfiguration API) do not fully initialize structures that are copied\nto userspace, potentially leaking sensitive memory to user programs.\nNOTE: this is a CVE-2013-2547 regression but with easier\nexploitability because the attacker did not need a capability\n(however, the system must have the CONFIG_CRYPTO_USER kconfig option)\n(bnc#1118428).\n\nCVE-2018-19824: A local user could exploit a use-after-free in the\nALSA driver by supplying a malicious USB Sound device (with zero\ninterfaces) that is mishandled in usb_audio_probe in sound/usb/card.c\n(bnc#1118152).\n\nCVE-2018-18281: The mremap() syscall performs TLB flushes after\ndropping pagetable locks. If a syscall such as ftruncate() removes\nentries from the pagetables of a task that is in the middle of\nmremap(), a stale TLB entry can remain for a short time that permits\naccess to a physical page after it has been released back to the page\nallocator and reused. (bnc#1113769).\n\nCVE-2017-5753: Systems with microprocessors utilizing speculative\nexecution and branch prediction may allow unauthorized disclosure of\ninformation to an attacker with local user access via a side-channel\nanalysis (bnc#1074578)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024718\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046299\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1060463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1068032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1068273\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074562\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074701\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075748\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078248\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1079935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1080039\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082387\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087084\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087939\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1091405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102875\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103257\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104824\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106105\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106110\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106237\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106913\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107207\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107256\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107866\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108270\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108468\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109272\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109806\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111174\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111188\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111469\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111795\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111809\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112128\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113412\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113501\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114576\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114580\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114582\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114583\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114585\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114839\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115269\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115433\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116183\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116336\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116699\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116701\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116803\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116841\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116862\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116863\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116876\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116891\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116899\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117165\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117172\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117174\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117181\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117184\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117188\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117189\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117561\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117789\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117791\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117794\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117795\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117796\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117798\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117799\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117802\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117803\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117806\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117807\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117808\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117815\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117817\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117818\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117819\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117953\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118102\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118136\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118137\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118138\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118152\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118215\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118316\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118319\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118320\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118484\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118505\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118766\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118768\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118771\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118798\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118809\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119212\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119714\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119968\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120053\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120088\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120173\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120214\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120223\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120228\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120230\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120232\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120234\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120235\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120238\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120594\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120618\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120621\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120633\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120743\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120954\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121263\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121273\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121483\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121621\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121714\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122292\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-5753/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-12232/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-14625/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16862/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16884/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-18281/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-18397/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-19407/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-19824/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-19854/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-19985/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20169/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-9568/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190222-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?20e50dca\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-222=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-9568\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-16884\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/03/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-4.12.14-6.6.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-base-4.12.14-6.6.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-base-debuginfo-4.12.14-6.6.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-debuginfo-4.12.14-6.6.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-debugsource-4.12.14-6.6.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-devel-4.12.14-6.6.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-syms-azure-4.12.14-6.6.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-10T15:48:10", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974)\n\n* Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer (CVE-2019-7221)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* rbd: avoid corruption on partially completed bios [rhel-7.6.z] (BZ#1672514)\n\n* xfs_vm_writepages deadly embrace between kworker and user task.\n[rhel-7.6.z] (BZ#1673281)\n\n* Offload Connections always get vlan priority 0 [rhel-7.6.z] (BZ#1673821)\n\n* [NOKIA] RHEL sends flood of Neighbour Solicitations under specific conditions [rhel-7.6.z] (BZ#1677179)\n\n* RHEL 7.6 - Host crash occurred on NVMe/IB system while running controller reset [rhel-7.6.z] (BZ#1678214)\n\n* [rhel7] raid0 md workqueue deadlock with stacked md devices [rhel-7.6.z] (BZ#1678215)\n\n* [PureStorage7.6]nvme disconnect following an unsuccessful Admin queue creation causes kernel panic [rhel-7.6.z] (BZ#1678216)\n\n* RFC: Regression with -fstack-check in 'backport upstream large stack guard patch to RHEL6' patch [rhel-7.6.z] (BZ#1678221)\n\n* [Hyper-V] [RHEL 7.6]hv_netvsc: Fix a network regression after ifdown/ifup [rhel-7.6.z] (BZ#1679997)\n\n* rtc_cmos: probe of 00:01 failed with error -16 [rhel-7.6.z] (BZ#1683078)\n\n* ACPI WDAT watchdog update [rhel-7.6.z] (BZ#1683079)\n\n* high ovs-vswitchd CPU usage when VRRP over VXLAN tunnel causing qrouter fail-over [rhel-7.6.z] (BZ#1683093)\n\n* Openshift node drops outgoing POD traffic due to NAT hashtable race in __ip_conntrack_confirm() [rhel-7.6.z] (BZ#1686766)\n\n* [Backport] [v3,2/2] net: igmp: Allow user-space configuration of igmp unsolicited report interval [rhel-7.6.z] (BZ#1686771)\n\n* [RHEL7.6]: Intermittently seen FIFO parity error on T6225-SO adapter [rhel-7.6.z] (BZ#1687487)\n\n* The number of unsolict report about IGMP is incorrect [rhel-7.6.z] (BZ# 1688225)\n\n* RDT driver causing failure to boot on AMD Rome system with more than 255 CPUs [rhel-7.6.z] (BZ#1689120)\n\n* mpt3sas_cm0: fault_state(0x2100)! [rhel-7.6.z] (BZ#1689379)\n\n* rwsem in inconsistent state leading system to hung [rhel-7.6.z] (BZ# 1690323)\n\nUsers of kernel are advised to upgrade to these updated packages, which fix these bugs.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-01T00:00:00", "type": "nessus", "title": "CentOS 7 : kernel (CESA-2019:0818)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-6974", "CVE-2019-7221"], "modified": "2019-12-31T00:00:00", "cpe": ["p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2019-0818.NASL", "href": "https://www.tenable.com/plugins/nessus/124416", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:0818 and \n# CentOS Errata and Security Advisory 2019:0818 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124416);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2019-6974\", \"CVE-2019-7221\");\n script_xref(name:\"RHSA\", value:\"2019:0818\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2019:0818)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: potential use-after-free via kvm_ioctl_create_device()\n(CVE-2019-6974)\n\n* Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of\nthe preemption timer (CVE-2019-7221)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* rbd: avoid corruption on partially completed bios [rhel-7.6.z]\n(BZ#1672514)\n\n* xfs_vm_writepages deadly embrace between kworker and user task.\n[rhel-7.6.z] (BZ#1673281)\n\n* Offload Connections always get vlan priority 0 [rhel-7.6.z]\n(BZ#1673821)\n\n* [NOKIA] RHEL sends flood of Neighbour Solicitations under specific\nconditions [rhel-7.6.z] (BZ#1677179)\n\n* RHEL 7.6 - Host crash occurred on NVMe/IB system while running\ncontroller reset [rhel-7.6.z] (BZ#1678214)\n\n* [rhel7] raid0 md workqueue deadlock with stacked md devices\n[rhel-7.6.z] (BZ#1678215)\n\n* [PureStorage7.6]nvme disconnect following an unsuccessful Admin\nqueue creation causes kernel panic [rhel-7.6.z] (BZ#1678216)\n\n* RFC: Regression with -fstack-check in 'backport upstream large stack\nguard patch to RHEL6' patch [rhel-7.6.z] (BZ#1678221)\n\n* [Hyper-V] [RHEL 7.6]hv_netvsc: Fix a network regression after\nifdown/ifup [rhel-7.6.z] (BZ#1679997)\n\n* rtc_cmos: probe of 00:01 failed with error -16 [rhel-7.6.z]\n(BZ#1683078)\n\n* ACPI WDAT watchdog update [rhel-7.6.z] (BZ#1683079)\n\n* high ovs-vswitchd CPU usage when VRRP over VXLAN tunnel causing\nqrouter fail-over [rhel-7.6.z] (BZ#1683093)\n\n* Openshift node drops outgoing POD traffic due to NAT hashtable race\nin __ip_conntrack_confirm() [rhel-7.6.z] (BZ#1686766)\n\n* [Backport] [v3,2/2] net: igmp: Allow user-space configuration of\nigmp unsolicited report interval [rhel-7.6.z] (BZ#1686771)\n\n* [RHEL7.6]: Intermittently seen FIFO parity error on T6225-SO adapter\n[rhel-7.6.z] (BZ#1687487)\n\n* The number of unsolict report about IGMP is incorrect [rhel-7.6.z]\n(BZ# 1688225)\n\n* RDT driver causing failure to boot on AMD Rome system with more than\n255 CPUs [rhel-7.6.z] (BZ#1689120)\n\n* mpt3sas_cm0: fault_state(0x2100)! [rhel-7.6.z] (BZ#1689379)\n\n* rwsem in inconsistent state leading system to hung [rhel-7.6.z] (BZ#\n1690323)\n\nUsers of kernel are advised to upgrade to these updated packages,\nwhich fix these bugs.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2019-April/023278.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c7a8db01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-6974\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perf-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-957.12.1.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T15:48:11", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974)\n\n* Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer (CVE-2019-7221)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* rbd: avoid corruption on partially completed bios [rhel-7.6.z] (BZ#1672514)\n\n* xfs_vm_writepages deadly embrace between kworker and user task.\n[rhel-7.6.z] (BZ#1673281)\n\n* Offload Connections always get vlan priority 0 [rhel-7.6.z] (BZ#1673821)\n\n* [NOKIA] RHEL sends flood of Neighbour Solicitations under specific conditions [rhel-7.6.z] (BZ#1677179)\n\n* RHEL 7.6 - Host crash occurred on NVMe/IB system while running controller reset [rhel-7.6.z] (BZ#1678214)\n\n* [rhel7] raid0 md workqueue deadlock with stacked md devices [rhel-7.6.z] (BZ#1678215)\n\n* [PureStorage7.6]nvme disconnect following an unsuccessful Admin queue creation causes kernel panic [rhel-7.6.z] (BZ#1678216)\n\n* RFC: Regression with -fstack-check in 'backport upstream large stack guard patch to RHEL6' patch [rhel-7.6.z] (BZ#1678221)\n\n* [Hyper-V] [RHEL 7.6]hv_netvsc: Fix a network regression after ifdown/ifup [rhel-7.6.z] (BZ#1679997)\n\n* rtc_cmos: probe of 00:01 failed with error -16 [rhel-7.6.z] (BZ#1683078)\n\n* ACPI WDAT watchdog update [rhel-7.6.z] (BZ#1683079)\n\n* high ovs-vswitchd CPU usage when VRRP over VXLAN tunnel causing qrouter fail-over [rhel-7.6.z] (BZ#1683093)\n\n* Openshift node drops outgoing POD traffic due to NAT hashtable race in __ip_conntrack_confirm() [rhel-7.6.z] (BZ#1686766)\n\n* [Backport] [v3,2/2] net: igmp: Allow user-space configuration of igmp unsolicited report interval [rhel-7.6.z] (BZ#1686771)\n\n* [RHEL7.6]: Intermittently seen FIFO parity error on T6225-SO adapter [rhel-7.6.z] (BZ#1687487)\n\n* The number of unsolict report about IGMP is incorrect [rhel-7.6.z] (BZ# 1688225)\n\n* RDT driver causing failure to boot on AMD Rome system with more than 255 CPUs [rhel-7.6.z] (BZ#1689120)\n\n* mpt3sas_cm0: fault_state(0x2100)! [rhel-7.6.z] (BZ#1689379)\n\n* rwsem in inconsistent state leading system to hung [rhel-7.6.z] (BZ# 1690323)\n\nUsers of kernel are advised to upgrade to these updated packages, which fix these bugs.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-04-24T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2019:0818)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-6974", "CVE-2019-7221"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.6"], "id": "REDHAT-RHSA-2019-0818.NASL", "href": "https://www.tenable.com/plugins/nessus/124256", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:0818. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124256);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/24 15:35:46\");\n\n script_cve_id(\"CVE-2019-6974\", \"CVE-2019-7221\");\n script_xref(name:\"RHSA\", value:\"2019:0818\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2019:0818)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: potential use-after-free via kvm_ioctl_create_device()\n(CVE-2019-6974)\n\n* Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of\nthe preemption timer (CVE-2019-7221)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* rbd: avoid corruption on partially completed bios [rhel-7.6.z]\n(BZ#1672514)\n\n* xfs_vm_writepages deadly embrace between kworker and user task.\n[rhel-7.6.z] (BZ#1673281)\n\n* Offload Connections always get vlan priority 0 [rhel-7.6.z]\n(BZ#1673821)\n\n* [NOKIA] RHEL sends flood of Neighbour Solicitations under specific\nconditions [rhel-7.6.z] (BZ#1677179)\n\n* RHEL 7.6 - Host crash occurred on NVMe/IB system while running\ncontroller reset [rhel-7.6.z] (BZ#1678214)\n\n* [rhel7] raid0 md workqueue deadlock with stacked md devices\n[rhel-7.6.z] (BZ#1678215)\n\n* [PureStorage7.6]nvme disconnect following an unsuccessful Admin\nqueue creation causes kernel panic [rhel-7.6.z] (BZ#1678216)\n\n* RFC: Regression with -fstack-check in 'backport upstream large stack\nguard patch to RHEL6' patch [rhel-7.6.z] (BZ#1678221)\n\n* [Hyper-V] [RHEL 7.6]hv_netvsc: Fix a network regression after\nifdown/ifup [rhel-7.6.z] (BZ#1679997)\n\n* rtc_cmos: probe of 00:01 failed with error -16 [rhel-7.6.z]\n(BZ#1683078)\n\n* ACPI WDAT watchdog update [rhel-7.6.z] (BZ#1683079)\n\n* high ovs-vswitchd CPU usage when VRRP over VXLAN tunnel causing\nqrouter fail-over [rhel-7.6.z] (BZ#1683093)\n\n* Openshift node drops outgoing POD traffic due to NAT hashtable race\nin __ip_conntrack_confirm() [rhel-7.6.z] (BZ#1686766)\n\n* [Backport] [v3,2/2] net: igmp: Allow user-space configuration of\nigmp unsolicited report interval [rhel-7.6.z] (BZ#1686771)\n\n* [RHEL7.6]: Intermittently seen FIFO parity error on T6225-SO adapter\n[rhel-7.6.z] (BZ#1687487)\n\n* The number of unsolict report about IGMP is incorrect [rhel-7.6.z]\n(BZ# 1688225)\n\n* RDT driver causing failure to boot on AMD Rome system with more than\n255 CPUs [rhel-7.6.z] (BZ#1689120)\n\n* mpt3sas_cm0: fault_state(0x2100)! [rhel-7.6.z] (BZ#1689379)\n\n* rwsem in inconsistent state leading system to hung [rhel-7.6.z] (BZ#\n1690323)\n\nUsers of kernel are advised to upgrade to these updated packages,\nwhich fix these bugs.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:0818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-6974\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-7221\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-6974\", \"CVE-2019-7221\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:0818\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:0818\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-abi-whitelists-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-devel-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-devel-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-doc-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-headers-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-devel-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-debuginfo-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-debuginfo-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-957.12.1.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T15:47:27", "description": "An update for kernel-rt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974)\n\n* Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer (CVE-2019-7221)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* VM hangs on RHEL rt-kernel and OSP 13 [rhel-7.6.z] (BZ#1688673)\n\n* kernel-rt: update to the RHEL7.6.z batch#4 source tree (BZ#1689417)\n\nUsers of kernel are advised to upgrade to these updated packages, which fix these bugs.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-04-24T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-rt (RHSA-2019:0833)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-6974", "CVE-2019-7221"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-0833.NASL", "href": "https://www.tenable.com/plugins/nessus/124259", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:0833. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124259);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/24 15:35:46\");\n\n script_cve_id(\"CVE-2019-6974\", \"CVE-2019-7221\");\n script_xref(name:\"RHSA\", value:\"2019:0833\");\n\n script_name(english:\"RHEL 7 : kernel-rt (RHSA-2019:0833)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel-rt is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: potential use-after-free via kvm_ioctl_create_device()\n(CVE-2019-6974)\n\n* Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of\nthe preemption timer (CVE-2019-7221)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* VM hangs on RHEL rt-kernel and OSP 13 [rhel-7.6.z] (BZ#1688673)\n\n* kernel-rt: update to the RHEL7.6.z batch#4 source tree (BZ#1689417)\n\nUsers of kernel are advised to upgrade to these updated packages,\nwhich fix these bugs.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:0833\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-6974\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-7221\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-6974\", \"CVE-2019-7221\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:0833\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:0833\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-3.10.0-957.12.1.rt56.927.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.10.0-957.12.1.rt56.927.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.10.0-957.12.1.rt56.927.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.10.0-957.12.1.rt56.927.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-3.10.0-957.12.1.rt56.927.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-debuginfo-3.10.0-957.12.1.rt56.927.