DATABASE RESOURCES PRICING ABOUT US

{"id": "AL2_ALAS-2020-1480.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Amazon Linux 2 : kernel (ALAS-2020-1480)", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1480 advisory.\n\n - The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error- handling code. (CVE-2017-18232)\n\n - The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference). (CVE-2018-8043)\n\n - A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.\n (CVE-2019-18808)\n\n - A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b. (CVE-2019-19054)\n\n - A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3. (CVE-2019-19061)\n\n - Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function, aka CID-853acf7caf10. (CVE-2019-19073)\n\n - A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.\n (CVE-2019-19074)\n\n - In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out. (CVE-2019-3016)\n\n - In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check.\n This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. (CVE-2019-9445)\n\n - An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10.\n Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767. (CVE-2020-12655)\n\n - In the Linux kernel through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770. (CVE-2020-15393)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2020-08-26T00:00:00", "modified": "2022-05-12T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/139858", "reporter": "This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19054", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19074", "https://access.redhat.com/security/cve/CVE-2019-19073", "https://access.redhat.com/security/cve/CVE-2017-18232", "https://access.redhat.com/security/cve/CVE-2020-12655", "https://access.redhat.com/security/cve/CVE-2019-19054", "https://access.redhat.com/security/cve/CVE-2019-9445", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10323", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18232", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18808", "https://access.redhat.com/security/cve/CVE-2019-3016", "https://access.redhat.com/security/cve/CVE-2020-10781", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3016", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8043", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19073", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12655", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15393", "https://access.redhat.com/security/cve/CVE-2018-8043", "https://access.redhat.com/security/cve/CVE-2019-19074", "https://alas.aws.amazon.com/AL2/ALAS-2020-1480.html", "https://access.redhat.com/security