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.10.0-957.12.1.rt56.927.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.10.0-957.12.1.rt56.927.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.10.0-957.12.1.rt56.927.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-rt-doc-3.10.0-957.12.1.rt56.927.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-3.10.0-957.12.1.rt56.927.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-debuginfo-3.10.0-957.12.1.rt56.927.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.10.0-957.12.1.rt56.927.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.10.0-957.12.1.rt56.927.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.10.0-957.12.1.rt56.927.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-3.10.0-957.12.1.rt56.927.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-debuginfo-3.10.0-957.12.1.rt56.927.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T15:47:06", "description": "Security Fix(es) :\n\n - Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974)\n\n - Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer (CVE-2019-7221)\n\nBug Fix(es) :\n\n - rbd: avoid corruption on partially completed bios [rhel-7.6.z]\n\n - xfs_vm_writepages deadly embrace between kworker and user task. [rhel-7.6.z]\n\n - Offload Connections always get vlan priority 0 [rhel-7.6.z]\n\n - [NOKIA] SL sends flood of Neighbour Solicitations under specific conditions [rhel-7.6.z]\n\n - SL 7.6 - Host crash occurred on NVMe/IB system while running controller reset [rhel-7.6.z]\n\n - [rhel7] raid0 md workqueue deadlock with stacked md devices [rhel-7.6.z]\n\n - [PureStorage7.6]nvme disconnect following an unsuccessful Admin queue creation causes kernel panic [rhel-7.6.z]\n\n - RFC: Regression with -fstack-check in 'backport upstream large stack guard patch to SL6' patch [rhel-7.6.z]\n\n - [Hyper-V] [SL 7.6]hv_netvsc: Fix a network regression after ifdown/ifup [rhel-7.6.z]\n\n - rtc_cmos: probe of 00:01 failed with error -16 [rhel-7.6.z]\n\n - ACPI WDAT watchdog update [rhel-7.6.z]\n\n - high ovs-vswitchd CPU usage when VRRP over VXLAN tunnel causing qrouter fail-over [rhel-7.6.z]\n\n - Openshift node drops outgoing POD traffic due to NAT hashtable race in __ip_conntrack_confirm() [rhel-7.6.z]\n\n - [Backport] [v3,2/2] net: igmp: Allow user-space configuration of igmp unsolicited report interval [rhel-7.6.z]\n\n - [SL7.6]: Intermittently seen FIFO parity error on T6225-SO adapter [rhel-7.6.z]\n\n - The number of unsolict report about IGMP is incorrect [rhel-7.6.z]\n\n - RDT driver causing failure to boot on AMD Rome system with more than 255 CPUs [rhel-7.6.z]\n\n - mpt3sas_cm0: fault_state(0x2100)! [rhel-7.6.z]\n\n - rwsem in inconsistent state leading system to hung [rhel-7.6.z]", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-04-25T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL7.x x86_64 (20190423)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-6974", "CVE-2019-7221"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:bpftool", "p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:kernel-tools", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20190423_KERNEL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/124290", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124290);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2019-6974\", \"CVE-2019-7221\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL7.x x86_64 (20190423)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - Kernel: KVM: potential use-after-free via\n kvm_ioctl_create_device() (CVE-2019-6974)\n\n - Kernel: KVM: nVMX: use-after-free of the hrtimer for\n emulation of the preemption timer (CVE-2019-7221)\n\nBug Fix(es) :\n\n - rbd: avoid corruption on partially completed bios\n [rhel-7.6.z]\n\n - xfs_vm_writepages deadly embrace between kworker and\n user task. [rhel-7.6.z]\n\n - Offload Connections always get vlan priority 0\n [rhel-7.6.z]\n\n - [NOKIA] SL sends flood of Neighbour Solicitations under\n specific conditions [rhel-7.6.z]\n\n - SL 7.6 - Host crash occurred on NVMe/IB system while\n running controller reset [rhel-7.6.z]\n\n - [rhel7] raid0 md workqueue deadlock with stacked md\n devices [rhel-7.6.z]\n\n - [PureStorage7.6]nvme disconnect following an\n unsuccessful Admin queue creation causes kernel panic\n [rhel-7.6.z]\n\n - RFC: Regression with -fstack-check in 'backport upstream\n large stack guard patch to SL6' patch [rhel-7.6.z]\n\n - [Hyper-V] [SL 7.6]hv_netvsc: Fix a network regression\n after ifdown/ifup [rhel-7.6.z]\n\n - rtc_cmos: probe of 00:01 failed with error -16\n [rhel-7.6.z]\n\n - ACPI WDAT watchdog update [rhel-7.6.z]\n\n - high ovs-vswitchd CPU usage when VRRP over VXLAN tunnel\n causing qrouter fail-over [rhel-7.6.z]\n\n - Openshift node drops outgoing POD traffic due to NAT\n hashtable race in __ip_conntrack_confirm() [rhel-7.6.z]\n\n - [Backport] [v3,2/2] net: igmp: Allow user-space\n configuration of igmp unsolicited report interval\n [rhel-7.6.z]\n\n - [SL7.6]: Intermittently seen FIFO parity error on\n T6225-SO adapter [rhel-7.6.z]\n\n - The number of unsolict report about IGMP is incorrect\n [rhel-7.6.z]\n\n - RDT driver causing failure to boot on AMD Rome system\n with more than 255 CPUs [rhel-7.6.z]\n\n - mpt3sas_cm0: fault_state(0x2100)! [rhel-7.6.z]\n\n - rwsem in inconsistent state leading system to hung\n [rhel-7.6.z]\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1904&L=SCIENTIFIC-LINUX-ERRATA&P=6935\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7cab843a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-abi-whitelists-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-doc-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-957.12.1.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T15:47:49", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-0818 advisory.\n\n - In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. (CVE-2019-6974)\n\n - The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. (CVE-2019-7221)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-04-24T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : kernel (ELSA-2019-0818)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-6974", "CVE-2019-7221"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2019-0818.NASL", "href": "https://www.tenable.com/plugins/nessus/124254", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-0818.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124254);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2019-6974\", \"CVE-2019-7221\");\n script_xref(name:\"RHSA\", value:\"2019:0818\");\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2019-0818)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2019-0818 advisory.\n\n - In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference\n counting because of a race condition, leading to a use-after-free. (CVE-2019-6974)\n\n - The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. (CVE-2019-7221)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-0818.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-6974\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.10.0-957.12.1.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-0818');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.10';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-3.10.0-957.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-3.10.0'},\n {'reference':'kernel-abi-whitelists-3.10.0-957.12.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-3.10.0'},\n {'reference':'kernel-debug-3.10.0-957.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-3.10.0'},\n {'reference':'kernel-debug-devel-3.10.0-957.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-3.10.0'},\n {'reference':'kernel-devel-3.10.0-957.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-3.10.0'},\n {'reference':'kernel-headers-3.10.0-957.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-3.10.0'},\n {'reference':'kernel-tools-3.10.0-957.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-3.10.0'},\n {'reference':'kernel-tools-libs-3.10.0-957.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-3.10.0'},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-3.10.0'},\n {'reference':'perf-3.10.0-957.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.12.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T14:59:53", "description": "According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities :\n\n - A use-after-free vulnerability was found in the way KVM implements its device control API. When a device is created via kvm_ioctl_create_device(), it holds a reference to a VM object. This reference is transferred to file descriptor table of the caller. If such file descriptor was closed, reference count to the VM object could become zero, which could lead to a use-after-free issue. A user/process could use this flaw to crash the guest VM resulting in a denial of service or, potentially, gain privileged access to a system.\n\n - A use-after-free vulnerability was found in the way KVM emulates a preemption timer for L2 guests when nested virtualization is enabled. A guest user/process could use this flaw to crash the host kernel resulting in a denial of service or, potentially, gain privileged access to a system.\n\n - It was discovered that a certain sequence of operations related to IPv4 routing could trigger a kernel memory leak. An attacker could potentially exploit that from a container to cause a denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-02-04T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : readykernel-patch (VZA-2019-045)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-6974", "CVE-2019-7221"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:readykernel", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZA-2019-045.NASL", "href": "https://www.tenable.com/plugins/nessus/133454", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133454);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2019-6974\",\n \"CVE-2019-7221\"\n );\n\n script_name(english:\"Virtuozzo 7 : readykernel-patch (VZA-2019-045)\");\n script_summary(english:\"Checks the readykernel output for the updated patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - A use-after-free vulnerability was found in the way KVM\n implements its device control API. When a device is\n created via kvm_ioctl_create_device(), it holds a\n reference to a VM object. This reference is transferred\n to file descriptor table of the caller. If such file\n descriptor was closed, reference count to the VM object\n could become zero, which could lead to a use-after-free\n issue. A user/process could use this flaw to crash the\n guest VM resulting in a denial of service or,\n potentially, gain privileged access to a system.\n\n - A use-after-free vulnerability was found in the way KVM\n emulates a preemption timer for L2 guests when nested\n virtualization is enabled. A guest user/process could\n use this flaw to crash the host kernel resulting in a\n denial of service or, potentially, gain privileged\n access to a system.\n\n - It was discovered that a certain sequence of operations\n related to IPv4 routing could trigger a kernel memory\n leak. An attacker could potentially exploit that from a\n container to cause a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://virtuozzosupport.force.com/s/article/VZA-2019-045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://readykernel.com/patch/1524/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://readykernel.com/patch/1526/\");\n script_set_attribute(attribute:\"solution\", value:\"Update the readykernel patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:readykernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\", \"Host/readykernel-info\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"readykernel.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nrk_info = get_kb_item(\"Host/readykernel-info\");\nif (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\n\nchecks = make_list2(\n make_array(\n \"kernel\",\"vzkernel-3.10.0-693.1.1.vz7.37.30\",\n \"patch\",\"readykernel-patch-37.30-77.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-693.11.6.vz7.40.4\",\n \"patch\",\"readykernel-patch-40.4-77.0-1.vl7\"\n )\n);\nreadykernel_execute_checks(checks:checks, severity:SECURITY_WARNING, release:\"Virtuozzo-7\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T14:59:53", "description": "According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities :\n\n - A use-after-free vulnerability was found in the way KVM implements its device control API. When a device is created via kvm_ioctl_create_device(), it holds a reference to a VM object. This reference is transferred to file descriptor table of the caller. If such file descriptor was closed, reference count to the VM object could become zero, which could lead to a use-after-free issue. A user/process could use this flaw to crash the guest VM resulting in a denial of service or, potentially, gain privileged access to a system.\n\n - A use-after-free vulnerability was found in the way KVM emulates a preemption timer for L2 guests when nested virtualization is enabled. A guest user/process could use this flaw to crash the host kernel resulting in a denial of service or, potentially, gain privileged access to a system.\n\n - It was discovered that a certain sequence of operations related to IPv4 routing could trigger a kernel memory leak. An attacker could potentially exploit that from a container to cause a denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-02-04T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : readykernel-patch (VZA-2019-042)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-6974", "CVE-2019-7221"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:readykernel", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZA-2019-042.NASL", "href": "https://www.tenable.com/plugins/nessus/133453", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133453);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2019-6974\",\n \"CVE-2019-7221\"\n );\n\n script_name(english:\"Virtuozzo 7 : readykernel-patch (VZA-2019-042)\");\n script_summary(english:\"Checks the readykernel output for the updated patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - A use-after-free vulnerability was found in the way KVM\n implements its device control API. When a device is\n created via kvm_ioctl_create_device(), it holds a\n reference to a VM object. This reference is transferred\n to file descriptor table of the caller. If such file\n descriptor was closed, reference count to the VM object\n could become zero, which could lead to a use-after-free\n issue. A user/process could use this flaw to crash the\n guest VM resulting in a denial of service or,\n potentially, gain privileged access to a system.\n\n - A use-after-free vulnerability was found in the way KVM\n emulates a preemption timer for L2 guests when nested\n virtualization is enabled. A guest user/process could\n use this flaw to crash the host kernel resulting in a\n denial of service or, potentially, gain privileged\n access to a system.\n\n - It was discovered that a certain sequence of operations\n related to IPv4 routing could trigger a kernel memory\n leak. An attacker could potentially exploit that from a\n container to cause a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://virtuozzosupport.force.com/s/article/VZA-2019-042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://readykernel.com/patch/1509/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://readykernel.com/patch/1510/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://readykernel.com/patch/1512/\");\n script_set_attribute(attribute:\"solution\", value:\"Update the readykernel patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:readykernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\", \"Host/readykernel-info\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"readykernel.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nrk_info = get_kb_item(\"Host/readykernel-info\");\nif (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\n\nchecks = make_list2(\n make_array(\n \"kernel\",\"vzkernel-3.10.0-862.11.6.vz7.64.7\",\n \"patch\",\"readykernel-patch-64.7-80.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-862.20.2.vz7.73.24\",\n \"patch\",\"readykernel-patch-73.24-80.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-862.20.2.vz7.73.29\",\n \"patch\",\"readykernel-patch-73.29-80.0-1.vl7\"\n )\n);\nreadykernel_execute_checks(checks:checks, severity:SECURITY_WARNING, release:\"Virtuozzo-7\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T15:00:27", "description": "According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities :\n\n - A use-after-free vulnerability was found in the way KVM implements its device control API. When a device is created via kvm_ioctl_create_device(), it holds a reference to a VM object. This reference is transferred to file descriptor table of the caller. If such file descriptor was closed, reference count to the VM object could become zero, which could lead to a use-after-free issue. A user/process could use this flaw to crash the guest VM resulting in a denial of service or, potentially, gain privileged access to a system.\n\n - A use-after-free vulnerability was found in the way KVM emulates a preemption timer for L2 guests when nested virtualization is enabled. A guest user/process could use this flaw to crash the host kernel resulting in a denial of service or, potentially, gain privileged access to a system.\n\n - It was discovered that a certain sequence of operations related to IPv4 routing could trigger a kernel memory leak. An attacker could potentially exploit that from a container to cause a denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-02-04T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : readykernel-patch (VZA-2019-046)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-6974", "CVE-2019-7221"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:readykernel", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZA-2019-046.NASL", "href": "https://www.tenable.com/plugins/nessus/133455", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133455);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2019-6974\",\n \"CVE-2019-7221\"\n );\n\n script_name(english:\"Virtuozzo 7 : readykernel-patch (VZA-2019-046)\");\n script_summary(english:\"Checks the readykernel output for the updated patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - A use-after-free vulnerability was found in the way KVM\n implements its device control API. When a device is\n created via kvm_ioctl_create_device(), it holds a\n reference to a VM object. This reference is transferred\n to file descriptor table of the caller. If such file\n descriptor was closed, reference count to the VM object\n could become zero, which could lead to a use-after-free\n issue. A user/process could use this flaw to crash the\n guest VM resulting in a denial of service or,\n potentially, gain privileged access to a system.\n\n - A use-after-free vulnerability was found in the way KVM\n emulates a preemption timer for L2 guests when nested\n virtualization is enabled. A guest user/process could\n use this flaw to crash the host kernel resulting in a\n denial of service or, potentially, gain privileged\n access to a system.\n\n - It was discovered that a certain sequence of operations\n related to IPv4 routing could trigger a kernel memory\n leak. An attacker could potentially exploit that from a\n container to cause a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://virtuozzosupport.force.com/s/article/VZA-2019-046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://readykernel.com/patch/1528/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://readykernel.com/patch/1530/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://readykernel.com/patch/1532/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://readykernel.com/patch/1534/\");\n script_set_attribute(attribute:\"solution\", value:\"Update the readykernel patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:readykernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\", \"Host/readykernel-info\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"readykernel.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nrk_info = get_kb_item(\"Host/readykernel-info\");\nif (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\n\nchecks = make_list2(\n make_array(\n \"kernel\",\"vzkernel-3.10.0-693.17.1.vz7.43.10\",\n \"patch\",\"readykernel-patch-43.10-80.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-693.21.1.vz7.46.7\",\n \"patch\",\"readykernel-patch-46.7-80.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-693.21.1.vz7.48.2\",\n \"patch\",\"readykernel-patch-48.2-80.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-862.9.1.vz7.63.3\",\n \"patch\",\"readykernel-patch-63.3-80.0-1.vl7\"\n )\n);\nreadykernel_execute_checks(checks:checks, severity:SECURITY_WARNING, release:\"Virtuozzo-7\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:18:47", "description": "The linux update issued as DLA-1731-1 caused a regression in the vmxnet3 (VMware virtual network adapter) driver. This update corrects that regression, and an earlier regression in the CIFS network filesystem implementation introduced in DLA-1422-1. For reference the original advisory text follows.\n\nSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\nCVE-2016-10741\n\nA race condition was discovered in XFS that would result in a crash (BUG). A local user permitted to write to an XFS volume could use this for denial of service.\n\nCVE-2017-5753\n\nFurther instances of code that was vulnerable to Spectre variant 1 (bounds-check bypass) have been mitigated.\n\nCVE-2017-13305\n\nA memory over-read was discovered in the keys subsystem's encrypted key type. A local user could use this for denial of service or possibly to read sensitive information.\n\nCVE-2018-3639 (SSB)\n\nMultiple researchers have discovered that Speculative Store Bypass (SSB), a feature implemented in many processors, could be used to read sensitive information from another context. In particular, code in a software sandbox may be able to read sensitive information from outside the sandbox. This issue is also known as Spectre variant 4.\n\nThis update fixes bugs in the mitigations for SSB for AMD processors.\n\nCVE-2018-5848\n\nThe wil6210 wifi driver did not properly validate lengths in scan and connection requests, leading to a possible buffer overflow. On systems using this driver, a local user with the CAP_NET_ADMIN capability could use this for denial of service (memory corruption or crash) or potentially for privilege escalation.\n\nCVE-2018-5953\n\nThe swiotlb subsystem printed kernel memory addresses to the system log, which could help a local attacker to exploit other vulnerabilities.\n\nCVE-2018-12896, CVE-2018-13053\n\nTeam OWL337 reported possible integer overflows in the POSIX timer implementation. These might have some security impact.\n\nCVE-2018-16862\n\nVasily Averin and Pavel Tikhomirov from Virtuozzo Kernel Team discovered that the cleancache memory management feature did not invalidate cached data for deleted files. On Xen guests using the tmem driver, local users could potentially read data from other users' deleted files if they were able to create new files on the same volume.\n\nCVE-2018-16884\n\nA flaw was found in the NFS 4.1 client implementation. Mounting NFS shares in multiple network namespaces at the same time could lead to a user-after-free. Local users might be able to use this for denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nThis can be mitigated by disabling unprivileged users from creating user namespaces, which is the default in Debian.\n\nCVE-2018-17972\n\nJann Horn reported that the /proc/*/stack files in procfs leaked sensitive data from the kernel. These files are now only readable by users with the CAP_SYS_ADMIN capability (usually only root)\n\nCVE-2018-18281\n\nJann Horn reported a race condition in the virtual memory manager that can result in a process briefly having access to memory after it is freed and reallocated. A local user permitted to create containers could possibly exploit this for denial of service (memory corruption) or for privilege escalation.