/cve/CVE-2018-10323", "https://access.redhat.com/security/cve/CVE-2019-19061", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10781", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9445", "https://access.redhat.com/security/cve/CVE-2019-18808", "https://access.redhat.com/security/cve/CVE-2020-15393", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19061"], "cvelist": ["CVE-2017-18232", "CVE-2018-10323", "CVE-2018-8043", "CVE-2019-18808", "CVE-2019-19054", "CVE-2019-19061", "CVE-2019-19073", "CVE-2019-19074", "CVE-2019-3016", "CVE-2019-9445", "CVE-2020-10781", "CVE-2020-12655", "CVE-2020-15393"], "immutableFields": [], "lastseen": "2023-05-18T15:06:12", "viewCount": 37, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:4431"]}, {"type": "amazon", "idList": ["ALAS-2018-993", "ALAS2-2020-1480", "ALAS2-2021-1719"]}, {"type": "androidsecurity", "idList": ["ANDROID:2019-09-01"]}, {"type": "centos", "idList": ["CESA-2018:3083", "CESA-2020:4060"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:67D855E67C3B3297A83211802F1890CE", "CFOUNDRY:873D4C50CDC37566272A2CA3925ADB7A", "CFOUNDRY:ABBF4BD74406CA92477E7CFB1AD01190", "CFOUNDRY:E36E8558D6E84664F9D34B4A9E5179AC"]}, {"type": "cve", "idList": ["CVE-2017-18232", "CVE-2018-10323", "CVE-2018-8043", "CVE-2019-18808", "CVE-2019-19054", "CVE-2019-19061", "CVE-2019-19073", "CVE-2019-19074", "CVE-2019-3016", "CVE-2019-9445", "CVE-2020-10781", "CVE-2020-12655", "CVE-2020-15393", "CVE-2021-3744", "CVE-2021-3764"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2323-1:C146F", "DEBIAN:DLA-2385-1:FDE93", "DEBIAN:DLA-2420-1:692E7", "DEBIAN:DLA-2420-2:175D1", "DEBIAN:DSA-4187-1:481CA", "DEBIAN:DSA-4187-1:E8170", "DEBIAN:DSA-4188-1:B3909", "DEBIAN:DSA-4188-1:E4177", "DEBIAN:DSA-4699-1:122C4", "DEBIAN:DSA-4699-1:D5D43"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-18232", "DEBIANCVE:CVE-2018-10323", "DEBIANCVE:CVE-2018-8043", "DEBIANCVE:CVE-2019-18808", "DEBIANCVE:CVE-2019-19054", "DEBIANCVE:CVE-2019-19061", "DEBIANCVE:CVE-2019-19073", "DEBIANCVE:CVE-2019-19074", "DEBIANCVE:CVE-2019-3016", "DEBIANCVE:CVE-2019-9445", "DEBIANCVE:CVE-2020-10781", "DEBIANCVE:CVE-2020-12655", "DEBIANCVE:CVE-2020-15393", "DEBIANCVE:CVE-2021-3744", "DEBIANCVE:CVE-2021-3764"]}, {"type": "f5", "idList": ["F5:K14981751", "F5:K43378049", "F5:K92969318"]}, {"type": "fedora", "idList": ["FEDORA:055473124314", "FEDORA:089B7605072B", "FEDORA:08D3760E6566", "FEDORA:10F7D6255145", "FEDORA:122AE604D3F9", "FEDORA:15484608781D", "FEDORA:1C6F16348980", "FEDORA:1CA16613DD7E", "FEDORA:1CAC0608E6F2", "FEDORA:1EFAB60ACFB0", "FEDORA:224AE608F491", "FEDORA:2281662F1093", "FEDORA:250CB6087A80", "FEDORA:25BDD6190ECF", "FEDORA:267796