\n\nCVE-2018-18690\n\nKanda Motohiro reported that XFS did not correctly handle some xattr (extended attribute) writes that require changing the disk format of the xattr. A user with access to an XFS volume could use this for denial of service.\n\nCVE-2018-18710\n\nIt was discovered that the cdrom driver does not correctly validate the parameter to the CDROM_SELECT_DISC ioctl. A user with access to a cdrom device could use this to read sensitive information from the kernel or to cause a denial of service (crash).\n\nCVE-2018-19824\n\nHui Peng and Mathias Payer discovered a use-after-free bug in the USB audio driver. A physically present attacker able to attach a specially designed USB device could use this for privilege escalation.\n\nCVE-2018-19985\n\nHui Peng and Mathias Payer discovered a missing bounds check in the hso USB serial driver. A physically present user able to attach a specially designed USB device could use this to read sensitive information from the kernel or to cause a denial of service (crash).\n\nCVE-2018-20169\n\nHui Peng and Mathias Payer discovered missing bounds checks in the USB core. A physically present attacker able to attach a specially designed USB device could use this to cause a denial of service (crash) or possibly for privilege escalation.\n\nCVE-2018-20511\n\nInfoSect reported an information leak in the AppleTalk IP/DDP implemntation. A local user with CAP_NET_ADMIN capability could use this to read sensitive information from the kernel.\n\nCVE-2019-3701\n\nMuyu Yu and Marcus Meissner reported that the CAN gateway implementation allowed the frame length to be modified, typically resulting in out-of-bounds memory-mapped I/O writes. On a system with CAN devices present, a local user with CAP_NET_ADMIN capability in the initial net namespace could use this to cause a crash (oops) or other hardware-dependent impact.\n\nCVE-2019-3819\n\nA potential infinite loop was discovered in the HID debugfs interface exposed under /sys/kernel/debug/hid. A user with access to these files could use this for denial of service.\n\nThis interface is only accessible to root by default, which fully mitigates the issue.\n\nCVE-2019-6974\n\nJann Horn reported a use-after-free bug in KVM. A local user with access to /dev/kvm could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-7221\n\nJim Mattson and Felix Wilhelm reported a user-after-free bug in KVM's nested VMX implementation. On systems with Intel CPUs, a local user with access to /dev/kvm could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nNested VMX is disabled by default, which fully mitigates the issue.\n\nCVE-2019-7222\n\nFelix Wilhelm reported an information leak in KVM for x86. A local user with access to /dev/kvm could use this to read sensitive information from the kernel.\n\nCVE-2019-9213\n\nJann Horn reported that privileged tasks could cause stack segments, including those in other processes, to grow downward to address 0. On systems lacking SMAP (x86) or PAN (ARM), this exacerbated other vulnerabilities: a NULL pointer dereference could be exploited for privilege escalation rather than only for denial of service.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 3.16.64-1.\n\nWe recommend that you upgrade your linux packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.8, "vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-03-28T00:00:00", "type": "nessus", "title": "Debian DLA-1731-2 : linux regression update (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10741", "CVE-2017-13305", "CVE-2017-5753", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-16862", "CVE-2018-16884", "CVE-2018-17972", "CVE-2018-18281", "CVE-2018-18690", "CVE-2018-18710", "CVE-2018-19824", "CVE-2018-19985", "CVE-2018-20169", "CVE-2018-20511", "CVE-2018-3639", "CVE-2018-5848", "CVE-2018-5953", "CVE-2019-3701", "CVE-2019-3819", "CVE-2019-6974", "CVE-2019-7221", "CVE-2019-7222", "CVE-2019-9213"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.8-arm", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.8-x86", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-x86", "p-cpe:/a:debian:debian_linux:linux-doc-3.16", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-586", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-common", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-ixp4xx", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-kirkwood", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-orion5x", "p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-versatile", "p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-586", "p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-amd64", "p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-armmp", "p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-ixp4xx", "p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-kirkwood", "p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-orion5x", "p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-versatile", "p-cpe:/a:debian:debian_linux:linux-libc-dev", "p-cpe:/a:debian:debian_linux:linux-manual-3.16", "p-cpe:/a:debian:debian_linux:linux-source-3.16", "p-cpe:/a:debian:debian_linux:linux-support-3.16.0-9", "p-cpe:/a:debian:debian_linux:xen-linux-system-3.16.0-9-amd64", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1731.NASL", "href": "https://www.tenable.com/plugins/nessus/123420", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1731-2. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123420);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-10741\", \"CVE-2017-13305\", \"CVE-2017-5753\", \"CVE-2018-12896\", \"CVE-2018-13053\", \"CVE-2018-16862\", \"CVE-2018-16884\", \"CVE-2018-17972\", \"CVE-2018-18281\", \"CVE-2018-18690\", \"CVE-2018-18710\", \"CVE-2018-19824\", \"CVE-2018-19985\", \"CVE-2018-20169\", \"CVE-2018-20511\", \"CVE-2018-3639\", \"CVE-2018-5848\", \"CVE-2018-5953\", \"CVE-2019-3701\", \"CVE-2019-3819\", \"CVE-2019-6974\", \"CVE-2019-7221\", \"CVE-2019-7222\", \"CVE-2019-9213\");\n\n script_name(english:\"Debian DLA-1731-2 : linux regression update (Spectre)\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The linux update issued as DLA-1731-1 caused a regression in the\nvmxnet3 (VMware virtual network adapter) driver. This update corrects\nthat regression, and an earlier regression in the CIFS network\nfilesystem implementation introduced in DLA-1422-1. For reference the\noriginal advisory text follows.\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2016-10741\n\nA race condition was discovered in XFS that would result in a crash\n(BUG). A local user permitted to write to an XFS volume could use this\nfor denial of service.\n\nCVE-2017-5753\n\nFurther instances of code that was vulnerable to Spectre variant 1\n(bounds-check bypass) have been mitigated.\n\nCVE-2017-13305\n\nA memory over-read was discovered in the keys subsystem's encrypted\nkey type. A local user could use this for denial of service or\npossibly to read sensitive information.\n\nCVE-2018-3639 (SSB)\n\nMultiple researchers have discovered that Speculative Store Bypass\n(SSB), a feature implemented in many processors, could be used to read\nsensitive information from another context. In particular, code in a\nsoftware sandbox may be able to read sensitive information from\noutside the sandbox. This issue is also known as Spectre variant 4.\n\nThis update fixes bugs in the mitigations for SSB for AMD\nprocessors.\n\nCVE-2018-5848\n\nThe wil6210 wifi driver did not properly validate lengths in scan and\nconnection requests, leading to a possible buffer overflow. On systems\nusing this driver, a local user with the CAP_NET_ADMIN capability\ncould use this for denial of service (memory corruption or crash) or\npotentially for privilege escalation.\n\nCVE-2018-5953\n\nThe swiotlb subsystem printed kernel memory addresses to the system\nlog, which could help a local attacker to exploit other\nvulnerabilities.\n\nCVE-2018-12896, CVE-2018-13053\n\nTeam OWL337 reported possible integer overflows in the POSIX timer\nimplementation. These might have some security impact.\n\nCVE-2018-16862\n\nVasily Averin and Pavel Tikhomirov from Virtuozzo Kernel Team\ndiscovered that the cleancache memory management feature did not\ninvalidate cached data for deleted files. On Xen guests using the tmem\ndriver, local users could potentially read data from other users'\ndeleted files if they were able to create new files on the same\nvolume.\n\nCVE-2018-16884\n\nA flaw was found in the NFS 4.1 client implementation. Mounting NFS\nshares in multiple network namespaces at the same time could lead to a\nuser-after-free. Local users might be able to use this for denial of\nservice (memory corruption or crash) or possibly for privilege\nescalation.\n\nThis can be mitigated by disabling unprivileged users from\ncreating user namespaces, which is the default in Debian.\n\nCVE-2018-17972\n\nJann Horn reported that the /proc/*/stack files in procfs leaked\nsensitive data from the kernel. These files are now only readable by\nusers with the CAP_SYS_ADMIN capability (usually only root)\n\nCVE-2018-18281\n\nJann Horn reported a race condition in the virtual memory manager that\ncan result in a process briefly having access to memory after it is\nfreed and reallocated. A local user permitted to create containers\ncould possibly exploit this for denial of service (memory corruption)\nor for privilege escalation.\n\nCVE-2018-18690\n\nKanda Motohiro reported that XFS did not correctly handle some xattr\n(extended attribute) writes that require changing the disk format of\nthe xattr. A user with access to an XFS volume could use this for\ndenial of service.\n\nCVE-2018-18710\n\nIt was discovered that the cdrom driver does not correctly validate\nthe parameter to the CDROM_SELECT_DISC ioctl. A user with access to a\ncdrom device could use this to read sensitive information from the\nkernel or to cause a denial of service (crash).\n\nCVE-2018-19824\n\nHui Peng and Mathias Payer discovered a use-after-free bug in the USB\naudio driver. A physically present attacker able to attach a specially\ndesigned USB device could use this for privilege escalation.\n\nCVE-2018-19985\n\nHui Peng and Mathias Payer discovered a missing bounds check in the\nhso USB serial driver. A physically present user able to attach a\nspecially designed USB device could use this to read sensitive\ninformation from the kernel or to cause a denial of service (crash).\n\nCVE-2018-20169\n\nHui Peng and Mathias Payer discovered missing bounds checks in the USB\ncore. A physically present attacker able to attach a specially\ndesigned USB device could use this to cause a denial of service\n(crash) or possibly for privilege escalation.\n\nCVE-2018-20511\n\nInfoSect reported an information leak in the AppleTalk IP/DDP\nimplemntation. A local user with CAP_NET_ADMIN capability could use\nthis to read sensitive information from the kernel.\n\nCVE-2019-3701\n\nMuyu Yu and Marcus Meissner reported that the CAN gateway\nimplementation allowed the frame length to be modified, typically\nresulting in out-of-bounds memory-mapped I/O writes. On a system with\nCAN devices present, a local user with CAP_NET_ADMIN capability in the\ninitial net namespace could use this to cause a crash (oops) or other\nhardware-dependent impact.\n\nCVE-2019-3819\n\nA potential infinite loop was discovered in the HID debugfs interface\nexposed under /sys/kernel/debug/hid. A user with access to these files\ncould use this for denial of service.\n\nThis interface is only accessible to root by default, which\nfully mitigates the issue.\n\nCVE-2019-6974\n\nJann Horn reported a use-after-free bug in KVM. A local user with\naccess to /dev/kvm could use this to cause a denial of service (memory\ncorruption or crash) or possibly for privilege escalation.\n\nCVE-2019-7221\n\nJim Mattson and Felix Wilhelm reported a user-after-free bug in KVM's\nnested VMX implementation. On systems with Intel CPUs, a local user\nwith access to /dev/kvm could use this to cause a denial of service\n(memory corruption or crash) or possibly for privilege escalation.\n\nNested VMX is disabled by default, which fully mitigates the\nissue.\n\nCVE-2019-7222\n\nFelix Wilhelm reported an information leak in KVM for x86. A local\nuser with access to /dev/kvm could use this to read sensitive\ninformation from the kernel.\n\nCVE-2019-9213\n\nJann Horn reported that privileged tasks could cause stack segments,\nincluding those in other processes, to grow downward to address 0. On\nsystems lacking SMAP (x86) or PAN (ARM), this exacerbated other\nvulnerabilities: a NULL pointer dereference could be exploited for\nprivilege escalation rather than only for denial of service.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n3.16.64-1.\n\nWe recommend that you upgrade your linux packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/linux\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20169\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.8-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.8-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-3.16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-586\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-ixp4xx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-kirkwood\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-orion5x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-586\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-ixp4xx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-kirkwood\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-orion5x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-manual-3.16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-3.16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-3.16.0-9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-linux-system-3.16.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/28\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-arm\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-x86\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.9-x86\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-doc-3.16\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-586\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-686-pae\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-amd64\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armel\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armhf\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-i386\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-amd64\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp-lpae\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-common\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-ixp4xx\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-kirkwood\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-orion5x\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-versatile\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-586\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae-dbg\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64-dbg\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp-lpae\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-ixp4xx\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-kirkwood\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-orion5x\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-versatile\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-libc-dev\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-manual-3.16\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-source-3.16\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-support-3.16.0-9\", reference:\"3.16.64-2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-linux-system-3.16.0-9-amd64\", reference:\"3.16.64-2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-11T15:18:02", "description": "The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes.\n\nThis update brings following features :\n\nSupport for Enhanced-IBRS on new Intel CPUs (fate#326564)\n\nThe following security bugs were fixed: CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319).\n\nCVE-2018-12232: In net/socket.c there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions.\nfchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash (bnc#1097593).\n\nCVE-2018-14625: A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (bnc#1106615).\n\nCVE-2018-16862: A security flaw was found in the way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186).\n\nCVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946).\n\nCVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769).\n\nCVE-2018-18397: The userfaultfd implementation mishandled access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656).\n\nCVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751).\n\nCVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841).\n\nCVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152).\n\nCVE-2018-19854: An issue was discovered in the crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs.\nNOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker did not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option) (bnc#1118428).\n\nCVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743).\n\nCVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8, "vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-04T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:0224-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-2547", "CVE-2018-10940", "CVE-2018-12232", "CVE-2018-14625", "CVE-2018-16658", "CVE-2018-16862", "CVE-2018-16884", "CVE-2018-18281", "CVE-2018-18397", "CVE-2018-18710", "CVE-2018-19407", "CVE-2018-19824", "CVE-2018-19854", "CVE-2018-19985", "CVE-2018-20169", "CVE-2018-9568"], "modified": "2022-05-24T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-obs-qa", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource", "p-cpe:/a:novell:suse_linux:kselftests-kmp-default", "p-cpe:/a:novell:suse_linux:kselftests-kmp-default-debuginfo", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-0224-1.NASL", "href": "https://www.tenable.com/plugins/nessus/121571", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0224-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121571);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/24\");\n\n script_cve_id(\n \"CVE-2013-2547\",\n \"CVE-2018-9568\",\n \"CVE-2018-10940\",\n \"CVE-2018-12232\",\n \"CVE-2018-14625\",\n \"CVE-2018-16658\",\n \"CVE-2018-16862\",\n \"CVE-2018-16884\",\n \"CVE-2018-18281\",\n \"CVE-2018-18397\",\n \"CVE-2018-18710\",\n \"CVE-2018-19407\",\n \"CVE-2018-19824\",\n \"CVE-2018-19854\",\n \"CVE-2018-19985\",\n \"CVE-2018-20169\"\n );\n script_bugtraq_id(58382);\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:0224-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 kernel was updated to receive various\nsecurity and bugfixes.\n\nThis update brings following features :\n\nSupport for Enhanced-IBRS on new Intel CPUs (fate#326564)\n\nThe following security bugs were fixed: CVE-2018-9568: In\nsk_clone_lock of sock.c, there is a possible memory corruption due to\ntype confusion. This could lead to local escalation of privilege with\nno additional execution privileges needed. User interaction is not\nneeded for exploitation. (bnc#1118319).\n\nCVE-2018-12232: In net/socket.c there is a race condition between\nfchownat and close in cases where they target the same socket file\ndescriptor, related to the sock_close and sockfs_setattr functions.\nfchownat did not increment the file descriptor reference count, which\nallowed close to set the socket to NULL during fchownat's execution,\nleading to a NULL pointer dereference and system crash (bnc#1097593).\n\nCVE-2018-14625: A flaw was found where an attacker may be able to have\nan uncontrolled read to kernel-memory from within a vm guest. A race\ncondition between connect() and close() function may allow an attacker\nusing the AF_VSOCK protocol to gather a 4 byte information leak or\npossibly intercept or corrupt AF_VSOCK messages destined to other\nclients (bnc#1106615).\n\nCVE-2018-16862: A security flaw was found in the way that the\ncleancache subsystem clears an inode after the final file truncation\n(removal). The new file created with the same inode may contain\nleftover pages from cleancache and the old file data instead of the\nnew one (bnc#1117186).\n\nCVE-2018-16884: NFS41+ shares mounted in different network namespaces\nat the same time can make bc_svc_process() use wrong back-channel IDs\nand cause a use-after-free vulnerability. Thus a malicious container\nuser can cause a host kernel memory corruption and a system panic. Due\nto the nature of the flaw, privilege escalation cannot be fully ruled\nout (bnc#1119946).\n\nCVE-2018-18281: The mremap() syscall performs TLB flushes after\ndropping pagetable locks. If a syscall such as ftruncate() removes\nentries from the pagetables of a task that is in the middle of\nmremap(), a stale TLB entry can remain for a short time that permits\naccess to a physical page after it has been released back to the page\nallocator and reused. (bnc#1113769).\n\nCVE-2018-18397: The userfaultfd implementation mishandled access\ncontrol for certain UFFDIO_ ioctl calls, as demonstrated by allowing\nlocal users to write data into holes in a tmpfs file (if the user has\nread-only access to that file, and that file contains holes), related\nto fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656).\n\nCVE-2018-18710: An information leak in cdrom_ioctl_select_disc in\ndrivers/cdrom/cdrom.c could be used by local attackers to read kernel\nmemory because a cast from unsigned long to int interferes with bounds\nchecking. This is similar to CVE-2018-10940 and CVE-2018-16658\n(bnc#1113751).\n\nCVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c\nallowed local users to cause a denial of service (NULL pointer\ndereference and BUG) via crafted system calls that reach a situation\nwhere ioapic is uninitialized (bnc#1116841).\n\nCVE-2018-19824: A local user could exploit a use-after-free in the\nALSA driver by supplying a malicious USB Sound device (with zero\ninterfaces) that is mishandled in usb_audio_probe in sound/usb/card.c\n(bnc#1118152).\n\nCVE-2018-19854: An issue was discovered in the crypto_report_one() and\nrelated functions in crypto/crypto_user.c (the crypto user\nconfiguration API) do not fully initialize structures that are copied\nto userspace, potentially leaking sensitive memory to user programs.\nNOTE: this is a CVE-2013-2547 regression but with easier\nexploitability because the attacker did not need a capability\n(however, the system must have the CONFIG_CRYPTO_USER kconfig option)\n(bnc#1118428).\n\nCVE-2018-19985: The function hso_probe read if_num from the USB device\n(as an u8) and used it without a length check to index an array,\nresulting in an OOB memory read in hso_probe or hso_get_config_data\nthat could be used by local attackers (bnc#1120743).\n\nCVE-2018-20169: The USB subsystem mishandled size checks during the\nreading of an extra descriptor, related to __usb_get_extra_descriptor\nin drivers/usb/core/usb.c (bnc#1119714).