076024", "FEDORA:29049600CFF3", "FEDORA:29FCE65ECD33", "FEDORA:3266960F0E44", "FEDORA:371E06040B12", "FEDORA:4002B609954A", "FEDORA:41B546014626", "FEDORA:42DA3601FD86", "FEDORA:44065605602A", "FEDORA:4832F6079717", "FEDORA:4D5AD601FDAC", "FEDORA:50E6E6087656", "FEDORA:51B856067EB8", "FEDORA:5591D601DA24", "FEDORA:59E3F606D998", "FEDORA:5AA3D60505E7", "FEDORA:5BC786077CC2", "FEDORA:5D742610B071", "FEDORA:5F9DC60BDC80", "FEDORA:621A2609A69C", "FEDORA:628EB603ECD0", "FEDORA:62D0460BC99C", "FEDORA:648496077DD1", "FEDORA:6B39A60C690C", "FEDORA:6B66A6047312", "FEDORA:6EC6360BEA04", "FEDORA:6F1BC604D0C1", "FEDORA:7024B6092556", "FEDORA:73C3960CDDB3", "FEDORA:74245604D4DA", "FEDORA:7640C641CB61", "FEDORA:803AE30C6416", "FEDORA:87BD56087904", "FEDORA:8F974604E846", "FEDORA:8FEA960A4096", "FEDORA:909D360491BF", "FEDORA:9145860769FE", "FEDORA:9289D60560A2", "FEDORA:94BC060A4ECF", "FEDORA:95A686085F81", "FEDORA:975D760A94D0", "FEDORA:9E3D9606D195", "FEDORA:A02E3603EB55", "FEDORA:AAD0A60B6998", "FEDORA:AB52460321C9", "FEDORA:AC7FC600CFCA", "FEDORA:B395E6087A9D", "FEDORA:B54D264CBCAC", "FEDORA:B7EFE60A96DB", "FEDORA:B87B460876BA", "FEDORA:B96016015F64", "FEDORA:BBFE360460D0", "FEDORA:BD35260BC96F", "FEDORA:BF5EC607125E", "FEDORA:C49D061F375F", "FEDORA:C63656040AE1", "FEDORA:C64AE6007F37", "FEDORA:C65F560874BD", "FEDORA:C780262C7ED2", "FEDORA:CB0956087865", "FEDORA:D6CAE607A456", "FEDORA:D6F86601E6D9", "FEDORA:DF5176048167", "FEDORA:E37FD60924F1", "FEDORA:E6F08605DCE7", "FEDORA:E93AE6077DCD", "FEDORA:EBB026048D2E", "FEDORA:EC9F26076D31"]}, {"type": "ibm", "idList": ["65AC1B828E41A5505E1A8E4F6E7E2E7A2BE86DE58C539C97379A40C7ED8BBD9F", "6F75059EBDF719D84C8DC0CA4BAADF9428544BDAFCEEAE62F4225A55CA1E8AF0", "89705B406BC34CFDE34239974351BBFD8507A55179356911F33A32F43F42DBB9", "B599429672D35F0898136CCC25113D8FA5E242634C8CEB73C87851525F0DA4BB", "C6EAD3F3307C853EF572B5AA0C97E7BC9E1E5795E6DA460CC6BFA63F04CB54C5"]}, {"type": "mageia", "idList": ["MGASA-2020-0073", "MGASA-2020-0089", "MGASA-2020-0333"]}, {"type": "nessus", "idList": ["AL2_ALAS-2021-1719.NASL", "AL2_ALASKERNEL-5_10-2022-007.NASL", "AL2_ALASKERNEL-5_4-2022-009.NASL", "AL2_ALASKERNEL-5_4-2022-014.NASL", "AL2_ALASKERNEL-5_4-2022-027.NASL", "AL2_ALASKERNEL-5_4-2022-029.NASL", "AL2_ALASKERNEL-5_4-2022-031.NASL", "ALA_ALAS-2018-993.NASL", "ALMA_LINUX_ALSA-2020-4431.NASL", "ALMA_LINUX_ALSA-2022-1988.NASL", "CENTOS8_RHSA-2020-1769.NASL", "CENTOS8_RHSA-2020-4431.NASL", "CENTOS_RHSA-2018-3083.NASL", "CENTOS_RHSA-2020-4060.NASL", "DEBIAN_DLA-2323.NASL", "DEBIAN_DLA-2385.NASL", "DEBIAN_DLA-2420.NASL", "DEBIAN_DSA-4187.NASL", "DEBIAN_DSA-4188.NASL", "DEBIAN_DSA-4699.NASL", "DEBIAN_DSA-5096.NASL", "EULEROS_SA-2019-1505.