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024718\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046299\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1060463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1068273\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078248\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1079935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082387\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1091405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1091800\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1100132\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102875\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103257\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103356\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103925\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104124\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104824\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104967\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106105\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106110\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106237\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106913\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107256\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107866\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108270\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108468\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109272\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109806\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111174\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111183\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111188\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111469\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111795\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111809\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111921\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113408\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113412\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113501\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114576\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114580\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114582\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114583\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114585\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114839\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115269\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115433\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116183\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116336\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116699\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116701\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116803\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116841\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116862\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116863\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116876\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116891\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116899\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117165\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117172\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117174\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117181\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117184\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117188\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117189\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117561\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117789\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117791\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117794\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117795\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117796\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117798\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117799\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117802\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117803\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117806\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117807\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117808\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117815\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117817\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117818\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117819\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117953\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118102\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118136\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118137\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118138\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118152\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118215\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118316\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118319\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118484\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118505\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118766\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118768\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118771\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118798\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118809\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119212\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119714\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119968\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120053\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120088\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120173\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120214\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120223\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120228\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120230\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120232\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120234\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120235\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120238\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120594\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120618\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120621\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120633\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120743\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120954\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121263\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121273\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121483\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121621\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121714\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-12232/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-14625/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16862/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16884/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-18281/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-18397/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-18710/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-19407/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-19824/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-19854/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-19985/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20169/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-9568/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190224-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?967f2743\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15:zypper in -t patch\nSUSE-SLE-Product-WE-15-2019-224=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-224=1\n\nSUSE Linux Enterprise Module for Live Patching 15:zypper in -t patch\nSUSE-SLE-Module-Live-Patching-15-2019-224=1\n\nSUSE Linux Enterprise Module for Legacy Software 15:zypper in -t patch\nSUSE-SLE-Module-Legacy-15-2019-224=1\n\nSUSE Linux Enterprise Module for Development Tools 15:zypper in -t\npatch SUSE-SLE-Module-Development-Tools-15-2019-224=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2019-224=1\n\nSUSE Linux Enterprise High Availability 15:zypper in -t patch\nSUSE-SLE-Product-HA-15-2019-224=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-9568\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-16884\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/03/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-base-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-base-debuginfo-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-debuginfo-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-debugsource-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-devel-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-devel-debuginfo-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-obs-build-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-obs-build-debugsource-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-obs-qa-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-syms-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-vanilla-base-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-vanilla-debuginfo-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-vanilla-debugsource-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kselftests-kmp-default-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kselftests-kmp-default-debuginfo-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"reiserfs-kmp-default-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"reiserfs-kmp-default-debuginfo-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-base-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-base-debuginfo-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-debuginfo-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-debugsource-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-devel-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-devel-debuginfo-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-obs-build-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-obs-build-debugsource-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-obs-qa-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-syms-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-vanilla-base-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-vanilla-debuginfo-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-vanilla-debugsource-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kselftests-kmp-default-4.12.14-25.28.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kselftests-kmp-default-debuginfo-4.12.14-25.28.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-10T15:43:33", "description": "The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2019-3459,CVE-2019-3460: Two information leaks in the bluetooth stack were fixed. (bnc#1120758).\n\n - CVE-2019-7221: A use-after-free in the KVM nVMX hrtimer was fixed. (bnc#1124732).\n\n - CVE-2019-7222: A information leak in exception handling in KVM could be used to expose host memory to guests.\n (bnc#1124735).\n\n - CVE-2019-6974: A use-after-free in the KVM device control API was fixed. (bnc#1124728).\n\n - CVE-2018-20669: Missing access control checks in ioctl of gpu/drm/i915 driver were fixed which might have lead to information leaks. (bnc#1122971).\n\nThe following non-security bugs were fixed :\n\n - 6lowpan: iphc: reset mac_header after decompress to fix panic (bsc#1051510).\n\n - 9p: clear dangling pointers in p9stat_free (bsc#1051510).\n\n - 9p locks: fix glock.client_id leak in do_lock (bsc#1051510).\n\n - 9p/net: put a lower bound on msize (bsc#1051510).\n\n - acpi/nfit: Block function zero DSMs (bsc#1051510).\n\n - acpi, nfit: Fix Address Range Scrub completion tracking (bsc#1124969).\n\n - acpi/nfit: Fix command-supported detection (bsc#1051510).\n\n - acpi/nfit: Fix race accessing memdev in nfit_get_smbios_id() (bsc#1122662).\n\n - acpi/nfit: Fix user-initiated ARS to be 'ARS-long' rather than 'ARS-short' (bsc#1124969).\n\n - ACPI: power: Skip duplicate power resource references in\n _PRx (bsc#1051510).\n\n - Add delay-init quirk for Corsair K70 RGB keyboards (bsc#1087092).\n\n - af_iucv: Move sockaddr length checks to before accessing sa_family in bind and connect handlers (bsc#1051510).\n\n - alsa: bebob: fix model-id of unit for Apogee Ensemble (bsc#1051510).\n\n - alsa: compress: Fix stop handling on compressed capture streams (bsc#1051510).\n\n - alsa: hda - Add mute LED support for HP ProBook 470 G5 (bsc#1051510).\n\n - alsa: hda/ca0132 - Fix build error without CONFIG_PCI (bsc#1051510).\n\n - alsa: hda/realtek - Fixed hp_pin no value (bsc#1051510).\n\n - alsa: hda/realtek - Fix lose hp_pins for disable auto mute (bsc#1051510).\n\n - alsa: hda/realtek - Use a common helper for hp pin reference (bsc#1051510).\n\n - alsa: hda - Serialize codec registrations (bsc#1122944).\n\n - alsa: hda - Use standard device registration for beep (bsc#1122944).\n\n - alsa: oxfw: add support for APOGEE duet FireWire (bsc#1051510).\n\n - alsa: usb-audio: Add Opus #3 to quirks for native DSD support (bsc#1051510).\n\n - alsa: usb-audio: Add support for new T+A USB DAC (bsc#1051510).\n\n - amd-xgbe: Fix mdio access for non-zero ports and clause 45 PHYs (bsc#1122927).\n\n - arm: 8802/1: Call syscall_trace_exit even when system call skipped (bsc#1051510).\n\n - arm: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling (bsc#1051510).\n\n - arm: 8815/1: V7M: align v7m_dma_inv_range() with v7 counterpart (bsc#1051510).\n\n - arm/arm64: kvm:vgic: Force VM halt when changing the active state of GICv3 PPIs/SGIs (bsc#1051510).\n\n - arm: cns3xxx: Fix writing to wrong PCI config registers after alignment (bsc#1051510).\n\n - arm: cns3xxx: Use actual size reads for PCIe (bsc#1051510).\n\n - arm: imx: update the cpu power up timing setting on i.mx6sx (bsc#1051510).\n\n - arm: kvm:Fix VTTBR_BADDR_MASK BUG_ON off-by-one (bsc#1051510).\n\n - arm: mmp/mmp2: fix cpu_is_mmp2() on mmp2-dt (bsc#1051510).\n\n - arm: OMAP1: ams-delta: Fix possible use of uninitialized field (bsc#1051510).\n\n - arm: OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup (bsc#1051510).\n\n - ASoC: dma-sh7760: cleanup a debug printk (bsc#1051510).\n\n - ASoC: rt5514-spi: Fix potential NULL pointer dereference (bsc#1051510).\n\n - ax25: fix a use-after-free in ax25_fillin_cb() (networking-stable-19_01_04).\n\n - be2net: do not flip hw_features when VXLANs are added/deleted (bsc#1050252).\n\n - blkdev: avoid migration stalls for blkdev pages (bsc#1084216).\n\n - blk-mq: fix kernel oops in blk_mq_tag_idle() (bsc#1051510).\n\n - block: break discard submissions into the user defined size (git-fixes).\n\n - block: cleanup __blkdev_issue_discard() (git-fixes).\n\n - block: do not deal with discard limit in blkdev_issue_discard() (git-fixes).\n\n - block: fix 32 bit overflow in __blkdev_issue_discard() (git-fixes).\n\n - block: fix infinite loop if the device loses discard capability (git-fixes).\n\n - block: make sure discard bio is aligned with logical block size (git-fixes).\n\n - block: make sure writesame bio is aligned with logical block size (git-fixes).\n\n - block/swim3: Fix -EBUSY error when re-opening device after unmount (git-fixes).\n\n - bnx2x: Assign unique DMAE channel number for FW DMAE transactions (bsc#1086323).\n\n - bnx2x: Clear fip MAC when fcoe offload support is disabled (bsc#1086323).\n\n - bnx2x: Fix NULL pointer dereference in bnx2x_del_all_vlans() on some hw (bsc#1086323).\n\n - bnx2x: Remove configured vlans as part of unload sequence (bsc#1086323).\n\n - bnx2x: Send update-svid ramrod with retry/poll flags enabled (bsc#1086323).\n\n - bonding: update nest level on unlink (git-fixes).\n\n - bsg: allocate sense buffer if requested (bsc#1106811).\n\n - btrfs: qgroup: Fix root item corruption when multiple same source snapshots are created with quota enabled (bsc#1122324).\n\n - can: bcm: check timer values before ktime conversion (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it (bsc#1051510).\n\n - can: gw: ensure DLC boundaries after CAN frame modification (bsc#1051510).\n\n - cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader (bsc#1051510).\n\n - char/mwave: fix potential Spectre v1 vulnerability (bsc#1051510).\n\n - checkstack.pl: fix for aarch64 (bsc#1051510).\n\n - cifs: add missing debug entries for kconfig options (bsc#1051510).\n\n - cifs: add missing support for ACLs in SMB 3.11 (bsc#1051510).\n\n - cifs: add sha512 secmech (bsc#1051510).\n\n - cifs: Add support for reading attributes on SMB2+ (bsc#1051510).\n\n - cifs: Add support for writing attributes on SMB2+ (bsc#1051510).\n\n - cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510).\n\n - cifs: Do not modify mid entry after submitting I/O in cifs_call_async (bsc#1051510).\n\n - cifs: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bsc#1051510).\n\n - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510).\n\n - cifs: fix return value for cifs_listxattr (bsc#1051510).\n\n - cifs: Fix separator when building path from dentry (bsc#1051510).\n\n - cifs: fix set info (bsc#1051510).\n\n - cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510).\n\n - cifs: fix wrapping bugs in num_entries() (bsc#1051510).\n\n - cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class (bsc#1051510).\n\n - cifs: hide unused functions (bsc#1051510).\n\n - cifs: hide unused functions (bsc#1051510).\n\n - cifs: implement v3.11 preauth integrity (bsc#1051510).\n\n - cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510).\n\n - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510).\n\n - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options (bsc#1051510).\n\n - cifs: prototype declaration and definition to set acl for smb 2 - 3 and cifsacl mount options (bsc#1051510).\n\n - cifs: refactor crypto shash/sdesc allocation&free (bsc#1051510).\n\n - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510).\n\n - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions (bsc#1051510).\n\n - cifs: Use smb 2 - 3 and cifsacl mount options setacl function (bsc#1051510).\n\n - cifs: Use ULL suffix for 64-bit constant (bsc#1051510).\n\n - clk: imx6q: reset exclusive gates on init (bsc#1051510).\n\n - clk: rockchip: fix typo in rk3188 spdif_frac parent (bsc#1051510).\n\n - clk: sunxi-ng: enable so-said LDOs for A64 SoC's pll-mipi clock (bsc#1051510).\n\n - clk: sunxi-ng: h3/h5: Fix CSI_MCLK parent (bsc#1051510).\n\n - cpufreq: imx6q: add return value check for voltage scale (bsc#1051510).\n\n - Cramfs: fix abad comparison when wrap-arounds occur (bsc#1051510).\n\n - crypto: authencesn - Avoid twice completion call in decrypt path (bsc#1051510).\n\n - crypto: authenc - fix parsing key with misaligned rta_len (bsc#1051510).\n\n - crypto: bcm - convert to use crypto_authenc_extractkeys() (bsc#1051510).\n\n - crypto: caam - fix zero-length buffer DMA mapping (bsc#1051510).\n\n - crypto: user - support incremental algorithm dumps (bsc#1120902).\n\n - dlm: fixed memory leaks after failed ls_remove_names allocation (bsc#1051510).\n\n - dlm: lost put_lkb on error path in receive_convert() and receive_unlock() (bsc#1051510).\n\n - dlm: memory leaks on error path in dlm_user_request() (bsc#1051510).\n\n - dlm: possible memory leak on error path in create_lkb() (bsc#1051510).\n\n - dmaengine: at_hdmac: fix memory leak in at_dma_xlate() (bsc#1051510).\n\n - dmaengine: at_hdmac: fix module unloading (bsc#1051510).\n\n - dmaengine: dma-jz4780: Return error if not probed from DT (bsc#1051510).\n\n - dmaengine: dw: Fix FIFO size for Intel Merrifield (bsc#1051510).\n\n - dmaengine: xilinx_dma: Remove __aligned attribute on zynqmp_dma_desc_ll (bsc#1051510).\n\n - dm cache metadata: verify cache has blocks in blocks_are_clean_separate_dirty() (git-fixes).\n\n - dm: call blk_queue_split() to impose device limits on bios (git-fixes).\n\n - dm: do not allow readahead to limit IO size (git-fixes).\n\n - dm thin: send event about thin-pool state change _after_ making it (git-fixes).\n\n - dm zoned: Fix target BIO completion handling (git-fixes).\n\n - Do not log expected error on DFS referral request (bsc#1051510).\n\n - driver core: Move async_synchronize_full call (bsc#1051510).\n\n - drivers: core: Remove glue dirs from sysfs earlier (bsc#1051510).\n\n - drivers/misc/sgi-gru: fix Spectre v1 vulnerability (bsc#1051510).\n\n - drivers/net/ethernet/qlogic/qed/qed_rdma.h: fix typo (bsc#1086314 bsc#1086313 bsc#1086301 ).\n\n - drivers/sbus/char: add of_node_put() (bsc#1051510).\n\n - drivers/tty: add missing of_node_put() (bsc#1051510).\n\n - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1113722)\n\n - drm/fb-helper: Partially bring back workaround for bugs of SDL 1.2 (bsc#1113722)\n\n - drm/i915/gvt: Fix mmap range check (bsc#1120902)\n\n - drm/nouveau/tmr: detect stalled gpu timer and break out of waits (bsc#1123538).\n\n - drm/vmwgfx: Fix setting of dma masks (bsc#1120902)\n\n - drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user (bsc#1120902)\n\n - e1000e: allow non-monotonic SYSTIM readings (bsc#1051510).\n\n - exportfs: do not read dentry after free (bsc#1051510).\n\n - ext4: Fix crash during online resizing (bsc#1122779).\n\n - fanotify: fix handling of events on child sub-directory (bsc#1122019).\n\n - fat: validate ->i_start before using (bsc#1051510).\n\n - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510).\n\n - fork: do not copy inconsistent signal handler state to child (bsc#1051510).\n\n - fork: record start_time late (git-fixes).\n\n - fork: unconditionally clear stack on fork (git-fixes).\n\n - fs/cifs: require sha512 (bsc#1051510).\n\n - gpio: altera-a10sr: Set proper output level for direction_output (bsc#1051510).\n\n - gpio: pcf857x: Fix interrupts on multiple instances (bsc#1051510).\n\n - gpio: pl061: handle failed allocations (bsc#1051510).\n\n - gpio: pl061: Move irq_chip definition inside struct pl061 (bsc#1051510).\n\n - gpio: vf610: Mask all GPIO interrupts (bsc#1051510).\n\n - gro_cell: add napi_disable in gro_cells_destroy (networking-stable-19_01_04).\n\n - hfs: do not free node before using (bsc#1051510).\n\n - hfsplus: do not free node before using (bsc#1051510).\n\n - hfsplus: prevent btree data loss on root split (bsc#1051510).\n\n - hfs: prevent btree data loss on root split (bsc#1051510).\n\n - i2c: dev: prevent adapter retries and timeout being set as minus value (bsc#1051510).\n\n - i40e: fix mac filter delete when setting mac address (bsc#1056658 bsc#1056662).\n\n - i40e: report correct statistics when XDP is enabled (bsc#1056658 bsc#1056662).\n\n - i40e: restore NETIF_F_GSO_IPXIP to netdev features (bsc#1056658 bsc#1056662).\n\n - ibmveth: Do not process frames after calling napi_reschedule (bcs#1123357).\n\n - ibmveth: fix DMA unmap error in ibmveth_xmit_start error path (networking-stable-19_01_04).\n\n - ibmvnic: Add ethtool private flag for driver-defined queue limits (bsc#1121726).\n\n - ibmvnic: Increase maximum queue size limit (bsc#1121726).\n\n - ibmvnic: Introduce driver limits for ring sizes (bsc#1121726).\n\n - ide: pmac: add of_node_put() (bsc#1051510).\n\n - ieee802154: lowpan_header_create check must check daddr (networking-stable-19_01_04).\n\n - input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G (bsc#1051510).\n\n - input: omap-keypad - fix idle configuration to not block SoC idle states (bsc#1051510).\n\n - input: raspberrypi-ts - fix link error (git-fixes).\n\n - input: restore EV_ABS ABS_RESERVED (bsc#1051510).\n\n - input: synaptics - enable RMI on ThinkPad T560 (bsc#1051510).\n\n - input: synaptics - enable SMBus for HP EliteBook 840 G4 (bsc#1051510).\n\n - input: xpad - add support for SteelSeries Stratus Duo (bsc#1111666).\n\n - iommu/amd: Call free_iova_fast with pfn in map_sg (bsc#1106105).\n\n - iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105).\n\n - iommu/amd: Unmap all mapped pages in error path of map_sg (bsc#1106105).\n\n - iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions() (bsc#1106105).\n\n - ip6mr: Fix potential Spectre v1 vulnerability (networking-stable-19_01_04).\n\n - ipmi:pci: Blacklist a Realtek 'IPMI' device (git-fixes).\n\n - ipmi:ssif: Fix handling of multi-part return messages (bsc#1051510).\n\n - ip: on queued skb use skb_header_pointer instead of pskb_may_pull (git-fixes).\n\n - ipv4: Fix potential Spectre v1 vulnerability (networking-stable-19_01_04).\n\n - ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes (networking-stable-18_12_12).\n\n - ipv6: Check available headroom in ip6_xmit() even without options (networking-stable-18_12_12).\n\n - ipv6: explicitly initialize udp6_addr in udp_sock_create6() (networking-stable-19_01_04).\n\n - ipv6: sr: properly initialize flowi6 prior passing to ip6_route_output (networking-stable-18_12_12).\n\n - ipv6: tunnels: fix two use-after-free (networking-stable-19_01_04).\n\n - ip: validate header length on virtual device xmit (networking-stable-19_01_04).\n\n - iscsi target: fix session creation failure handling (bsc#1051510).\n\n - isdn: fix kernel-infoleak in capi_unlocked_ioctl (bsc#1051510).\n\n - iwlwifi: fix non_shared_ant for 22000 devices (bsc#1119086).\n\n - iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE (bsc#1119086).\n\n - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT to old firmwares (bsc#1119086).\n\n - jffs2: Fix use of uninitialized delayed_work, lockdep breakage (bsc#1051510).\n\n - kABI: fix xhci kABI stability (bsc#1119086).\n\n - kABI: protect struct sctp_association (kabi).\n\n - kABI workaround for deleted snd_hda_register_beep_device() (bsc#1122944).\n\n - kABI workaround for snd_hda_bus.bus_probing addition (bsc#1122944).\n\n - kdb: use memmove instead of overlapping memcpy (bsc#1120954).\n\n - kernel/exit.c: release ptraced tasks before zap_pid_ns_processes (git-fixes).\n\n - kvm: arm/arm64: Properly protect VGIC locks from IRQs (bsc#1117155).\n\n - kvm: arm/arm64: VGIC/ITS: Promote irq_lock() in update_affinity (bsc#1117155).\n\n - kvm: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock (bsc#1117155).\n\n - kvm: arm/arm64: VGIC/ITS save/restore: protect kvm_read_guest() calls (bsc#1117155).\n\n - kvm: PPC: Book3S PR: Set hflag to indicate that POWER9 supports 1T segments (bsc#1124589).\n\n - kvm: sev: Fail KVM_SEV_INIT if already initialized (bsc#1114279).\n\n - kvm: x86: fix L1TF's MMIO GFN calculation (bsc#1124204).\n\n - lan78xx: Resolve issue with changing MAC address (bsc#1051510).\n\n - libertas_tf: prevent underflow in process_cmdrequest() (bsc#1119086).\n\n - lib/rbtree-test: lower default params (git-fixes).\n\n - lockd: fix access beyond unterminated strings in prints (git-fixes).\n\n - LSM: Check for NULL cred-security on free (bsc#1051510).\n\n - md: fix raid10 hang issue caused by barrier (git-fixes).\n\n - media: firewire: Fix app_info parameter type in avc_ca(,_app)_info (bsc#1051510).\n\n - media: usb: pwc: Do not use coherent DMA buffers for ISO transfer (bsc#1054610).\n\n - media: v4l2-tpg: array index could become negative (bsc#1051510).\n\n - media: v4l: ioctl: Validate num_planes for debug messages (bsc#1051510).\n\n - media: vb2: be sure to unlock mutex on errors (bsc#1051510).\n\n - media: vb2: vb2_mmap: move lock up (bsc#1051510).\n\n - media: vivid: fix error handling of kthread_run (bsc#1051510).\n\n - media: vivid: free bitmap_cap when updating std/timings/etc (bsc#1051510).\n\n - media: vivid: set min width/height to a value > 0 (bsc#1051510).\n\n - mfd: ab8500-core: Return zero in get_register_interruptible() (bsc#1051510).\n\n - mfd: tps6586x: Handle interrupts on suspend (bsc#1051510).\n\n - misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data (bsc#1051510).\n\n - misc: hmc6352: fix potential Spectre v1 (bsc#1051510).\n\n - misc: mic/scif: fix copy-paste error in scif_create_remote_lookup (bsc#1051510).\n\n - misc: mic: SCIF Fix scif_get_new_port() error handling (bsc#1051510).\n\n - misc: sram: enable clock before registering regions (bsc#1051510).\n\n - misc: sram: fix resource leaks in probe error path (bsc#1051510).\n\n - misc: ti-st: Fix memory leak in the error path of probe() (bsc#1051510).\n\n - misc: vexpress: Off by one in vexpress_syscfg_exec() (bsc#1051510).\n\n - mmc: atmel-mci: do not assume idle after atmci_request_end (bsc#1051510).\n\n - mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1051510).\n\n - mmc: dw_mmc-bluefield: : Fix the license information (bsc#1051510).\n\n - mmc: sdhci-iproc: handle mmc_of_parse() errors during probe (bsc#1051510).\n\n - mm/huge_memory: fix lockdep complaint on 32-bit i_size_read() (VM Functionality, bsc#1121599).\n\n - mm/huge_memory: rename freeze_page() to unmap_page() (VM Functionality, bsc#1121599).\n\n - mm/huge_memory: splitting set mapping+index before unfreeze (VM Functionality, bsc#1121599).\n\n - mm/khugepaged: collapse_shmem() do not crash on Compound (VM Functionality, bsc#1121599).\n\n - mm/khugepaged: collapse_shmem() remember to clear holes (VM Functionality, bsc#1121599).\n\n - mm/khugepaged: collapse_shmem() stop if punched or truncated (VM Functionality, bsc#1121599).\n\n - mm/khugepaged: collapse_shmem() without freezing new_page (VM Functionality, bsc#1121599).\n\n - mm/khugepaged: fix crashes due to misaccounted holes (VM Functionality, bsc#1121599).\n\n - mm/khugepaged: minor reorderings in collapse_shmem() (VM Functionality, bsc#1121599).\n\n - mm: migrate: lock buffers before migrate_page_move_mapping() (bsc#1084216).\n\n - mm: migrate: Make buffer_migrate_page_norefs() actually succeed (bsc#1084216)\n\n - mm: migrate: provide buffer_migrate_page_norefs() (bsc#1084216).\n\n - mm: migration: factor out code to compute expected number of page references (bsc#1084216).\n\n - Move the upstreamed HD-audio fix into sorted section\n\n - mpt3sas: check sense buffer before copying sense data (bsc#1106811).\n\n - neighbour: Avoid writing before skb->head in neigh_hh_output() (networking-stable-18_12_12).\n\n - net: 8139cp: fix a BUG triggered by changing mtu with network traffic (networking-stable-18_12_12).\n\n - net: core: Fix Spectre v1 vulnerability (networking-stable-19_01_04).\n\n - net/hamradio/6pack: use mod_timer() to rearm timers (networking-stable-19_01_04).\n\n - net: hns3: add error handler for hns3_nic_init_vector_data() (bsc#1104353).\n\n - net: hns3: add handling for big TX fragment (bsc#1104353 ).\n\n - net: hns3: Fix client initialize state issue when roce client initialize failed (bsc#1104353).\n\n - net: hns3: Fix for loopback selftest failed problem (bsc#1104353 ).\n\n - net: hns3: fix for multiple unmapping DMA problem (bsc#1104353 ).\n\n - net: hns3: Fix tc setup when netdev is first up (bsc#1104353 ).\n\n - net: hns3: Fix tqp array traversal condition for vf (bsc#1104353 ).\n\n - net: hns3: move DMA map into hns3_fill_desc (bsc#1104353 ).\n\n - net: hns3: remove hns3_fill_desc_tso (bsc#1104353).\n\n - net: hns3: rename hns_nic_dma_unmap (bsc#1104353).\n\n - net: hns3: rename the interface for init_client_instance and uninit_client_instance (bsc#1104353).\n\n - net: macb: restart tx after tx used bit read (networking-stable-19_01_04).\n\n - net/mlx4_en: Change min MTU size to ETH_MIN_MTU (networking-stable-18_12_12).\n\n - net/mlx5e: Remove the false indication of software timestamping support (networking-stable-19_01_04).\n\n - net/mlx5: Typo fix in del_sw_hw_rule (networking-stable-19_01_04).\n\n - net: phy: do not allow __set_phy_supported to add unsupported modes (networking-stable-18_12_12).\n\n - net: phy: Fix the issue that netif always links up after resuming (networking-stable-19_01_04).\n\n - netrom: fix locking in nr_find_socket() (networking-stable-19_01_04).\n\n - net: skb_scrub_packet(): Scrub offload_fwd_mark (networking-stable-18_12_03).\n\n - net/smc: fix TCP fallback socket release (networking-stable-19_01_04).\n\n - net: stmmac: Fix PCI module removal leak (git-fixes).\n\n - net: thunderx: set tso_hdrs pointer to NULL in nicvf_free_snd_queue (networking-stable-18_12_03).\n\n - net: thunderx: set xdp_prog to NULL if bpf_prog_add fails (networking-stable-18_12_03).\n\n - net/wan: fix a double free in x25_asy_open_tty() (networking-stable-19_01_04).\n\n - nfsd: COPY and CLONE operations require the saved filehandle to be set (git-fixes).\n\n - nfsd: Fix an Oops in free_session() (git-fixes).\n\n - nfs: Fix a missed page unlock after pg_doio() (git-fixes).\n\n - NFS: Fix up return value on fatal errors in nfs_page_async_flush() (git-fixes).\n\n - NFSv4.1: Fix the r/wsize checking (git-fixes).\n\n - NFSv4: Do not exit the state manager without clearing NFS4CLNT_MANAGER_RUNNING (git-fixes).\n\n - nvme-multipath: round-robin I/O policy (bsc#1110705).\n\n - omap2fb: Fix stack memory disclosure (bsc#1120902)\n\n - packet: Do not leak dev refcounts on error exit (git-fixes).\n\n - packet: validate address length if non-zero (networking-stable-19_01_04).\n\n - packet: validate address length (networking-stable-19_01_04).\n\n - PCI: Disable broken RTIT_BAR of Intel TH (bsc#1120318).\n\n - phonet: af_phonet: Fix Spectre v1 vulnerability (networking-stable-19_01_04).\n\n - platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes (bsc#1051510).\n\n - platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK (bsc#1051510).\n\n - platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey (bsc#1051510).\n\n - powerpc: Always save/restore checkpointed regs during treclaim/trecheckpoint (bsc#1118338).\n\n - powerpc/cacheinfo: Report the correct shared_cpu_map on big-cores (bsc#1109695).\n\n - powerpc: Detect the presence of big-cores via 'ibm, thread-groups' (bsc#1109695).\n\n - powerpc: make use of for_each_node_by_type() instead of open-coding it (bsc#1109695).\n\n - powerpc/powernv: Clear LPCR[PECE1] via stop-api only for deep state offline (bsc#1119766, bsc#1055121).\n\n - powerpc/powernv: Clear PECE1 in LPCR via stop-api only on Hotplug (bsc#1119766, bsc#1055121).\n\n - powerpc: Remove facility loadups on transactional (fp, vec, vsx) unavailable (bsc#1118338).\n\n - powerpc: Remove redundant FP/Altivec giveup code (bsc#1118338).\n\n - powerpc/setup: Add cpu_to_phys_id array (bsc#1109695).\n\n - powerpc/smp: Add cpu_l2_cache_map (bsc#1109695).\n\n - powerpc/smp: Add Power9 scheduler topology (bsc#1109695).\n\n - powerpc/smp: Rework CPU topology construction (bsc#1109695).\n\n - powerpc/smp: Use cpu_to_chip_id() to find core siblings (bsc#1109695).\n\n - powerpc/tm: Avoid machine crash on rt_sigreturn (bsc#1118338).\n\n - powerpc/tm: Do not check for WARN in TM Bad Thing handling (bsc#1118338).\n\n - powerpc/tm: Fix comment (bsc#1118338).\n\n - powerpc/tm: Fix endianness flip on trap (bsc#1118338).\n\n - powerpc/tm: Fix HFSCR bit for no suspend case (bsc#1118338).\n\n - powerpc/tm: Fix HTM documentation (bsc#1118338).\n\n - powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM (bsc#1118338).\n\n - powerpc/tm: P9 disable transactionally suspended sigcontexts (bsc#1118338).\n\n - powerpc/tm: Print 64-bits MSR (bsc#1118338).\n\n - powerpc/tm: Print scratch value (bsc#1118338).\n\n - powerpc/tm: Reformat comments (bsc#1118338).\n\n - powerpc/tm: Remove msr_tm_active() (bsc#1118338).\n\n - powerpc/tm: Remove struct thread_info param from tm_reclaim_thread() (bsc#1118338).\n\n - powerpc/tm: Save MSR to PACA before RFID (bsc#1118338).\n\n - powerpc/tm: Set MSR[TS] just prior to recheckpoint (bsc#1118338, bsc#1120955).\n\n - powerpc/tm: Unset MSR[TS] if not recheckpointing (bsc#1118338).\n\n - powerpc/tm: Update function prototype comment (bsc#1118338).\n\n - powerpc: Use cpu_smallcore_sibling_mask at SMT level on bigcores (bsc#1109695).\n\n - powerpc/xmon: Fix invocation inside lock region (bsc#1122885).\n\n - pstore/ram: Avoid allocation and leak of platform data (bsc#1051510).\n\n - pstore/ram: Avoid NULL deref in ftrace merging failure path (bsc#1051510).\n\n - pstore/ram: Correctly calculate usable PRZ bytes (bsc#1051510).\n\n - pstore/ram: Do not treat empty buffers as valid (bsc#1051510).\n\n - ptp_kvm: probe for kvm guest availability (bsc#1098382).\n\n - ptr_ring: wrap back ->producer in\n __ptr_ring_swap_queue() (networking-stable-19_01_04).\n\n - qed: Avoid constant logical operation warning in qed_vf_pf_acquire (bsc#1086314 bsc#1086313 bsc#1086301).\n\n - qed: Avoid implicit enum conversion in qed_iwarp_parse_rx_pkt (bsc#1086314 bsc#1086313 bsc#1086301 ).\n\n - qed: Avoid implicit enum conversion in qed_roce_mode_to_flavor (bsc#1086314 bsc#1086313 bsc#1086301 ).\n\n - qed: Avoid implicit enum conversion in qed_set_tunn_cls_info (bsc#1086314 bsc#1086313 bsc#1086301 ).\n\n - qed: Fix an error code qed_ll2_start_xmit() (bsc#1086314 bsc#1086313 bsc#1086301).\n\n - qed: Fix bitmap_weight() check (bsc#1086314 bsc#1086313 bsc#1086301).\n\n - qed: Fix blocking/unlimited SPQ entries leak (bsc#1086314 bsc#1086313 bsc#1086301).\n\n - qed: Fix command number mismatch between driver and the mfw (bsc#1086314 bsc#1086313 bsc#1086301 ).\n\n - qed: Fix mask parameter in qed_vf_prep_tunn_req_tlv (bsc#1086314 bsc#1086313 bsc#1086301).\n\n - qed: Fix memory/entry leak in qed_init_sp_request() (bsc#1086314 bsc#1086313 bsc#1086301).\n\n - qed: Fix potential memory corruption (bsc#1086314 bsc#1086313 bsc#1086301).\n\n - qed: Fix PTT leak in qed_drain() (bsc#1086314 bsc#1086313 bsc#1086301).\n\n - qed: Fix QM getters to always return a valid pq (bsc#1086314 bsc#1086313 bsc#1086301).\n\n - qed: Fix rdma_info structure allocation (bsc#1086314 bsc#1086313 bsc#1086301).\n\n - qed: Fix reading wrong value in loop condition (bsc#1086314 bsc#1086313 bsc#1086301).\n\n - qla2xxx: Fixup dual-protocol FCP connections (bsc#1108870).\n\n - qmi_wwan: Added support for Fibocom NL668 series (networking-stable-19_01_04).\n\n - qmi_wwan: Added support for Telit LN940 series (networking-stable-19_01_04).\n\n - qmi_wwan: Add support for Fibocom NL678 series (networking-stable-19_01_04).\n\n - rapidio/rionet: do not free skb before reading its length (networking-stable-18_12_03).\n\n - RDMA/core: Fix unwinding flow in case of error to register device (bsc#1046306).\n\n - Revert 'serial: 8250: Fix clearing FIFOs in RS485 mode again' (bsc#1051510).\n\n - rpm/release-projects: Add SUSE:Maintenance:* for MU kernels (bsc#1123317)\n\n - rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices (networking-stable-18_12_12).\n\n - s390/zcrypt: fix specification exception on z196 during ap probe (LTC#174936, bsc#1123061).\n\n - sbus: char: add of_node_put() (bsc#1051510).\n\n - sched/wait: Fix rcuwait_wake_up() ordering (git-fixes).\n\n - scripts/git_sort/git_sort.py: Add mkp/scsi 5.0/scsi-fixes\n\n - scripts/git_sort/git_sort.py: Add s390/linux.git fixes.\n\n - scsi: qedi: Add ep_state for login completion on un-reachable targets (bsc#1113712).\n\n - scsi: qla2xxx: Timeouts occur on surprise removal of QLogic adapter (bsc#1124985).\n\n - scsi: target: make the pi_prot_format ConfigFS path readable (bsc#1123933).\n\n - sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event (networking-stable-19_01_04).\n\n - sctp: kfree_rcu asoc (networking-stable-18_12_12).\n\n - selftests/powerpc: Use snprintf to construct DSCR sysfs interface paths (bsc#1124579).\n\n - selinux: Add __GFP_NOWARN to allocation at str_read() (bsc#1051510).\n\n - selinux: fix GPF on invalid policy (bsc#1051510).\n\n - serial: imx: fix error handling in console_setup (bsc#1051510).\n\n - serial: set suppress_bind_attrs flag only if builtin (bsc#1051510).\n\n - serial/sunsu: fix refcount leak (bsc#1051510).\n\n - serial: uartps: Fix interrupt mask issue to handle the RX interrupts properly (bsc#1051510).\n\n - shmem: introduce shmem_inode_acct_block (VM Functionality, bsc#1121599).\n\n - shmem: shmem_charge: verify max_block is not exceeded before inode update (VM Functionality, bsc#1121599).\n\n - signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init (git-fixes).\n\n - slab: alien caches must not be initialized if the allocation of the alien cache failed (git fixes (mm/slab)).\n\n - smb3.1.1 dialect is no longer experimental (bsc#1051510).\n\n - smb311: Fix reconnect (bsc#1051510).\n\n - smb3: Add support for multidialect negotiate (SMB2.1 and later) (bsc#1051510).\n\n - smb3: allow stats which track session and share reconnects to be reset (bsc#1051510).\n\n - smb3: Backup intent flag missing for directory opens with backupuid mounts (bsc#1051510).\n\n - smb3: check for and properly advertise directory lease support (bsc#1051510).\n\n - smb3: directory sync should not return an error (bsc#1051510).\n\n - smb3: do not attempt cifs operation in smb3 query info error path (bsc#1051510).\n\n - smb3: do not request leases in symlink creation and query (bsc#1051510).\n\n - smb3: Do not send SMB3 SET_INFO if nothing changed (bsc#1051510).\n\n - smb3: enumerating snapshots was leaving part of the data off end (bsc#1051510).\n\n - smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510).\n\n - smb3: Fix root directory when server returns inode number of zero (bsc#1051510).\n\n - smb3: fix various xid leaks (bsc#1051510).\n\n - smb3: Improve security, move default dialect to SMB3 from old CIFS (bsc#1051510).\n\n - smb3: on kerberos mount if server does not specify auth type use krb5 (bsc#1051510).\n\n - smb3: Remove ifdef since SMB3 (and later) now STRONGLY preferred (bsc#1051510).\n\n - smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510).\n\n - staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1 (bsc#1051510).\n\n - sunrpc: correct the computation for page_ptr when truncating (git-fixes).\n\n - sunrpc: Fix a potential race in xprt_connect() (git-fixes).\n\n - sunrpc: Fix leak of krb5p encode pages (git-fixes).\n\n - sunrpc: handle ENOMEM in rpcb_getport_async (git-fixes).\n\n - sunrpc: safely reallow resvport min/max inversion (git-fixes).\n\n - tcp: Do not underestimate rwnd_limited (networking-stable-18_12_12).\n\n - tcp: fix a race in inet_diag_dump_icsk() (networking-stable-19_01_04).\n\n - tcp: fix NULL ref in tail loss probe (networking-stable-18_12_12).\n\n - tcp: lack of available data can also cause TSO defer (git-fixes).\n\n - thermal: int340x_thermal: Fix a NULL vs IS_ERR() check (bsc#1051510).\n\n - tipc: compare remote and local protocols in tipc_udp_enable() (networking-stable-19_01_04).\n\n - tipc: fix a double kfree_skb() (networking-stable-19_01_04).\n\n - tipc: use lock_sock() in tipc_sk_reinit() (networking-stable-19_01_04).\n\n - tools/lib/lockdep: Rename 'trywlock' into 'trywrlock' (bsc#1121973).\n\n - tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bsc#1051510).\n\n - tty: Handle problem if line discipline does not have receive_buf (bsc#1051510).\n\n - tty/n_hdlc: fix __might_sleep warning (bsc#1051510).\n\n - tty/serial: do not free trasnmit buffer page under port lock (bsc#1051510).\n\n - tun: forbid iface creation with rtnl ops (networking-stable-18_12_12).\n\n - uart: Fix crash in uart_write and uart_put_char (bsc#1051510).\n\n - usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB (bsc#1120902).\n\n - usb: cdc-acm: send ZLP for Telit 3G Intel based modems (bsc#1120902).\n\n - usb: dwc3: gadget: Clear req->needs_extra_trb flag on cleanup (bsc#1120902).\n\n - usb: dwc3: trace: add missing break statement to make compiler happy (bsc#1120902).\n\n - usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2 (networking-stable-18_12_03).\n\n - usb: serial: option: add Fibocom NL678 series (bsc#1120902).\n\n - usb: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays (bsc#1120902).\n\n - usb: storage: add quirk for SMI SM3350 (bsc#1120902).\n\n - usb: storage: do not insert sane sense for SPC3+ when bad sense specified (bsc#1120902).\n\n - usb: xhci: fix 'broken_suspend' placement in struct xchi_hcd (bsc#1119086).\n\n - vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505).\n\n - vhost: make sure used idx is seen before log in vhost_add_used_n() (networking-stable-19_01_04).\n\n - virtio-net: fail XDP set if guest csum is negotiated (networking-stable-18_12_03).\n\n - virtio-net: keep vnet header zeroed after processing XDP (networking-stable-18_12_12).\n\n - vsock: Send reset control packet when socket is partially bound (networking-stable-19_01_04).\n\n - vt: invoke notifier on screen size change (bsc#1051510).\n\n - watchdog: w83627hf_wdt: Add quirk for Inves system (bsc#1106434).\n\n - writeback: do not decrement wb->refcnt if !wb->bdi (git fixes (writeback)).\n\n - x86/bugs: Add AMD's variant of SSB_NO (bsc#1114279).\n\n - x86/bugs: Update when to check for the LS_CFG SSBD mitigation (bsc#1114279).\n\n - x86/kvmclock: set pvti_cpu0_va after enabling kvmclock (bsc#1098382).\n\n - x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out() (bsc#1114279).\n\n - x86/microcode/amd: Do not falsely trick the late loading mechanism (bsc#1114279).\n\n - x86/mm: Drop usage of __flush_tlb_all() in kernel_physical_mapping_init() (bsc#1114279).\n\n - x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE (bsc#1114279).\n\n - x86/pvclock: add setter for pvclock_pvti_cpu0_va (bsc#1098382).\n\n - x86/resctrl: Fix rdt_find_domain() return value and checks (bsc#1114279).\n\n - x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC variant (bsc#1114279).\n\n - x86/speculation: Remove redundant arch_smt_update() invocation (bsc#1114279).\n\n - x86/xen/time: Output xen sched_clock time from 0 (bsc#1098382).\n\n - x86/xen/time: set pvclock flags on xen_time_init() (bsc#1098382).\n\n - x86/xen/time: setup vcpu 0 time info page (bsc#1098382).\n\n - xen: Fix x86 sched_clock() interface for xen (bsc#1098382).\n\n - xhci: Add quirk to zero 64bit registers on Renesas PCIe controllers (bsc#1120854).\n\n - xhci: workaround CSS timeout on AMD SNPS 3.0 xHC (bsc#1119086).\n\n - xprtrdma: Reset credit grant properly after a disconnect (git-fixes).", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-19T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2019-203)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20669", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-6974", "CVE-2019-7221", "CVE-2019-7222"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-203.NASL", "href": "https://www.tenable.com/plugins/nessus/122303", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-203.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122303);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-20669\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-6974\", \"CVE-2019-7221\", \"CVE-2019-7222\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2019-203)\");\n script_summary(english:\"Check for the openSUSE-2019-203 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 15.0 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2019-3459,CVE-2019-3460: Two information leaks in\n the bluetooth stack were fixed. (bnc#1120758).\n\n - CVE-2019-7221: A use-after-free in the KVM nVMX hrtimer\n was fixed. (bnc#1124732).\n\n - CVE-2019-7222: A information leak in exception handling\n in KVM could be used to expose host memory to guests.\n (bnc#1124735).\n\n - CVE-2019-6974: A use-after-free in the KVM device\n control API was fixed. (bnc#1124728).\n\n - CVE-2018-20669: Missing access control checks in ioctl\n of gpu/drm/i915 driver were fixed which might have lead\n to information leaks. (bnc#1122971).\n\nThe following non-security bugs were fixed :\n\n - 6lowpan: iphc: reset mac_header after decompress to fix\n panic (bsc#1051510).\n\n - 9p: clear dangling pointers in p9stat_free\n (bsc#1051510).\n\n - 9p locks: fix glock.client_id leak in do_lock\n (bsc#1051510).\n\n - 9p/net: put a lower bound on msize (bsc#1051510).\n\n - acpi/nfit: Block function zero DSMs (bsc#1051510).\n\n - acpi, nfit: Fix Address Range Scrub completion tracking\n (bsc#1124969).\n\n - acpi/nfit: Fix command-supported detection\n (bsc#1051510).\n\n - acpi/nfit: Fix race accessing memdev in\n nfit_get_smbios_id() (bsc#1122662).\n\n - acpi/nfit: Fix user-initiated ARS to be 'ARS-long'\n rather than 'ARS-short' (bsc#1124969).\n\n - ACPI: power: Skip duplicate power resource references in\n _PRx (bsc#1051510).\n\n - Add delay-init quirk for Corsair K70 RGB keyboards\n (bsc#1087092).\n\n - af_iucv: Move sockaddr length checks to before accessing\n sa_family in bind and connect handlers (bsc#1051510).\n\n - alsa: bebob: fix model-id of unit for Apogee Ensemble\n (bsc#1051510).\n\n - alsa: compress: Fix stop handling on compressed capture\n streams (bsc#1051510).\n\n - alsa: hda - Add mute LED support for HP ProBook 470 G5\n (bsc#1051510).\n\n - alsa: hda/ca0132 - Fix build error without CONFIG_PCI\n (bsc#1051510).\n\n - alsa: hda/realtek - Fixed hp_pin no value (bsc#1051510).\n\n - alsa: hda/realtek - Fix lose hp_pins for disable auto\n mute (bsc#1051510).\n\n - alsa: hda/realtek - Use a common helper for hp pin\n reference (bsc#1051510).\n\n - alsa: hda - Serialize codec registrations (bsc#1122944).\n\n - alsa: hda - Use standard device registration for beep\n (bsc#1122944).\n\n - alsa: oxfw: add support for APOGEE duet FireWire\n (bsc#1051510).\n\n - alsa: usb-audio: Add Opus #3 to quirks for native DSD\n support (bsc#1051510).\n\n - alsa: usb-audio: Add support for new T+A USB DAC\n (bsc#1051510).\n\n - amd-xgbe: Fix mdio access for non-zero ports and clause\n 45 PHYs (bsc#1122927).\n\n - arm: 8802/1: Call syscall_trace_exit even when system\n call skipped (bsc#1051510).\n\n - arm: 8814/1: mm: improve/fix ARM v7_dma_inv_range()\n unaligned address handling (bsc#1051510).