NASL", "EULEROS_SA-2019-1528.NASL", "EULEROS_SA-2019-1537.NASL", "EULEROS_SA-2019-1919.NASL", "EULEROS_SA-2019-2274.NASL", "EULEROS_SA-2019-2353.NASL", "EULEROS_SA-2019-2531.NASL", "EULEROS_SA-2019-2693.NASL", "EULEROS_SA-2020-1012.NASL", "EULEROS_SA-2020-1042.NASL", "EULEROS_SA-2020-1197.NASL", "EULEROS_SA-2020-1292.NASL", "EULEROS_SA-2020-1342.NASL", "EULEROS_SA-2020-1396.NASL", "EULEROS_SA-2020-1536.NASL", "EULEROS_SA-2020-1592.NASL", "EULEROS_SA-2020-1606.NASL", "EULEROS_SA-2020-1674.NASL", "EULEROS_SA-2020-1698.NASL", "EULEROS_SA-2020-1807.NASL", "EULEROS_SA-2020-1892.NASL", "EULEROS_SA-2020-1958.NASL", "EULEROS_SA-2020-2150.NASL", "EULEROS_SA-2020-2222.NASL", "EULEROS_SA-2020-2250.NASL", "EULEROS_SA-2020-2353.NASL", "EULEROS_SA-2020-2443.NASL", "EULEROS_SA-2020-2549.NASL", "EULEROS_SA-2021-1056.NASL", "EULEROS_SA-2021-1604.NASL", "EULEROS_SA-2021-2040.NASL", "EULEROS_SA-2022-1376.NASL", "EULEROS_SA-2022-1402.NASL", "EULEROS_SA-2022-2566.NASL", "FEDORA_2018-AC3B4C7605.NASL", "FEDORA_2018-BA39FC0E07.NASL", "FEDORA_2018-BF60EC1389.NASL", "FEDORA_2018-CF76003E1F.NASL", "FEDORA_2018-E378863E47.NASL", "FEDORA_2019-021C968423.NASL", "FEDORA_2019-124A241044.NASL", "FEDORA_2019-34A75D7E61.NASL", "FEDORA_2019-B86A7BDBA0.NASL", "FEDORA_2020-5A69DECC0C.NASL", "FEDORA_2020-C6B9FFF7F8.NASL", "FEDORA_2021-79CBBEFEBE.NASL", "NEWSTART_CGSL_NS-SA-2021-0025_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2021-0078_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2021-0169_KERNEL.NASL", "NUTANIX_NXSA-AOS-5_15_5.NASL", "NUTANIX_NXSA-AOS-5_19_0_5.NASL", "NUTANIX_NXSA-AOS-5_19_1.NASL", "OPENSUSE-2018-377.NASL", "OPENSUSE-2018-762.NASL", "OPENSUSE-2019-2675.NASL", "OPENSUSE-2019-536.NASL", "OPENSUSE-2020-1062.NASL", "OPENSUSE-2020-1153.NASL", "OPENSUSE-2020-1236.NASL", "OPENSUSE-2020-336.NASL", "OPENSUSE-2020-801.NASL", "OPENSUSE-2021-1357.NASL", "OPENSUSE-2021-1365.NASL", "OPENSUSE-2021-242.NASL", "OPENSUSE-2021-3338.NASL", "OPENSUSE-2021-3387.NASL", "OPENSUSE-2021-3447.NASL", "ORACLELINUX_ELSA-2018-3083.NASL", "ORACLELINUX_ELSA-2018-4110.NASL", "ORACLELINUX_ELSA-2018-4114.NASL", "ORACLELINUX_ELSA-2018-4134.NASL", "ORACLELINUX_ELSA-2018-4164.NASL", "ORACLELINUX_ELSA-2018-4304.NASL", "ORACLELINUX_ELSA-2018-4307.NASL", "ORACLELINUX_ELSA-2019-4509.NASL", "ORACLELINUX_ELSA-2020-5526.NASL", "ORACLELINUX_ELSA-2020-5528.NASL", "ORACLELINUX_ELSA-2020-5533.NASL", "ORACLELINUX_ELSA-2020-5755.NASL", "ORACLELINUX_ELSA-2020-5756.NASL", "ORACLELINUX_ELSA-2020-5801.NASL", "ORACLELINUX_ELSA-2020-5802.NASL", "ORACLELINUX_ELSA-2020-5805.NASL", "ORACLELINUX_ELSA-2020-5844.NASL", "ORACLELINUX_ELSA-2020-5845.NASL", "ORACLELINUX_ELSA-2020-5848.NASL", "ORACLELINUX_ELSA-2020