\n\n - arm: 8815/1: V7M: align v7m_dma_inv_range() with v7\n counterpart (bsc#1051510).\n\n - arm/arm64: kvm:vgic: Force VM halt when changing the\n active state of GICv3 PPIs/SGIs (bsc#1051510).\n\n - arm: cns3xxx: Fix writing to wrong PCI config registers\n after alignment (bsc#1051510).\n\n - arm: cns3xxx: Use actual size reads for PCIe\n (bsc#1051510).\n\n - arm: imx: update the cpu power up timing setting on\n i.mx6sx (bsc#1051510).\n\n - arm: kvm:Fix VTTBR_BADDR_MASK BUG_ON off-by-one\n (bsc#1051510).\n\n - arm: mmp/mmp2: fix cpu_is_mmp2() on mmp2-dt\n (bsc#1051510).\n\n - arm: OMAP1: ams-delta: Fix possible use of uninitialized\n field (bsc#1051510).\n\n - arm: OMAP2+: prm44xx: Fix section annotation on\n omap44xx_prm_enable_io_wakeup (bsc#1051510).\n\n - ASoC: dma-sh7760: cleanup a debug printk (bsc#1051510).\n\n - ASoC: rt5514-spi: Fix potential NULL pointer dereference\n (bsc#1051510).\n\n - ax25: fix a use-after-free in ax25_fillin_cb()\n (networking-stable-19_01_04).\n\n - be2net: do not flip hw_features when VXLANs are\n added/deleted (bsc#1050252).\n\n - blkdev: avoid migration stalls for blkdev pages\n (bsc#1084216).\n\n - blk-mq: fix kernel oops in blk_mq_tag_idle()\n (bsc#1051510).\n\n - block: break discard submissions into the user defined\n size (git-fixes).\n\n - block: cleanup __blkdev_issue_discard() (git-fixes).\n\n - block: do not deal with discard limit in\n blkdev_issue_discard() (git-fixes).\n\n - block: fix 32 bit overflow in __blkdev_issue_discard()\n (git-fixes).\n\n - block: fix infinite loop if the device loses discard\n capability (git-fixes).\n\n - block: make sure discard bio is aligned with logical\n block size (git-fixes).\n\n - block: make sure writesame bio is aligned with logical\n block size (git-fixes).\n\n - block/swim3: Fix -EBUSY error when re-opening device\n after unmount (git-fixes).\n\n - bnx2x: Assign unique DMAE channel number for FW DMAE\n transactions (bsc#1086323).\n\n - bnx2x: Clear fip MAC when fcoe offload support is\n disabled (bsc#1086323).\n\n - bnx2x: Fix NULL pointer dereference in\n bnx2x_del_all_vlans() on some hw (bsc#1086323).\n\n - bnx2x: Remove configured vlans as part of unload\n sequence (bsc#1086323).\n\n - bnx2x: Send update-svid ramrod with retry/poll flags\n enabled (bsc#1086323).\n\n - bonding: update nest level on unlink (git-fixes).\n\n - bsg: allocate sense buffer if requested (bsc#1106811).\n\n - btrfs: qgroup: Fix root item corruption when multiple\n same source snapshots are created with quota enabled\n (bsc#1122324).\n\n - can: bcm: check timer values before ktime conversion\n (bsc#1051510).\n\n - can: dev: __can_get_echo_skb(): fix bogous check for\n non-existing skb by removing it (bsc#1051510).\n\n - can: gw: ensure DLC boundaries after CAN frame\n modification (bsc#1051510).\n\n - cdc-acm: fix abnormal DATA RX issue for Mediatek\n Preloader (bsc#1051510).\n\n - char/mwave: fix potential Spectre v1 vulnerability\n (bsc#1051510).\n\n - checkstack.pl: fix for aarch64 (bsc#1051510).\n\n - cifs: add missing debug entries for kconfig options\n (bsc#1051510).\n\n - cifs: add missing support for ACLs in SMB 3.11\n (bsc#1051510).\n\n - cifs: add sha512 secmech (bsc#1051510).\n\n - cifs: Add support for reading attributes on SMB2+\n (bsc#1051510).\n\n - cifs: Add support for writing attributes on SMB2+\n (bsc#1051510).\n\n - cifs: do not log STATUS_NOT_FOUND errors for DFS\n (bsc#1051510).\n\n - cifs: Do not modify mid entry after submitting I/O in\n cifs_call_async (bsc#1051510).\n\n - cifs: Fix error mapping for SMB2_LOCK command which\n caused OFD lock problem (bsc#1051510).\n\n - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510).\n\n - cifs: fix return value for cifs_listxattr (bsc#1051510).\n\n - cifs: Fix separator when building path from dentry\n (bsc#1051510).\n\n - cifs: fix set info (bsc#1051510).\n\n - cifs: fix sha512 check in cifs_crypto_secmech_release\n (bsc#1051510).\n\n - cifs: fix wrapping bugs in num_entries() (bsc#1051510).\n\n - cifs: For SMB2 security informaion query, check for\n minimum sized security descriptor instead of sizeof\n FileAllInformation class (bsc#1051510).\n\n - cifs: hide unused functions (bsc#1051510).\n\n - cifs: hide unused functions (bsc#1051510).\n\n - cifs: implement v3.11 preauth integrity (bsc#1051510).\n\n - cifs: make 'nodfs' mount opt a superblock flag\n (bsc#1051510).\n\n - cifs: prevent integer overflow in nxt_dir_entry()\n (bsc#1051510).\n\n - cifs: prototype declaration and definition for smb 2 - 3\n and cifsacl mount options (bsc#1051510).\n\n - cifs: prototype declaration and definition to set acl\n for smb 2 - 3 and cifsacl mount options (bsc#1051510).\n\n - cifs: refactor crypto shash/sdesc allocation&free\n (bsc#1051510).\n\n - cifs: smb2ops: Fix listxattr() when there are no EAs\n (bsc#1051510).\n\n - cifs: Use smb 2 - 3 and cifsacl mount options getacl\n functions (bsc#1051510).\n\n - cifs: Use smb 2 - 3 and cifsacl mount options setacl\n function (bsc#1051510).\n\n - cifs: Use ULL suffix for 64-bit constant (bsc#1051510).\n\n - clk: imx6q: reset exclusive gates on init (bsc#1051510).\n\n - clk: rockchip: fix typo in rk3188 spdif_frac parent\n (bsc#1051510).\n\n - clk: sunxi-ng: enable so-said LDOs for A64 SoC's\n pll-mipi clock (bsc#1051510).\n\n - clk: sunxi-ng: h3/h5: Fix CSI_MCLK parent (bsc#1051510).\n\n - cpufreq: imx6q: add return value check for voltage scale\n (bsc#1051510).\n\n - Cramfs: fix abad comparison when wrap-arounds occur\n (bsc#1051510).\n\n - crypto: authencesn - Avoid twice completion call in\n decrypt path (bsc#1051510).\n\n - crypto: authenc - fix parsing key with misaligned\n rta_len (bsc#1051510).\n\n - crypto: bcm - convert to use\n crypto_authenc_extractkeys() (bsc#1051510).\n\n - crypto: caam - fix zero-length buffer DMA mapping\n (bsc#1051510).\n\n - crypto: user - support incremental algorithm dumps\n (bsc#1120902).\n\n - dlm: fixed memory leaks after failed ls_remove_names\n allocation (bsc#1051510).\n\n - dlm: lost put_lkb on error path in receive_convert() and\n receive_unlock() (bsc#1051510).\n\n - dlm: memory leaks on error path in dlm_user_request()\n (bsc#1051510).\n\n - dlm: possible memory leak on error path in create_lkb()\n (bsc#1051510).\n\n - dmaengine: at_hdmac: fix memory leak in at_dma_xlate()\n (bsc#1051510).\n\n - dmaengine: at_hdmac: fix module unloading (bsc#1051510).\n\n - dmaengine: dma-jz4780: Return error if not probed from\n DT (bsc#1051510).\n\n - dmaengine: dw: Fix FIFO size for Intel Merrifield\n (bsc#1051510).\n\n - dmaengine: xilinx_dma: Remove __aligned attribute on\n zynqmp_dma_desc_ll (bsc#1051510).\n\n - dm cache metadata: verify cache has blocks in\n blocks_are_clean_separate_dirty() (git-fixes).\n\n - dm: call blk_queue_split() to impose device limits on\n bios (git-fixes).\n\n - dm: do not allow readahead to limit IO size (git-fixes).\n\n - dm thin: send event about thin-pool state change _after_\n making it (git-fixes).\n\n - dm zoned: Fix target BIO completion handling\n (git-fixes).\n\n - Do not log expected error on DFS referral request\n (bsc#1051510).\n\n - driver core: Move async_synchronize_full call\n (bsc#1051510).\n\n - drivers: core: Remove glue dirs from sysfs earlier\n (bsc#1051510).\n\n - drivers/misc/sgi-gru: fix Spectre v1 vulnerability\n (bsc#1051510).\n\n - drivers/net/ethernet/qlogic/qed/qed_rdma.h: fix typo\n (bsc#1086314 bsc#1086313 bsc#1086301 ).\n\n - drivers/sbus/char: add of_node_put() (bsc#1051510).\n\n - drivers/tty: add missing of_node_put() (bsc#1051510).\n\n - drm/fb-helper: Ignore the value of\n fb_var_screeninfo.pixclock (bsc#1113722)\n\n - drm/fb-helper: Partially bring back workaround for bugs\n of SDL 1.2 (bsc#1113722)\n\n - drm/i915/gvt: Fix mmap range check (bsc#1120902)\n\n - drm/nouveau/tmr: detect stalled gpu timer and break out\n of waits (bsc#1123538).\n\n - drm/vmwgfx: Fix setting of dma masks (bsc#1120902)\n\n - drm/vmwgfx: Return error code from\n vmw_execbuf_copy_fence_user (bsc#1120902)\n\n - e1000e: allow non-monotonic SYSTIM readings\n (bsc#1051510).\n\n - exportfs: do not read dentry after free (bsc#1051510).\n\n - ext4: Fix crash during online resizing (bsc#1122779).\n\n - fanotify: fix handling of events on child sub-directory\n (bsc#1122019).\n\n - fat: validate ->i_start before using (bsc#1051510).\n\n - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y\n (bsc#1051510).\n\n - fork: do not copy inconsistent signal handler state to\n child (bsc#1051510).\n\n - fork: record start_time late (git-fixes).\n\n - fork: unconditionally clear stack on fork (git-fixes).\n\n - fs/cifs: require sha512 (bsc#1051510).\n\n - gpio: altera-a10sr: Set proper output level for\n direction_output (bsc#1051510).\n\n - gpio: pcf857x: Fix interrupts on multiple instances\n (bsc#1051510).\n\n - gpio: pl061: handle failed allocations (bsc#1051510).\n\n - gpio: pl061: Move irq_chip definition inside struct\n pl061 (bsc#1051510).\n\n - gpio: vf610: Mask all GPIO interrupts (bsc#1051510).\n\n - gro_cell: add napi_disable in gro_cells_destroy\n (networking-stable-19_01_04).\n\n - hfs: do not free node before using (bsc#1051510).\n\n - hfsplus: do not free node before using (bsc#1051510).\n\n - hfsplus: prevent btree data loss on root split\n (bsc#1051510).\n\n - hfs: prevent btree data loss on root split\n (bsc#1051510).\n\n - i2c: dev: prevent adapter retries and timeout being set\n as minus value (bsc#1051510).\n\n - i40e: fix mac filter delete when setting mac address\n (bsc#1056658 bsc#1056662).\n\n - i40e: report correct statistics when XDP is enabled\n (bsc#1056658 bsc#1056662).\n\n - i40e: restore NETIF_F_GSO_IPXIP to netdev features\n (bsc#1056658 bsc#1056662).\n\n - ibmveth: Do not process frames after calling\n napi_reschedule (bcs#1123357).\n\n - ibmveth: fix DMA unmap error in ibmveth_xmit_start error\n path (networking-stable-19_01_04).\n\n - ibmvnic: Add ethtool private flag for driver-defined\n queue limits (bsc#1121726).\n\n - ibmvnic: Increase maximum queue size limit\n (bsc#1121726).\n\n - ibmvnic: Introduce driver limits for ring sizes\n (bsc#1121726).\n\n - ide: pmac: add of_node_put() (bsc#1051510).\n\n - ieee802154: lowpan_header_create check must check daddr\n (networking-stable-19_01_04).\n\n - input: elan_i2c - add ACPI ID for touchpad in ASUS\n Aspire F5-573G (bsc#1051510).\n\n - input: omap-keypad - fix idle configuration to not block\n SoC idle states (bsc#1051510).\n\n - input: raspberrypi-ts - fix link error (git-fixes).\n\n - input: restore EV_ABS ABS_RESERVED (bsc#1051510).\n\n - input: synaptics - enable RMI on ThinkPad T560\n (bsc#1051510).\n\n - input: synaptics - enable SMBus for HP EliteBook 840 G4\n (bsc#1051510).\n\n - input: xpad - add support for SteelSeries Stratus Duo\n (bsc#1111666).\n\n - iommu/amd: Call free_iova_fast with pfn in map_sg\n (bsc#1106105).\n\n - iommu/amd: Fix IOMMU page flush when detach device from\n a domain (bsc#1106105).\n\n - iommu/amd: Unmap all mapped pages in error path of\n map_sg (bsc#1106105).\n\n - iommu/vt-d: Fix memory leak in\n intel_iommu_put_resv_regions() (bsc#1106105).\n\n - ip6mr: Fix potential Spectre v1 vulnerability\n (networking-stable-19_01_04).\n\n - ipmi:pci: Blacklist a Realtek 'IPMI' device (git-fixes).\n\n - ipmi:ssif: Fix handling of multi-part return messages\n (bsc#1051510).\n\n - ip: on queued skb use skb_header_pointer instead of\n pskb_may_pull (git-fixes).\n\n - ipv4: Fix potential Spectre v1 vulnerability\n (networking-stable-19_01_04).\n\n - ipv4: ipv6: netfilter: Adjust the frag mem limit when\n truesize changes (networking-stable-18_12_12).\n\n - ipv6: Check available headroom in ip6_xmit() even\n without options (networking-stable-18_12_12).\n\n - ipv6: explicitly initialize udp6_addr in\n udp_sock_create6() (networking-stable-19_01_04).\n\n - ipv6: sr: properly initialize flowi6 prior passing to\n ip6_route_output (networking-stable-18_12_12).\n\n - ipv6: tunnels: fix two use-after-free\n (networking-stable-19_01_04).\n\n - ip: validate header length on virtual device xmit\n (networking-stable-19_01_04).\n\n - iscsi target: fix session creation failure handling\n (bsc#1051510).\n\n - isdn: fix kernel-infoleak in capi_unlocked_ioctl\n (bsc#1051510).\n\n - iwlwifi: fix non_shared_ant for 22000 devices\n (bsc#1119086).\n\n - iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE (bsc#1119086).\n\n - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT to old\n firmwares (bsc#1119086).\n\n - jffs2: Fix use of uninitialized delayed_work, lockdep\n breakage (bsc#1051510).\n\n - kABI: fix xhci kABI stability (bsc#1119086).\n\n - kABI: protect struct sctp_association (kabi).\n\n - kABI workaround for deleted\n snd_hda_register_beep_device() (bsc#1122944).\n\n - kABI workaround for snd_hda_bus.bus_probing addition\n (bsc#1122944).\n\n - kdb: use memmove instead of overlapping memcpy\n (bsc#1120954).\n\n - kernel/exit.c: release ptraced tasks before\n zap_pid_ns_processes (git-fixes).\n\n - kvm: arm/arm64: Properly protect VGIC locks from IRQs\n (bsc#1117155).\n\n - kvm: arm/arm64: VGIC/ITS: Promote irq_lock() in\n update_affinity (bsc#1117155).\n\n - kvm: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls\n with SRCU lock (bsc#1117155).\n\n - kvm: arm/arm64: VGIC/ITS save/restore: protect\n kvm_read_guest() calls (bsc#1117155).\n\n - kvm: PPC: Book3S PR: Set hflag to indicate that POWER9\n supports 1T segments (bsc#1124589).\n\n - kvm: sev: Fail KVM_SEV_INIT if already initialized\n (bsc#1114279).\n\n - kvm: x86: fix L1TF's MMIO GFN calculation (bsc#1124204).\n\n - lan78xx: Resolve issue with changing MAC address\n (bsc#1051510).\n\n - libertas_tf: prevent underflow in process_cmdrequest()\n (bsc#1119086).\n\n - lib/rbtree-test: lower default params (git-fixes).\n\n - lockd: fix access beyond unterminated strings in prints\n (git-fixes).\n\n - LSM: Check for NULL cred-security on free (bsc#1051510).\n\n - md: fix raid10 hang issue caused by barrier (git-fixes).\n\n - media: firewire: Fix app_info parameter type in\n avc_ca(,_app)_info (bsc#1051510).\n\n - media: usb: pwc: Do not use coherent DMA buffers for ISO\n transfer (bsc#1054610).\n\n - media: v4l2-tpg: array index could become negative\n (bsc#1051510).\n\n - media: v4l: ioctl: Validate num_planes for debug\n messages (bsc#1051510).\n\n - media: vb2: be sure to unlock mutex on errors\n (bsc#1051510).\n\n - media: vb2: vb2_mmap: move lock up (bsc#1051510).\n\n - media: vivid: fix error handling of kthread_run\n (bsc#1051510).\n\n - media: vivid: free bitmap_cap when updating\n std/timings/etc (bsc#1051510).\n\n - media: vivid: set min width/height to a value > 0\n (bsc#1051510).\n\n - mfd: ab8500-core: Return zero in\n get_register_interruptible() (bsc#1051510).\n\n - mfd: tps6586x: Handle interrupts on suspend\n (bsc#1051510).\n\n - misc: atmel-ssc: Fix section annotation on\n atmel_ssc_get_driver_data (bsc#1051510).\n\n - misc: hmc6352: fix potential Spectre v1 (bsc#1051510).\n\n - misc: mic/scif: fix copy-paste error in\n scif_create_remote_lookup (bsc#1051510).\n\n - misc: mic: SCIF Fix scif_get_new_port() error handling\n (bsc#1051510).\n\n - misc: sram: enable clock before registering regions\n (bsc#1051510).\n\n - misc: sram: fix resource leaks in probe error path\n (bsc#1051510).\n\n - misc: ti-st: Fix memory leak in the error path of\n probe() (bsc#1051510).\n\n - misc: vexpress: Off by one in vexpress_syscfg_exec()\n (bsc#1051510).\n\n - mmc: atmel-mci: do not assume idle after\n atmci_request_end (bsc#1051510).\n\n - mmc: bcm2835: Fix DMA channel leak on probe error\n (bsc#1051510).\n\n - mmc: dw_mmc-bluefield: : Fix the license information\n (bsc#1051510).\n\n - mmc: sdhci-iproc: handle mmc_of_parse() errors during\n probe (bsc#1051510).\n\n - mm/huge_memory: fix lockdep complaint on 32-bit\n i_size_read() (VM Functionality, bsc#1121599).\n\n - mm/huge_memory: rename freeze_page() to unmap_page() (VM\n Functionality, bsc#1121599).\n\n - mm/huge_memory: splitting set mapping+index before\n unfreeze (VM Functionality, bsc#1121599).\n\n - mm/khugepaged: collapse_shmem() do not crash on Compound\n (VM Functionality, bsc#1121599).\n\n - mm/khugepaged: collapse_shmem() remember to clear holes\n (VM Functionality, bsc#1121599).\n\n - mm/khugepaged: collapse_shmem() stop if punched or\n truncated (VM Functionality, bsc#1121599).\n\n - mm/khugepaged: collapse_shmem() without freezing\n new_page (VM Functionality, bsc#1121599).\n\n - mm/khugepaged: fix crashes due to misaccounted holes (VM\n Functionality, bsc#1121599).\n\n - mm/khugepaged: minor reorderings in collapse_shmem() (VM\n Functionality, bsc#1121599).\n\n - mm: migrate: lock buffers before\n migrate_page_move_mapping() (bsc#1084216).\n\n - mm: migrate: Make buffer_migrate_page_norefs() actually\n succeed (bsc#1084216)\n\n - mm: migrate: provide buffer_migrate_page_norefs()\n (bsc#1084216).\n\n - mm: migration: factor out code to compute expected\n number of page references (bsc#1084216).\n\n - Move the upstreamed HD-audio fix into sorted section\n\n - mpt3sas: check sense buffer before copying sense data\n (bsc#1106811).\n\n - neighbour: Avoid writing before skb->head in\n neigh_hh_output() (networking-stable-18_12_12).\n\n - net: 8139cp: fix a BUG triggered by changing mtu with\n network traffic (networking-stable-18_12_12).\n\n - net: core: Fix Spectre v1 vulnerability\n (networking-stable-19_01_04).\n\n - net/hamradio/6pack: use mod_timer() to rearm timers\n (networking-stable-19_01_04).\n\n - net: hns3: add error handler for\n hns3_nic_init_vector_data() (bsc#1104353).\n\n - net: hns3: add handling for big TX fragment (bsc#1104353\n ).\n\n - net: hns3: Fix client initialize state issue when roce\n client initialize failed (bsc#1104353).\n\n - net: hns3: Fix for loopback selftest failed problem\n (bsc#1104353 ).\n\n - net: hns3: fix for multiple unmapping DMA problem\n (bsc#1104353 ).\n\n - net: hns3: Fix tc setup when netdev is first up\n (bsc#1104353 ).\n\n - net: hns3: Fix tqp array traversal condition for vf\n (bsc#1104353 ).\n\n - net: hns3: move DMA map into hns3_fill_desc (bsc#1104353\n ).\n\n - net: hns3: remove hns3_fill_desc_tso (bsc#1104353).\n\n - net: hns3: rename hns_nic_dma_unmap (bsc#1104353).\n\n - net: hns3: rename the interface for init_client_instance\n and uninit_client_instance (bsc#1104353).\n\n - net: macb: restart tx after tx used bit read\n (networking-stable-19_01_04).\n\n - net/mlx4_en: Change min MTU size to ETH_MIN_MTU\n (networking-stable-18_12_12).\n\n - net/mlx5e: Remove the false indication of software\n timestamping support (networking-stable-19_01_04).\n\n - net/mlx5: Typo fix in del_sw_hw_rule\n (networking-stable-19_01_04).\n\n - net: phy: do not allow __set_phy_supported to add\n unsupported modes (networking-stable-18_12_12).\n\n - net: phy: Fix the issue that netif always links up after\n resuming (networking-stable-19_01_04).\n\n - netrom: fix locking in nr_find_socket()\n (networking-stable-19_01_04).\n\n - net: skb_scrub_packet(): Scrub offload_fwd_mark\n (networking-stable-18_12_03).\n\n - net/smc: fix TCP fallback socket release\n (networking-stable-19_01_04).\n\n - net: stmmac: Fix PCI module removal leak (git-fixes).\n\n - net: thunderx: set tso_hdrs pointer to NULL in\n nicvf_free_snd_queue (networking-stable-18_12_03).\n\n - net: thunderx: set xdp_prog to NULL if bpf_prog_add\n fails (networking-stable-18_12_03).\n\n - net/wan: fix a double free in x25_asy_open_tty()\n (networking-stable-19_01_04).\n\n - nfsd: COPY and CLONE operations require the saved\n filehandle to be set (git-fixes).\n\n - nfsd: Fix an Oops in free_session() (git-fixes).\n\n - nfs: Fix a missed page unlock after pg_doio()\n (git-fixes).\n\n - NFS: Fix up return value on fatal errors in\n nfs_page_async_flush() (git-fixes).\n\n - NFSv4.1: Fix the r/wsize checking (git-fixes).\n\n - NFSv4: Do not exit the state manager without clearing\n NFS4CLNT_MANAGER_RUNNING (git-fixes).\n\n - nvme-multipath: round-robin I/O policy (bsc#1110705).\n\n - omap2fb: Fix stack memory disclosure (bsc#1120902)\n\n - packet: Do not leak dev refcounts on error exit\n (git-fixes).\n\n - packet: validate address length if non-zero\n (networking-stable-19_01_04).\n\n - packet: validate address length\n (networking-stable-19_01_04).\n\n - PCI: Disable broken RTIT_BAR of Intel TH (bsc#1120318).\n\n - phonet: af_phonet: Fix Spectre v1 vulnerability\n (networking-stable-19_01_04).\n\n - platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34\n scan codes (bsc#1051510).\n\n - platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK\n (bsc#1051510).\n\n - platform/x86: asus-wmi: Tell the EC the OS will handle\n the display off hotkey (bsc#1051510).\n\n - powerpc: Always save/restore checkpointed regs during\n treclaim/trecheckpoint (bsc#1118338).\n\n - powerpc/cacheinfo: Report the correct shared_cpu_map on\n big-cores (bsc#1109695).\n\n - powerpc: Detect the presence of big-cores via 'ibm,\n thread-groups' (bsc#1109695).\n\n - powerpc: make use of for_each_node_by_type() instead of\n open-coding it (bsc#1109695).\n\n - powerpc/powernv: Clear LPCR[PECE1] via stop-api only for\n deep state offline (bsc#1119766, bsc#1055121).\n\n - powerpc/powernv: Clear PECE1 in LPCR via stop-api only\n on Hotplug (bsc#1119766, bsc#1055121).\n\n - powerpc: Remove facility loadups on transactional (fp,\n vec, vsx) unavailable (bsc#1118338).\n\n - powerpc: Remove redundant FP/Altivec giveup code\n (bsc#1118338).\n\n - powerpc/setup: Add cpu_to_phys_id array (bsc#1109695).\n\n - powerpc/smp: Add cpu_l2_cache_map (bsc#1109695).\n\n - powerpc/smp: Add Power9 scheduler topology\n (bsc#1109695).\n\n - powerpc/smp: Rework CPU topology construction\n (bsc#1109695).\n\n - powerpc/smp: Use cpu_to_chip_id() to find core siblings\n (bsc#1109695).\n\n - powerpc/tm: Avoid machine crash on rt_sigreturn\n (bsc#1118338).\n\n - powerpc/tm: Do not check for WARN in TM Bad Thing\n handling (bsc#1118338).\n\n - powerpc/tm: Fix comment (bsc#1118338).\n\n - powerpc/tm: Fix endianness flip on trap (bsc#1118338).\n\n - powerpc/tm: Fix HFSCR bit for no suspend case\n (bsc#1118338).\n\n - powerpc/tm: Fix HTM documentation (bsc#1118338).\n\n - powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM\n (bsc#1118338).\n\n - powerpc/tm: P9 disable transactionally suspended\n sigcontexts (bsc#1118338).\n\n - powerpc/tm: Print 64-bits MSR (bsc#1118338).\n\n - powerpc/tm: Print scratch value (bsc#1118338).\n\n - powerpc/tm: Reformat comments (bsc#1118338).\n\n - powerpc/tm: Remove msr_tm_active() (bsc#1118338).\n\n - powerpc/tm: Remove struct thread_info param from\n tm_reclaim_thread() (bsc#1118338).\n\n - powerpc/tm: Save MSR to PACA before RFID (bsc#1118338).\n\n - powerpc/tm: Set MSR[TS] just prior to recheckpoint\n (bsc#1118338, bsc#1120955).\n\n - powerpc/tm: Unset MSR[TS] if not recheckpointing\n (bsc#1118338).\n\n - powerpc/tm: Update function prototype comment\n (bsc#1118338).\n\n - powerpc: Use cpu_smallcore_sibling_mask at SMT level on\n bigcores (bsc#1109695).\n\n - powerpc/xmon: Fix invocation inside lock region\n (bsc#1122885).\n\n - pstore/ram: Avoid allocation and leak of platform data\n (bsc#1051510).\n\n - pstore/ram: Avoid NULL deref in ftrace merging failure\n path (bsc#1051510).\n\n - pstore/ram: Correctly calculate usable PRZ bytes\n (bsc#1051510).\n\n - pstore/ram: Do not treat empty buffers as valid\n (bsc#1051510).\n\n - ptp_kvm: probe for kvm guest availability (bsc#1098382).\n\n - ptr_ring: wrap back ->producer in\n __ptr_ring_swap_queue() (networking-stable-19_01_04).\n\n - qed: Avoid constant logical operation warning in\n qed_vf_pf_acquire (bsc#1086314 bsc#1086313 bsc#1086301).\n\n - qed: Avoid implicit enum conversion in\n qed_iwarp_parse_rx_pkt (bsc#1086314 bsc#1086313\n bsc#1086301 ).\n\n - qed: Avoid implicit enum conversion in\n qed_roce_mode_to_flavor (bsc#1086314 bsc#1086313\n bsc#1086301 ).\n\n - qed: Avoid implicit enum conversion in\n qed_set_tunn_cls_info (bsc#1086314 bsc#1086313\n bsc#1086301 ).\n\n - qed: Fix an error code qed_ll2_start_xmit() (bsc#1086314\n bsc#1086313 bsc#1086301).\n\n - qed: Fix bitmap_weight() check (bsc#1086314 bsc#1086313\n bsc#1086301).\n\n - qed: Fix blocking/unlimited SPQ entries leak\n (bsc#1086314 bsc#1086313 bsc#1086301).\n\n - qed: Fix command number mismatch between driver and the\n mfw (bsc#1086314 bsc#1086313 bsc#1086301 ).\n\n - qed: Fix mask parameter in qed_vf_prep_tunn_req_tlv\n (bsc#1086314 bsc#1086313 bsc#1086301).\n\n - qed: Fix memory/entry leak in qed_init_sp_request()\n (bsc#1086314 bsc#1086313 bsc#1086301).\n\n - qed: Fix potential memory corruption (bsc#1086314\n bsc#1086313 bsc#1086301).\n\n - qed: Fix PTT leak in qed_drain() (bsc#1086314\n bsc#1086313 bsc#1086301).\n\n - qed: Fix QM getters to always return a valid pq\n (bsc#1086314 bsc#1086313 bsc#1086301).\n\n - qed: Fix rdma_info structure allocation (bsc#1086314\n bsc#1086313 bsc#1086301).\n\n - qed: Fix reading wrong value in loop condition\n (bsc#1086314 bsc#1086313 bsc#1086301).\n\n - qla2xxx: Fixup dual-protocol FCP connections\n (bsc#1108870).\n\n - qmi_wwan: Added support for Fibocom NL668 series\n (networking-stable-19_01_04).\n\n - qmi_wwan: Added support for Telit LN940 series\n (networking-stable-19_01_04).\n\n - qmi_wwan: Add support for Fibocom NL678 series\n (networking-stable-19_01_04).\n\n - rapidio/rionet: do not free skb before reading its\n length (networking-stable-18_12_03).\n\n - RDMA/core: Fix unwinding flow in case of error to\n register device (bsc#1046306).\n\n - Revert 'serial: 8250: Fix clearing FIFOs in RS485 mode\n again' (bsc#1051510).\n\n - rpm/release-projects: Add SUSE:Maintenance:* for MU\n kernels (bsc#1123317)\n\n - rtnetlink: ndo_dflt_fdb_dump() only work for\n ARPHRD_ETHER devices (networking-stable-18_12_12).\n\n - s390/zcrypt: fix specification exception on z196 during\n ap probe (LTC#174936, bsc#1123061).\n\n - sbus: char: add of_node_put() (bsc#1051510).\n\n - sched/wait: Fix rcuwait_wake_up() ordering (git-fixes).\n\n - scripts/git_sort/git_sort.py: Add mkp/scsi\n 5.0/scsi-fixes\n\n - scripts/git_sort/git_sort.py: Add s390/linux.git fixes.\n\n - scsi: qedi: Add ep_state for login completion on\n un-reachable targets (bsc#1113712).\n\n - scsi: qla2xxx: Timeouts occur on surprise removal of\n QLogic adapter (bsc#1124985).\n\n - scsi: target: make the pi_prot_format ConfigFS path\n readable (bsc#1123933).\n\n - sctp: initialize sin6_flowinfo for ipv6 addrs in\n sctp_inet6addr_event (networking-stable-19_01_04).\n\n - sctp: kfree_rcu asoc (networking-stable-18_12_12).\n\n - selftests/powerpc: Use snprintf to construct DSCR sysfs\n interface paths (bsc#1124579).\n\n - selinux: Add __GFP_NOWARN to allocation at str_read()\n (bsc#1051510).\n\n - selinux: fix GPF on invalid policy (bsc#1051510).\n\n - serial: imx: fix error handling in console_setup\n (bsc#1051510).\n\n - serial: set suppress_bind_attrs flag only if builtin\n (bsc#1051510).\n\n - serial/sunsu: fix refcount leak (bsc#1051510).\n\n - serial: uartps: Fix interrupt mask issue to handle the\n RX interrupts properly (bsc#1051510).\n\n - shmem: introduce shmem_inode_acct_block (VM\n Functionality, bsc#1121599).\n\n - shmem: shmem_charge: verify max_block is not exceeded\n before inode update (VM Functionality, bsc#1121599).\n\n - signal: Always deliver the kernel's SIGKILL and SIGSTOP\n to a pid namespace init (git-fixes).\n\n - slab: alien caches must not be initialized if the\n allocation of the alien cache failed (git fixes\n (mm/slab)).\n\n - smb3.1.1 dialect is no longer experimental\n (bsc#1051510).\n\n - smb311: Fix reconnect (bsc#1051510).\n\n - smb3: Add support for multidialect negotiate (SMB2.1 and\n later) (bsc#1051510).\n\n - smb3: allow stats which track session and share\n reconnects to be reset (bsc#1051510).\n\n - smb3: Backup intent flag missing for directory opens\n with backupuid mounts (bsc#1051510).\n\n - smb3: check for and properly advertise directory lease\n support (bsc#1051510).\n\n - smb3: directory sync should not return an error\n (bsc#1051510).\n\n - smb3: do not attempt cifs operation in smb3 query info\n error path (bsc#1051510).\n\n - smb3: do not request leases in symlink creation and\n query (bsc#1051510).\n\n - smb3: Do not send SMB3 SET_INFO if nothing changed\n (bsc#1051510).\n\n - smb3: enumerating snapshots was leaving part of the data\n off end (bsc#1051510).\n\n - smb3: Fix length checking of SMB3.11 negotiate request\n (bsc#1051510).\n\n - smb3: Fix root directory when server returns inode\n number of zero (bsc#1051510).\n\n - smb3: fix various xid leaks (bsc#1051510).\n\n - smb3: Improve security, move default dialect to SMB3\n from old CIFS (bsc#1051510).\n\n - smb3: on kerberos mount if server does not specify auth\n type use krb5 (bsc#1051510).\n\n - smb3: Remove ifdef since SMB3 (and later) now STRONGLY\n preferred (bsc#1051510).\n\n - smb3: simplify code by removing CONFIG_CIFS_SMB311\n (bsc#1051510).\n\n - staging: rtl8188eu: Add device code for D-Link DWA-121\n rev B1 (bsc#1051510).\n\n - sunrpc: correct the computation for page_ptr when\n truncating (git-fixes).\n\n - sunrpc: Fix a potential race in xprt_connect()\n (git-fixes).\n\n - sunrpc: Fix leak of krb5p encode pages (git-fixes).\n\n - sunrpc: handle ENOMEM in rpcb_getport_async (git-fixes).\n\n - sunrpc: safely reallow resvport min/max inversion\n (git-fixes).\n\n - tcp: Do not underestimate rwnd_limited\n (networking-stable-18_12_12).\n\n - tcp: fix a race in inet_diag_dump_icsk()\n (networking-stable-19_01_04).\n\n - tcp: fix NULL ref in tail loss probe\n (networking-stable-18_12_12).\n\n - tcp: lack of available data can also cause TSO defer\n (git-fixes).\n\n - thermal: int340x_thermal: Fix a NULL vs IS_ERR() check\n (bsc#1051510).\n\n - tipc: compare remote and local protocols in\n tipc_udp_enable() (networking-stable-19_01_04).\n\n - tipc: fix a double kfree_skb()\n (networking-stable-19_01_04).\n\n - tipc: use lock_sock() in tipc_sk_reinit()\n (networking-stable-19_01_04).\n\n - tools/lib/lockdep: Rename 'trywlock' into 'trywrlock'\n (bsc#1121973).\n\n - tty: Do not hold ldisc lock in tty_reopen() if ldisc\n present (bsc#1051510).\n\n - tty: Handle problem if line discipline does not have\n receive_buf (bsc#1051510).\n\n - tty/n_hdlc: fix __might_sleep warning (bsc#1051510).\n\n - tty/serial: do not free trasnmit buffer page under port\n lock (bsc#1051510).\n\n - tun: forbid iface creation with rtnl ops\n (networking-stable-18_12_12).\n\n - uart: Fix crash in uart_write and uart_put_char\n (bsc#1051510).\n\n - usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70\n RGB (bsc#1120902).\n\n - usb: cdc-acm: send ZLP for Telit 3G Intel based modems\n (bsc#1120902).\n\n - usb: dwc3: gadget: Clear req->needs_extra_trb flag on\n cleanup (bsc#1120902).\n\n - usb: dwc3: trace: add missing break statement to make\n compiler happy (bsc#1120902).\n\n - usbnet: ipheth: fix potential recvmsg bug and recvmsg\n bug 2 (networking-stable-18_12_03).\n\n - usb: serial: option: add Fibocom NL678 series\n (bsc#1120902).\n\n - usb: serial: pl2303: add ids for Hewlett-Packard HP POS\n pole displays (bsc#1120902).\n\n - usb: storage: add quirk for SMI SM3350 (bsc#1120902).\n\n - usb: storage: do not insert sane sense for SPC3+ when\n bad sense specified (bsc#1120902).\n\n - usb: xhci: fix 'broken_suspend' placement in struct\n xchi_hcd (bsc#1119086).\n\n - vfs: Avoid softlockups in drop_pagecache_sb()\n (bsc#1118505).\n\n - vhost: make sure used idx is seen before log in\n vhost_add_used_n() (networking-stable-19_01_04).\n\n - virtio-net: fail XDP set if guest csum is negotiated\n (networking-stable-18_12_03).\n\n - virtio-net: keep vnet header zeroed after processing XDP\n (networking-stable-18_12_12).\n\n - vsock: Send reset control packet when socket is\n partially bound (networking-stable-19_01_04).\n\n - vt: invoke notifier on screen size change (bsc#1051510).\n\n - watchdog: w83627hf_wdt: Add quirk for Inves system\n (bsc#1106434).\n\n - writeback: do not decrement wb->refcnt if !wb->bdi (git\n fixes (writeback)).\n\n - x86/bugs: Add AMD's variant of SSB_NO (bsc#1114279).\n\n - x86/bugs: Update when to check for the LS_CFG SSBD\n mitigation (bsc#1114279).\n\n - x86/kvmclock: set pvti_cpu0_va after enabling kvmclock\n (bsc#1098382).\n\n - x86/MCE: Initialize mce.bank in the case of a fatal\n error in mce_no_way_out() (bsc#1114279).\n\n - x86/microcode/amd: Do not falsely trick the late loading\n mechanism (bsc#1114279).\n\n - x86/mm: Drop usage of __flush_tlb_all() in\n kernel_physical_mapping_init() (bsc#1114279).\n\n - x86, modpost: Replace last remnants of RETPOLINE with\n CONFIG_RETPOLINE (bsc#1114279).\n\n - x86/pvclock: add setter for pvclock_pvti_cpu0_va\n (bsc#1098382).\n\n - x86/resctrl: Fix rdt_find_domain() return value and\n checks (bsc#1114279).\n\n - x86/speculation: Add RETPOLINE_AMD support to the inline\n asm CALL_NOSPEC variant (bsc#1114279).\n\n - x86/speculation: Remove redundant arch_smt_update()\n invocation (bsc#1114279).\n\n - x86/xen/time: Output xen sched_clock time from 0\n (bsc#1098382).\n\n - x86/xen/time: set pvclock flags on xen_time_init()\n (bsc#1098382).\n\n - x86/xen/time: setup vcpu 0 time info page (bsc#1098382).\n\n - xen: Fix x86 sched_clock() interface for xen\n (bsc#1098382).\n\n - xhci: Add quirk to zero 64bit registers on Renesas PCIe\n controllers (bsc#1120854).\n\n - xhci: workaround CSS timeout on AMD SNPS 3.0 xHC\n (bsc#1119086).\n\n - xprtrdma: Reset credit grant properly after a disconnect\n (git-fixes).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1046306\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1054610\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055121\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056658\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1084216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086301\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086313\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086314\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086323\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1087082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1087092\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1098382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1098425\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118505\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119766\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120854\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120954\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1121599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1121726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1121973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1122019\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1122324\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1122554\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1122662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1122779\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1122885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1122927\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1122944\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1122971\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123357\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123538\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123697\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124985\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1125109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=802154\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20669\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-base-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-base-debuginfo-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-debuginfo-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-debugsource-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-devel-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-devel-debuginfo-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-base-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-base-debuginfo-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-debuginfo-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-debugsource-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-devel-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-devel-debuginfo-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-devel-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-docs-html-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-base-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-debugsource-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-devel-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-macros-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-build-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-build-debugsource-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-qa-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-source-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-source-vanilla-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-syms-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-base-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-debuginfo-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-debugsource-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-devel-4.12.14-lp150.12.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-lp150.12.48.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-10T16:06:18", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel-rt packages installed that are affected by multiple vulnerabilities:\n\n - Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub- operations. These sub-operations allow the processor to hand-off address generation logic into these sub- operations for optimized writes. Both of these sub- operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n - Microprocessors use a load port subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPUs pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side- channel. (CVE-2018-12127)\n\n - A flaw was found in the implementation of the fill buffer, a mechanism used by modern CPUs when a cache- miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer.\n (CVE-2018-12130)\n\n - A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor implements its device control API. While creating a device via kvm_ioctl_create_device(), the device holds a reference to a VM object, later this reference is transferred to the caller's file descriptor table. If such file descriptor was to be closed, reference count to the VM object could become zero, potentially leading to a use- after-free issue. A user/process could use this flaw to crash the guest VM resulting in a denial of service issue or, potentially, gain privileged access to a system. (CVE-2019-6974)\n\n - A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor emulates a preemption timer for L2 guests when nested (=1) virtualization is enabled. This high resolution timer(hrtimer) runs when a L2 guest is active. After VM exit, the sync_vmcs12() timer object is stopped. The use-after-free occurs if the timer object is freed before calling sync_vmcs12() routine. A guest user/process could use this flaw to crash the host kernel resulting in a denial of service or, potentially, gain privileged access to a system.\n (CVE-2019-7221)\n\n - An information leakage issue was found in the way Linux kernel's KVM hypervisor handled page fault exceptions while emulating instructions like VMXON, VMCLEAR, VMPTRLD, and VMWRITE with memory address as an operand.\n It occurs if the operand is a mmio address, as the returned exception object holds uninitialized stack memory contents. A guest user/process could use this flaw to leak host's stack memory contents to a guest.\n (CVE-2019-7222)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0086)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-6974", "CVE-2019-7221", "CVE-2019-7222"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0086_KERNEL-RT.NASL", "href": "https://www.tenable.com/plugins/nessus/127302", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0086. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127302);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2018-12126\",\n \"CVE-2018-12127\",\n \"CVE-2018-12130\",\n \"CVE-2019-6974\",\n \"CVE-2019-7221\",\n \"CVE-2019-7222\"\n );\n script_bugtraq_id(107127, 107294, 106963);\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0086)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel-rt packages installed that are affected\nby multiple vulnerabilities:\n\n - Modern Intel microprocessors implement hardware-level\n micro-optimizations to improve the performance of\n writing data back to CPU caches. The write operation is\n split into STA (STore Address) and STD (STore Data) sub-\n operations. These sub-operations allow the processor to\n hand-off address generation logic into these sub-\n operations for optimized writes. Both of these sub-\n operations write to a shared distributed processor\n structure called the 'processor store buffer'. As a\n result, an unprivileged attacker could use this flaw to\n read private data resident within the CPU's processor\n store buffer. (CVE-2018-12126)\n\n - Microprocessors use a load port subcomponent to\n perform load operations from memory or IO. During a load\n operation, the load port receives data from the memory\n or IO subsystem and then provides the data to the CPU\n registers and operations in the CPUs pipelines. Stale\n load operations results are stored in the 'load port'\n table until overwritten by newer operations. Certain\n load-port operations triggered by an attacker can be\n used to reveal data about previous stale requests\n leaking data back to the attacker via a timing side-\n channel. (CVE-2018-12127)\n\n - A flaw was found in the implementation of the fill\n buffer, a mechanism used by modern CPUs when a cache-\n miss is made on L1 CPU cache. If an attacker can\n generate a load operation that would create a page\n fault, the execution will continue speculatively with\n incorrect data from the fill buffer while the data is\n fetched from higher level caches. This response time can\n be measured to infer data in the fill buffer.\n (CVE-2018-12130)\n\n - A use-after-free vulnerability was found in the way the\n Linux kernel's KVM hypervisor implements its device\n control API. While creating a device via\n kvm_ioctl_create_device(), the device holds a reference\n to a VM object, later this reference is transferred to\n the caller's file descriptor table. If such file\n descriptor was to be closed, reference count to the VM\n object could become zero, potentially leading to a use-\n after-free issue. A user/process could use this flaw to\n crash the guest VM resulting in a denial of service\n issue or, potentially, gain privileged access to a\n system. (CVE-2019-6974)\n\n - A use-after-free vulnerability was found in the way the\n Linux kernel's KVM hypervisor emulates a preemption\n timer for L2 guests when nested (=1) virtualization is\n enabled. This high resolution timer(hrtimer) runs when a\n L2 guest is active. After VM exit, the sync_vmcs12()\n timer object is stopped. The use-after-free occurs if\n the timer object is freed before calling sync_vmcs12()\n routine. A guest user/process could use this flaw to\n crash the host kernel resulting in a denial of service\n or, potentially, gain privileged access to a system.\n (CVE-2019-7221)\n\n - An information leakage issue was found in the way Linux\n kernel's KVM hypervisor handled page fault exceptions\n while emulating instructions like VMXON, VMCLEAR,\n VMPTRLD, and VMWRITE with memory address as an operand.\n It occurs if the operand is a mmio address, as the\n returned exception object holds uninitialized stack\n memory contents. A guest user/process could use this\n flaw to leak host's stack memory contents to a guest.\n (CVE-2019-7222)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0086\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel-rt packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-6974\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.05\": [\n \"kernel-rt-3.10.0-957.12.2.rt56.929.el7.cgslv5_5.2.64.g521d5ca\",\n \"kernel-rt-debug-3.10.0-957.12.2.rt56.929.el7.cgslv5_5.2.64.g521d5ca\",\n \"kernel-rt-debug-debuginfo-3.10.0-957.12.2.rt56.929.el7.cgslv5_5.2.64.g521d5ca\",\n \"kernel-rt-debug-devel-3.10.0-957.12.2.rt56.929.el7.cgslv5_5.2.64.g521d5ca\",\n \"kernel-rt-debug-kvm-3.10.0-957.12.2.rt56.929.el7.cgslv5_5.2.64.g521d5ca\",\n \"kernel-rt-debug-kvm-debuginfo-3.10.0-957.12.2.rt56.929.el7.cgslv5_5.2.64.g521d5ca\",\n \"kernel-rt-debuginfo-3.10.0-957.12.2.rt56.929.el7.cgslv5_5.2.64.g521d5ca\",\n \"kernel-rt-debuginfo-common-x86_64-3.10.0-957.12.2.rt56.929.el7.cgslv5_5.2.64.g521d5ca\",\n \"kernel-rt-devel-3.10.0-957.12.2.rt56.929.el7.cgslv5_5.2.64.g521d5ca\",\n \"kernel-rt-doc-3.10.0-957.12.2.rt56.929.el7.cgslv5_5.2.64.g521d5ca\",\n \"kernel-rt-kvm-3.10.0-957.12.2.rt56.929.el7.cgslv5_5.2.64.g521d5ca\",\n \"kernel-rt-kvm-debuginfo-3.10.0-957.12.2.rt56.929.el7.cgslv5_5.2.64.g521d5ca\",\n \"kernel-rt-trace-3.10.0-957.12.2.rt56.929.el7.cgslv5_5.2.64.g521d5ca\",\n \"kernel-rt-trace-debuginfo-3.10.0-957.12.2.rt56.929.el7.cgslv5_5.2.64.g521d5ca\",\n \"kernel-rt-trace-devel-3.10.0-957.12.2.rt56.929.el7.cgslv5_5.2.64.g521d5ca\",\n \"kernel-rt-trace-kvm-3.10.0-957.12.2.rt56.929.el7.cgslv5_5.2.64.g521d5ca\",\n \"kernel-rt-trace-kvm-debuginfo-3.10.0-957.12.2.rt56.929.el7.cgslv5_5.2.64.g521d5ca\"\n ],\n \"CGSL MAIN 5.05\": [\n \"kernel-rt-3.10.0-957.12.2.rt56.929.el7.cgslv5_5.2.64.g521d5ca\",\n \"kernel-rt-debug-3.10.0-957.12.2.rt56.929.el7.cgslv5_5.2.64.g521d5ca\",\n \"kernel-rt-debug-debuginfo-3.10.0-957.12.2.rt56.929.el7.cgslv5_5.2.64.g521d5ca\",\n \"kernel-rt-debug-devel-3.10.0-957.12.2.rt56.929.el7.cgslv5_5.2.64.g521d5ca\",\n \"kernel-rt-debug-kvm-3.10.0-957.12.2.rt56.929.el7.cgslv5_5.2.64.g521d5ca\",\n \"kernel-rt-debug-kvm-debuginfo-3.10.0-957.12.2.rt56.929.el7.cgslv5_5.2.64.g521d5ca\",\n \"kernel-rt-debuginfo-3.10.0-957.12.2.rt56.929.el7.cgslv5_5.2.64.g521d5ca\",\n \"kernel-rt-debuginfo-common-x86_64-3.10.0-957.12.2.rt56.929.el7.cgslv5_5.2.64.g521d5ca\",\n \"kernel-rt-devel-3.10.0-957.12.2.rt56.929.el7.cgslv5_5.2.64.g521d5ca\",\n \"kernel-rt-doc-3.10.0-957.12.2.rt56.929.el7.cgslv5_5.2.64.g521d5ca\",\n \"kernel-rt-kvm-3.10.0-957.12.2.rt56.929.el7.cgslv5_5.2.64.g521d5ca\",\n \"kernel-rt-kvm-debuginfo-3.10.0-957.12.2.rt56.929.el7.cgslv5_5.2.64.g521d5ca\",\n \"kernel-rt-trace-3.10.0-957.12.2.rt56.929.el7.cgslv5_5.2.64.g521d5ca\",\n \"kernel-rt-trace-debuginfo-3.10.0-957.12.2.rt56.929.el7.cgslv5_5.2.64.g521d5ca\",\n \"kernel-rt-trace-devel-3.10.0-957.12.2.rt56.929.el7.cgslv5_5.2.64.g521d5ca\",\n \"kernel-rt-trace-kvm-3.10.0-957.12.2.rt56.929.el7.cgslv5_5.2.64.g521d5ca\",\n \"kernel-rt-trace-kvm-debuginfo-3.10.0-957.12.2.rt56.929.el7.cgslv5_5.2.64.g521d5ca\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T15:47:49", "description": "The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179).\n\nCVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166).\n\nCVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. (bnc#1107829).\n\nCVE-2019-7221: The KVM implementation in the Linux kernel had a Use-after-Free (bnc#1124732).\n\nCVE-2019-7222: The KVM implementation in the Linux kernel had an Information Leak (bnc#1124735).\n\nCVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, which led to a use-after-free (bnc#1124728).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-04-02T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0828-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14633", "CVE-2019-2024", "CVE-2019-6974", "CVE-2019-7221", "CVE-2019-7222", "CVE-2019-9213"], "modified": "2022-05-20T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_104-default", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-0828-1.NASL", "href": "https://www.tenable.com/plugins/nessus/123635", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0828-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123635);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/20\");\n\n script_cve_id(\n \"CVE-2018-14633\",\n \"CVE-2019-2024\",\n \"CVE-2019-6974\",\n \"CVE-2019-7221\",\n \"CVE-2019-7222\",\n \"CVE-2019-9213\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0828-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-2024: A use-after-free when disconnecting a source was fixed\nwhich could lead to crashes. bnc#1129179).\n\nCVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the\nmmap minimum address, which made it easier for attackers to exploit\nkernel NULL pointer dereferences on non-SMAP platforms. This is\nrelated to a capability check for the wrong task (bnc#1128166).