-5866.NASL", "ORACLELINUX_ELSA-2020-5878.NASL", "ORACLELINUX_ELSA-2020-5879.NASL", "ORACLELINUX_ELSA-2020-5881.NASL", "ORACLELINUX_ELSA-2020-5885.NASL", "ORACLELINUX_ELSA-2021-9473.NASL", "ORACLELINUX_ELSA-2022-1988.NASL", "ORACLELINUX_ELSA-2022-9969.NASL", "ORACLEVM_OVMSA-2018-0223.NASL", "ORACLEVM_OVMSA-2018-0231.NASL", "ORACLEVM_OVMSA-2018-0237.NASL", "ORACLEVM_OVMSA-2020-0032.NASL", "ORACLEVM_OVMSA-2020-0044.NASL", "ORACLEVM_OVMSA-2021-0035.NASL", "PHOTONOS_PHSA-2018-1_0-0135.NASL", "PHOTONOS_PHSA-2018-1_0-0135_LINUX.NASL", "PHOTONOS_PHSA-2018-1_0-0161.NASL", "PHOTONOS_PHSA-2018-1_0-0161_LINUX.NASL", "PHOTONOS_PHSA-2018-2_0-0072.NASL", "PHOTONOS_PHSA-2018-2_0-0072_LINUX.NASL", "PHOTONOS_PHSA-2019-3_0-0046_LINUX.NASL", "REDHAT-RHSA-2018-3083.NASL", "REDHAT-RHSA-2018-3096.NASL", "REDHAT-RHSA-2020-1567.NASL", "REDHAT-RHSA-2020-1769.NASL", "REDHAT-RHSA-2020-2854.NASL", "REDHAT-RHSA-2020-3010.NASL", "REDHAT-RHSA-2020-3016.NASL", "REDHAT-RHSA-2020-3545.NASL", "REDHAT-RHSA-2020-4060.NASL", "REDHAT-RHSA-2020-4062.NASL", "REDHAT-RHSA-2020-4431.NASL", "REDHAT-RHSA-2020-4609.NASL", "SLACKWARE_SSA_2020-295-01.NASL", "SLACKWARE_SSA_2021-202-01.NASL", "SL_20181030_KERNEL_ON_SL7_X.NASL", "SL_20201001_KERNEL_ON_SL7_X.NASL", "SUSE_SU-2018-1048-1.NASL", "SUSE_SU-2018-1173-1.NASL", "SUSE_SU-2018-1173-2.NASL", "SUSE_SU-2019-3200-1.NASL", "SUSE_SU-2019-3316-1.NASL", "SUSE_SU-2019-3317-1.NASL", "SUSE_SU-2019-3371-1.NASL", "SUSE_SU-2019-3379-1.NASL", "SUSE_SU-2019-3381-1.NASL", "SUSE_SU-2020-0093-1.NASL", "SUSE_SU-2020-0558-1.NASL", "SUSE_SU-2020-0559-1.NASL", "SUSE_SU-2020-0560-1.NASL", "SUSE_SU-2020-0580-1.NASL", "SUSE_SU-2020-0584-1.NASL", "SUSE_SU-2020-0613-1.NASL", "SUSE_SU-2020-1255-1.NASL", "SUSE_SU-2020-14354-1.NASL", "SUSE_SU-2020-1587-1.NASL", "SUSE_SU-2020-1599-1.NASL", "SUSE_SU-2020-1602-1.NASL", "SUSE_SU-2020-1603-1.NASL", "SUSE_SU-2020-1605-1.NASL", "SUSE_SU-2020-1663-1.NASL", "SUSE_SU-2020-2105-1.NASL", "SUSE_SU-2020-2106-1.NASL", "SUSE_SU-2020-2107-1.NASL", "SUSE_SU-2020-2119-1.NASL", "SUSE_SU-2020-2121-1.NASL", "SUSE_SU-2020-2122-1.NASL", "SUSE_SU-2020-2487-1.NASL", "SUSE_SU-2021-0438-1.NASL", "SUSE_SU-2021-3337-1.NASL", "SUSE_SU-2021-3338-1.NASL", "SUSE_SU-2021-3339-1.NASL", "SUSE_SU-2021-3386-1.NASL", "SUSE_SU-2021-3387-1.NASL", "SUSE_SU-2021-3388-1.NASL", "SUSE_SU-2021-3389-1.NASL", "SUSE_SU-2021-3447-1.NASL", "SUSE_SU-2021-3929-1.NASL", "SUSE_SU-2021-3935-1.NASL", "SUSE_SU-2022-2721-1.NASL", "SUSE_SU-2022-2840-1.NASL", "UBUNTU_USN-3619-1.NASL", "UBUNTU_USN-3619-2.NASL", "UBUNTU_USN-3630-1.NASL", "UBUNTU_USN-3630-2.NASL", "UBUNTU_USN-3632-1.NASL", "UBUNTU_USN-3752-1.NASL", "UBUNTU_USN-3752-2.NASL", "UBUNTU_USN-3752-3.NASL", "UBUNTU_USN-3754-1