\n\nCVE-2018-14633: A security flaw was found in the\nchap_server_compute_md5() function in the ISCSI target code in the\nLinux kernel in a way an authentication request from an ISCSI\ninitiator is processed. (bnc#1107829).\n\nCVE-2019-7221: The KVM implementation in the Linux kernel had a\nUse-after-Free (bnc#1124732).\n\nCVE-2019-7222: The KVM implementation in the Linux kernel had an\nInformation Leak (bnc#1124735).\n\nCVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c\nmishandled reference counting because of a race condition, which led\nto a use-after-free (bnc#1124728).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075697\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082943\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105402\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109137\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120691\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124735\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-14633/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-2024/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-6974/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-7221/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-7222/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9213/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190828-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9b6ab111\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2019-828=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-828=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-828=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2019-828=1\n\nSUSE Linux Enterprise High Availability 12-SP2:zypper in -t patch\nSUSE-SLE-HA-12-SP2-2019-828=1\n\nSUSE Enterprise Storage 4:zypper in -t patch SUSE-Storage-4-2019-828=1\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-828=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-14633\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-6974\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_104-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_104-default-1-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.121-92.104.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-4.4.121-92.104.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-base-4.4.121-92.104.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-base-debuginfo-4.4.121-92.104.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-debuginfo-4.4.121-92.104.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-debugsource-4.4.121-92.104.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-devel-4.4.121-92.104.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-syms-4.4.121-92.104.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2022-08-09T17:06:44", "description": "This update for ceph fixes the following issues :\n\n - Update to version 12.2.7-420-gc0ef85b854 :\n\n - https://ceph.com/releases/12-2-7-luminous-released/\n\n - luminous: osd: eternal stuck PG in 'unfound_recovery' (bsc#1094932)\n\n - bluestore: db.slow used when db is not full (bsc#1092874)\n\n - CVE-2018-10861: Ensure that ceph-mon does perform authorization on all OSD pool ops (bsc#1099162).\n\n - CVE-2018-1129: cephx signature check bypass (bsc#1096748).\n\n - CVE-2018-1128: cephx protocol was vulnerable to replay attack (bsc#1096748).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"}, "published": "2018-08-23T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : ceph (SUSE-SU-2018:2478-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10861", "CVE-2018-1128", "CVE-2018-1129"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:ceph-common", "p-cpe:/a:novell:suse_linux:ceph-common-debuginfo", "p-cpe:/a:novell:suse_linux:ceph-debugsource", "p-cpe:/a:novell:suse_linux:libcephfs2", "p-cpe:/a:novell:suse_linux:libcephfs2-debuginfo", "p-cpe:/a:novell:suse_linux:librados2", "p-cpe:/a:novell:suse_linux:librados2-debuginfo", "p-cpe:/a:novell:suse_linux:libradosstriper1", "p-cpe:/a:novell:suse_linux:libradosstriper1-debuginfo", "p-cpe:/a:novell:suse_linux:librbd1", "p-cpe:/a:novell:suse_linux:librbd1-debuginfo", "p-cpe:/a:novell:suse_linux:librgw2", "p-cpe:/a:novell:suse_linux:librgw2-debuginfo", "p-cpe:/a:novell:suse_linux:python-cephfs", "p-cpe:/a:novell:suse_linux:python-cephfs-debuginfo", "p-cpe:/a:novell:suse_linux:python-rados", "p-cpe:/a:novell:suse_linux:python-rados-debuginfo", "p-cpe:/a:novell:suse_linux:python-rbd", "p-cpe:/a:novell:suse_linux:python-rbd-debuginfo", "p-cpe:/a:novell:suse_linux:python-rgw", "p-cpe:/a:novell:suse_linux:python-rgw-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-2478-1.NASL", "href": "https://www.tenable.com/plugins/nessus/112079", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:2478-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(112079);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/09/10 13:51:48\");\n\n script_cve_id(\"CVE-2018-10861\", \"CVE-2018-1128\", \"CVE-2018-1129\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : ceph (SUSE-SU-2018:2478-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ceph fixes the following issues :\n\n - Update to version 12.2.7-420-gc0ef85b854 :\n\n - https://ceph.com/releases/12-2-7-luminous-released/\n\n - luminous: osd: eternal stuck PG in 'unfound_recovery'\n (bsc#1094932)\n\n - bluestore: db.slow used when db is not full\n (bsc#1092874)\n\n - CVE-2018-10861: Ensure that ceph-mon does perform\n authorization on all OSD pool ops (bsc#1099162).\n\n - CVE-2018-1129: cephx signature check bypass\n (bsc#1096748).\n\n - CVE-2018-1128: cephx protocol was vulnerable to replay\n attack (bsc#1096748).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1092874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094932\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://ceph.com/releases/12-2-7-luminous-released/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10861/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1128/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1129/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20182478-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?454e1918\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-1494=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-1494=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-1494=1\n\nSUSE CaaS Platform ALL :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nSUSE CaaS Platform 3.0 :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ceph-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ceph-common-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ceph-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcephfs2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libcephfs2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:librados2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:librados2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libradosstriper1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libradosstriper1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:librbd1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:librbd1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:librgw2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:librgw2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-cephfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-cephfs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-rados\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-rados-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-rgw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-rgw-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ceph-common-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ceph-common-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ceph-debugsource-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcephfs2-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libcephfs2-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"librados2-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"librados2-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libradosstriper1-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libradosstriper1-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"librbd1-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"librbd1-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"librgw2-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"librgw2-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python-cephfs-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python-cephfs-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python-rados-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python-rados-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python-rbd-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python-rbd-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python-rgw-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python-rgw-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ceph-common-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ceph-common-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ceph-debugsource-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcephfs2-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libcephfs2-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"librados2-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"librados2-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libradosstriper1-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libradosstriper1-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"librbd1-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"librbd1-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"librgw2-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"librgw2-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"python-cephfs-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"python-cephfs-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"python-rados-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"python-rados-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"python-rbd-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"python-rbd-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"python-rgw-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"python-rgw-debuginfo-12.2.7+git.1531910353.c0ef85b854-2.12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ceph\");\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2022-08-09T17:04:07", "description": "An update for ceph is now available for Red Hat Ceph Storage 3.0 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.\n\nSecurity Fix(es) :\n\n* ceph: cephx protocol is vulnerable to replay attack (CVE-2018-1128)\n\n* ceph: cephx uses weak signatures (CVE-2018-1129)\n\n* ceph: ceph-mon does not perform authorization on OSD pool ops (CVE-2018-10861)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* Previously, Ceph RADOS Gateway (RGW) instances in zones configured for multi-site replication would crash if configured to disable sync ('rgw_run_sync_thread = false'). Therefor, multi-site replication environments could not start dedicated non-replication RGW instances.\nWith this update, the 'rgw_run_sync_thread' option can be used to configure RGW instances that will not participate in replication even if their zone is replicated. (BZ#1552202)\n\n* Previously, when increasing 'max_mds' from '1' to '2', if the Metadata Server (MDS) daemon was in the starting/resolve state for a long period of time, then restarting the MDS daemon lead to assert.\nThis caused the Ceph File System (CephFS) to be in degraded state.\nWith this update, increasing 'max_mds' no longer causes CephFS to be in degraded state. (BZ#1566016)\n\n* Previously, the transition to containerized Ceph left some 'ceph-disk' unit files. The files were harmless, but appeared as failing. With this update, executing the 'switch-from-non-containerized-to-containerized-ceph-daemons.yml' playbook disables the 'ceph-disk' unit files too. (BZ#1577846)\n\n* Previously, the 'entries_behind_master' metric output from the 'rbd mirror image status' CLI tool did not always reduce to zero under synthetic workloads. This could cause a false alarm that there is an issue with RBD mirroring replications. With this update, the metric is now updated periodically without the need for an explicit I/O flush in the workload. (BZ#1578509)\n\n* Previously, when using the 'pool create' command with 'expected_num_objects', placement group (PG) directories were not pre-created at pool creation time as expected, resulting in performance drops when filestore splitting occurred. With this update, the 'expected_num_objects' parameter is now passed through to filestore correctly, and PG directories for the expected number of objects are pre-created at pool creation time. (BZ#1579039)\n\n* Previously, internal RADOS Gateway (RGW) multi-site sync logic behaved incorrectly when attempting to sync containers with S3 object versioning enabled. Objects in versioning-enabled containers would fail to sync in some scenarios--for example, when using 's3cmd sync' to mirror a filesystem directory. With this update, RGW multi-site replication logic has been corrected for the known failure cases.\n(BZ#1580497)\n\n* When restarting OSD daemons, the 'ceph-ansible' restart script goes through all the daemons by listing the units with systemctl list-units. Under certain circumstances, the output of the command contains extra spaces, which caused parsing and restart to fail. With this update, the underlying code has been changed to handle the extra space.\n\n* Previously, the Ceph RADOS Gateway (RGW) server treated negative byte-range object requests ('bytes=0--1') as invalid. Applications that expect the AWS behavior for negative or other invalid range requests saw unexpected errors and could fail. With this update, a new option 'rgw_ignore_get_invalid_range' has been added to RGW. When 'rgw_ignore_get_invalid_range' is set to 'true', the RGW behavior for invalid range requests is backwards compatible with AWS.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"}, "published": "2018-07-18T00:00:00", "type": "nessus", "title": "RHEL 7 : Red Hat Ceph Storage 3.0 (RHSA-2018:2177)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10861", "CVE-2018-1128", "CVE-2018-1129"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:ceph-ansible", "p-cpe:/a:redhat:enterprise_linux:ceph-base", "p-cpe:/a:redhat:enterprise_linux:ceph-common", "p-cpe:/a:redhat:enterprise_linux:ceph-debuginfo", "p-cpe:/a:redhat:enterprise_linux:ceph-fuse", "p-cpe:/a:redhat:enterprise_linux:ceph-mds", "p-cpe:/a:redhat:enterprise_linux:ceph-radosgw", "p-cpe:/a:redhat:enterprise_linux:ceph-selinux", "p-cpe:/a:redhat:enterprise_linux:cephmetrics", "p-cpe:/a:redhat:enterprise_linux:cephmetrics-ansible", "p-cpe:/a:redhat:enterprise_linux:cephmetrics-collectors", "p-cpe:/a:redhat:enterprise_linux:cephmetrics-grafana-plugins", "p-cpe:/a:redhat:enterprise_linux:libcephfs-devel", "p-cpe:/a:redhat:enterprise_linux:libcephfs2", "p-cpe:/a:redhat:enterprise_linux:librados-devel", "p-cpe:/a:redhat:enterprise_linux:librados2", "p-cpe:/a:redhat:enterprise_linux:libradosstriper1", "p-cpe:/a:redhat:enterprise_linux:librbd-devel", "p-cpe:/a:redhat:enterprise_linux:librbd1", "p-cpe:/a:redhat:enterprise_linux:librgw-devel", "p-cpe:/a:redhat:enterprise_linux:librgw2", "p-cpe:/a:redhat:enterprise_linux:nfs-ganesha", "p-cpe:/a:redhat:enterprise_linux:nfs-ganesha-ceph", "p-cpe:/a:redhat:enterprise_linux:nfs-ganesha-debuginfo", "p-cpe:/a:redhat:enterprise_linux:nfs-ganesha-rgw", "p-cpe:/a:redhat:enterprise_linux:python-cephfs", "p-cpe:/a:redhat:enterprise_linux:python-rados", "p-cpe:/a:redhat:enterprise_linux:python-rbd", "p-cpe:/a:redhat:enterprise_linux:python-rgw", "p-cpe:/a:redhat:enterprise_linux:rbd-mirror", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2018-2177.NASL", "href": "https://www.tenable.com/plugins/nessus/111145", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:2177. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111145);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/10/24 15:35:45\");\n\n script_cve_id(\"CVE-2018-10861\", \"CVE-2018-1128\", \"CVE-2018-1129\");\n script_xref(name:\"RHSA\", value:\"2018:2177\");\n\n script_name(english:\"RHEL 7 : Red Hat Ceph Storage 3.0 (RHSA-2018:2177)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for ceph is now available for Red Hat Ceph Storage 3.0 for\nRed Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat Ceph Storage is a scalable, open, software-defined storage\nplatform that combines the most stable version of the Ceph storage\nsystem with a Ceph management platform, deployment utilities, and\nsupport services.\n\nSecurity Fix(es) :\n\n* ceph: cephx protocol is vulnerable to replay attack (CVE-2018-1128)\n\n* ceph: cephx uses weak signatures (CVE-2018-1129)\n\n* ceph: ceph-mon does not perform authorization on OSD pool ops\n(CVE-2018-10861)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nBug Fix(es) :\n\n* Previously, Ceph RADOS Gateway (RGW) instances in zones configured\nfor multi-site replication would crash if configured to disable sync\n('rgw_run_sync_thread = false'). Therefor, multi-site replication\nenvironments could not start dedicated non-replication RGW instances.\nWith this update, the 'rgw_run_sync_thread' option can be used to\nconfigure RGW instances that will not participate in replication even\nif their zone is replicated. (BZ#1552202)\n\n* Previously, when increasing 'max_mds' from '1' to '2', if the\nMetadata Server (MDS) daemon was in the starting/resolve state for a\nlong period of time, then restarting the MDS daemon lead to assert.\nThis caused the Ceph File System (CephFS) to be in degraded state.\nWith this update, increasing 'max_mds' no longer causes CephFS to be\nin degraded state. (BZ#1566016)\n\n* Previously, the transition to containerized Ceph left some\n'ceph-disk' unit files. The files were harmless, but appeared as\nfailing. With this update, executing the\n'switch-from-non-containerized-to-containerized-ceph-daemons.yml'\nplaybook disables the 'ceph-disk' unit files too. (BZ#1577846)\n\n* Previously, the 'entries_behind_master' metric output from the 'rbd\nmirror image status' CLI tool did not always reduce to zero under\nsynthetic workloads. This could cause a false alarm that there is an\nissue with RBD mirroring replications. With this update, the metric is\nnow updated periodically without the need for an explicit I/O flush in\nthe workload. (BZ#1578509)\n\n* Previously, when using the 'pool create' command with\n'expected_num_objects', placement group (PG) directories were not\npre-created at pool creation time as expected, resulting in\nperformance drops when filestore splitting occurred. With this update,\nthe 'expected_num_objects' parameter is now passed through to\nfilestore correctly, and PG directories for the expected number of\nobjects are pre-created at pool creation time. (BZ#1579039)\n\n* Previously, internal RADOS Gateway (RGW) multi-site sync logic\nbehaved incorrectly when attempting to sync containers with S3 object\nversioning enabled. Objects in versioning-enabled containers would\nfail to sync in some scenarios--for example, when using 's3cmd sync'\nto mirror a filesystem directory. With this update, RGW multi-site\nreplication logic has been corrected for the known failure cases.\n(BZ#1580497)\n\n* When restarting OSD daemons, the 'ceph-ansible' restart script goes\nthrough all the daemons by listing the units with systemctl\nlist-units. Under certain circumstances, the output of the command\ncontains extra spaces, which caused parsing and restart to fail. With\nthis update, the underlying code has been changed to handle the extra\nspace.\n\n* Previously, the Ceph RADOS Gateway (RGW) server treated negative\nbyte-range object requests ('bytes=0--1') as invalid. Applications\nthat expect the AWS behavior for negative or other invalid range\nrequests saw unexpected errors and could fail. With this update, a new\noption 'rgw_ignore_get_invalid_range' has been added to RGW. When\n'rgw_ignore_get_invalid_range' is set to 'true', the RGW behavior for\ninvalid range requests is backwards compatible with AWS.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:2177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-1128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-1129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-10861\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ceph-ansible\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ceph-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ceph-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ceph-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ceph-fuse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ceph-mds\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ceph-radosgw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ceph-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cephmetrics\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cephmetrics-ansible\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cephmetrics-collectors\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cephmetrics-grafana-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libcephfs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libcephfs2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:librados-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:librados2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libradosstriper1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:librbd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:librbd1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:librgw-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:librgw2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nfs-ganesha\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nfs-ganesha-ceph\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nfs-ganesha-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nfs-ganesha-rgw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-cephfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-rados\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-rgw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rbd-mirror\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:2177\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL7\", rpm:\"librados2-12.*\\.el7cp\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Ceph Storage\");\n\n if (rpm_check(release:\"RHEL7\", reference:\"ceph-ansible-3.0.39-1.el7cp\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ceph-base-12.2.4-30.el7cp\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ceph-common-12.2.4-30.el7cp\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ceph-debuginfo-12.2.4-30.el7cp\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ceph-fuse-12.2.4-30.el7cp\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ceph-mds-12.2.4-30.el7cp\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ceph-radosgw-12.2.4-30.el7cp\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ceph-selinux-12.2.4-30.el7cp\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"cephmetrics-1.0.1-1.el7cp\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"cephmetrics-ansible-1.0.1-1.el7cp\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"cephmetrics-collectors-1.0.1-1.el7cp\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"cephmetrics-grafana-plugins-1.0.1-1.el7cp\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libcephfs-devel-12.2.4-30.el7cp\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libcephfs2-12.2.4-30.el7cp\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"librados-devel-12.2.4-30.el7cp\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"librados2-12.2.4-30.el7cp\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libradosstriper1-12.2.4-30.el7cp\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"librbd-devel-12.2.4-30.el7cp\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"librbd1-12.2.4-30.el7cp\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"librgw-devel-12.2.4-30.el7cp\")) flag++;\n if (rpm_check(release:\"RHEL7\&quo
Updated kernel-linus packages fix security vulnerabilities