.NASL", "UBUNTU_USN-4163-1.NASL", "UBUNTU_USN-4208-1.NASL", "UBUNTU_USN-4300-1.NASL", "UBUNTU_USN-4301-1.NASL", "UBUNTU_USN-4463-1.NASL", "UBUNTU_USN-4465-1.NASL", "UBUNTU_USN-4483-1.NASL", "UBUNTU_USN-4485-1.NASL", "UBUNTU_USN-4486-1.NASL", "UBUNTU_USN-4525-1.NASL", "UBUNTU_USN-4526-1.NASL", "UBUNTU_USN-4527-1.NASL", "UBUNTU_USN-4904-1.NASL", "UBUNTU_USN-5140-1.NASL", "UBUNTU_USN-5161-1.NASL", "UBUNTU_USN-5162-1.NASL", "UBUNTU_USN-5163-1.NASL", "UBUNTU_USN-5164-1.NASL", "UBUNTU_USN-5343-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704187", "OPENVAS:1361412562310704188", "OPENVAS:1361412562310704699", "OPENVAS:1361412562310843496", "OPENVAS:1361412562310843497", "OPENVAS:1361412562310843509", "OPENVAS:1361412562310843510", "OPENVAS:1361412562310843512", "OPENVAS:1361412562310843624", "OPENVAS:1361412562310843625", "OPENVAS:1361412562310843628", "OPENVAS:1361412562310843630", "OPENVAS:1361412562310844209", "OPENVAS:1361412562310844257", "OPENVAS:1361412562310844362", "OPENVAS:1361412562310844365", "OPENVAS:1361412562310851731", "OPENVAS:1361412562310851987", "OPENVAS:1361412562310852971", "OPENVAS:1361412562310853070", "OPENVAS:1361412562310853206", "OPENVAS:1361412562310874238", "OPENVAS:1361412562310874241", "OPENVAS:1361412562310874290", "OPENVAS:1361412562310874293", "OPENVAS:1361412562310874365", "OPENVAS:1361412562310874366", "OPENVAS:1361412562310874400", "OPENVAS:1361412562310874427", "OPENVAS:1361412562310874566", "OPENVAS:1361412562310874597", "OPENVAS:1361412562310874600", "OPENVAS:1361412562310874606", "OPENVAS:1361412562310874619", "OPENVAS:1361412562310874620", "OPENVAS:1361412562310874623", "OPENVAS:1361412562310874639", "OPENVAS:1361412562310874647", "OPENVAS:1361412562310874675", "OPENVAS:1361412562310874695", "OPENVAS:1361412562310874710", "OPENVAS:1361412562310874721", "OPENVAS:1361412562310874731", "OPENVAS:1361412562310874751", "OPENVAS:1361412562310874757", "OPENVAS:1361412562310874761", "OPENVAS:1361412562310874786", "OPENVAS:1361412562310874801", "OPENVAS:1361412562310874813", "OPENVAS:1361412562310874886", "OPENVAS:1361412562310874890", "OPENVAS:1361412562310874908", "OPENVAS:1361412562310874919", "OPENVAS:1361412562310874964", "OPENVAS:1361412562310874965", "OPENVAS:1361412562310874998", "OPENVAS:1361412562310875005", "OPENVAS:1361412562310875066", "OPENVAS:1361412562310875092", "OPENVAS:1361412562310875099", "OPENVAS:1361412562310875128", "OPENVAS:1361412562310875131", "OPENVAS:1361412562310875162", "OPENVAS:1361412562310875170", "OPENVAS:1361412562310875189", "OPENVAS:1361412562310875201", "OPENVAS:1361412562310875303", "OPENVAS:1361412562310875330", "OPENVAS:1361412562310875334", "OPENVAS:1361412562310875349", "OPENVAS:1361412562310875369", "OPENVAS:1361412562310875407", "OPENVAS:1361412562310875414", "OPENVAS:1361412562310875423", "OPENVAS:1361412562310875438", "OPENVAS:1361412562310875443", "OPENVAS:1361412562310875459", "OPENVAS:1361412562310875476", "OPENVAS:1361412562310875506", "OPENVAS:1361412562310875559", "OPENVAS:1361412562310875566", "OPENVAS:1361412562310875577", "OPENVAS:1361412562310876322", "OPENVAS:1361412562310876377", "OPENVAS:1361412562310877052", "OPENVAS:1361412562310877058", "OPENVAS:1361412562310877070", "OPENVAS:1361412562310877113", "OPENVAS:1361412562310877132", "OPENVAS:1361412562310877136", "OPENVAS:1361412562310877209", "OPENVAS:1361412562310877358", "OPENVAS:1361412562310877370", "OPENVAS:1361412562310877476", "OPENVAS:1361412562310877479", "OPENVAS:1361412562310877533", "OPENVAS:1361412562310877540", "OPENVAS:1361412562310877541", "OPENVAS:1361412562310877859", "OPENVAS:1361412562310877862", "OPENVAS:1361412562310877884", "OPENVAS:1361412562310877952", "OPENVAS:1361412562310877977", "OPENVAS:1361412562311220191505", "OPENVAS:1361412562311220191528", "OPENVAS:1361412562311220191537", "OPENVAS:1361412562311220191919", "OPENVAS:1361412562311220192274", "OPENVAS:1361412562311220192353", "OPENVAS:1361412562311220192531", "OPENVAS:1361412562311220192693", "OPENVAS:1361412562311220201012", "OPENVAS:1361412562311220201042", "OPENVAS:1361412562311220201197", "OPENVAS:1361412562311220201292", "OPENVAS:1361412562311220201342", "OPENVAS:1361412562311220201396", "OPENVAS:1361412562311220201536", "OPENVAS:1361412562311220201592", "OPENVAS:1361412562311220201606", "OPENVAS:1361412562311220201674", "OPENVAS:1361412562311220201698"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2021"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-3083", "ELSA-2018-4110", "ELSA-2018-4114", "ELSA-2018-4134", "ELSA-2018-4164", "ELSA-2018-4304", "ELSA-2018-4307", "ELSA-2019-4509", "ELSA-2020-1769", "ELSA-2020-3010", "ELSA-2020-4060", "ELSA-2020-4431", "ELSA-2020-5526", "ELSA-2020-5528", "ELSA-2020-5533", "ELSA-2020-5755", "ELSA-2020-5756", "ELSA-2020-5801", "ELSA-2020-5802", "ELSA-2020-5805", "ELSA-2020-5844", "ELSA-2020-5845", "ELSA-2020-5848", "ELSA-2020-5866", "ELSA-2020-5878", "ELSA-2020-5879", "ELSA-2020-5881", "ELSA-2020-5885", "ELSA-2021-9473", "ELSA-2022-9969"]}, {"type": "osv", "idList": ["OSV:DLA-1529-1", "OSV:DLA-2323-1", "OSV:DLA-2385-1", "OSV:DLA-2420-1", "OSV:DSA-4187-1", "OSV:DSA-4188-1", "OSV:DSA-4699-1"]}, {"type": "photon", "idList": ["PHSA-2018-0044", "PHSA-2018-0072", "PHSA-2018-0135", "PHSA-2018-0161", "PHSA-2018-1.0-0135", "PHSA-2018-1.0-0161", "PHSA-2018-2.0-0072", "PHSA-2019-0046", "PHSA-2019-3.0-0046", "PHSA-2020-0052", "PHSA-2020-0069", "PHSA-2020-0127", "PHSA-2020-0153", "PHSA-2020-0309", "PHSA-2020-1.0-0309", "PHSA-2020-3.0-0052", "PHSA-2020-3.0-0069", "PHSA-2020-3.0-0118", "PHSA-2020-3.0-0127", "PHSA-2020-3.0-0153", "PHSA-2021-0436", "PHSA-2023-4.0-0318"]}, {"type": "redhat", "idList": ["RHSA-2018:3083", "RHSA-2018:3096", "RHSA-2020:1567", "RHSA-2020:1769", "RHSA-2020:2854", "RHSA-2020:3010", "RHSA-2020:3016", "RHSA-2020:3194", "RHSA-2020:3545", "RHSA-2020:4060", "RHSA-2020:4062", "RHSA-2020:4431", "RHSA-2020:4609", "RHSA-2020:5633", "RHSA-2020:5635"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-18232", "RH:CVE-2018-10323", "RH:CVE-2018-8043", "RH:CVE-2019-18808", "RH:CVE-2019-19054", "RH:CVE-2019-19061", "RH:CVE-2019-19073", "RH:CVE-2019-19074", "RH:CVE-2019-3016", "RH:CVE-2019-9445", "RH:CVE-2020-10781", "RH:CVE-2020-12655", "RH:CVE-2020-15393", "RH:CVE-2021-3744", "RH:CVE-2021-3764"]}, {"type": "slackware", "idList": ["SSA-2020-295-01", "SSA-2021-202-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:0972-1", "OPENSUSE-SU-2018:2119-1", "OPENSUSE-SU-2019:2675-1", "OPENSUSE-SU-2020:0336-1", "OPENSUSE-SU-2020:0801-1", "OPENSUSE-SU-2020:1062-1", "OPENSUSE-SU-2020:1153-1", "OPENSUSE-SU-2020:1236-1", "OPENSUSE-SU-2021:0242-1", "SUSE-SU-2018:1048-1", "SUSE-SU-2018:1173-1", "SUSE-SU-2018:1217-1"]}, {"type": "symantec", "idList": ["SMNTC-110895"]}, {"type": "ubuntu", "idList": ["LSN-0065-1", "USN-3619-1", "USN-3619-2", "USN-3630-1", "USN-3630-2", "USN-3632-1", "USN-3752-1", "USN-3752-2", "USN-3752-3", "USN-3754-1", "USN-4163-1", "USN-4163-2", "USN-4208-1", "USN-4300-1", "USN-4301-1", "USN-4463-1", "USN-4465-1", "USN-4483-1", "USN-4485-1", "USN-4486-1", "USN-4525-1", "USN-4526-1", "USN-4527-1", "USN-4904-1", "USN-5343-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-18232", "UB:CVE-2018-10323", "UB:CVE-2018-8043", "UB:CVE-2019-18808", "UB:CVE-2019-19054", "UB:CVE-2019-19061", "UB:CVE-2019-19073", "UB:CVE-2019-19074", "UB:CVE-2019-3016", "UB:CVE-2019-9445", "UB:CVE-2020-10781", "UB:CVE-2020-12655", "UB:CVE-2020-15393", "UB:CVE-2021-3744", "UB:CVE-2021-3764"]}, {"type": "veracode", "idList": ["VERACODE:19509", "VERACODE:25177", "VERACODE:25178", "VERACODE:25937", "VERACODE:26831", "VERACODE:26896", "VERACODE:27151", "VERACODE:27228", "VERACODE:27232", "VERACODE:27233", "VERACODE:27781"]}]}, "score": {"value": -0.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:4431"]}, {"type": "amazon", "idList": ["ALAS-2018-993"]}, {"type": "centos", "idList": ["CESA-2020:4060"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:67D855E67C3B3297A83211802F1890CE", "CFOUNDRY:E36E8558D6E84664F9D34B4A9E5179AC"]}, {"type": "cve", "idList": ["CVE-2018-10323", "CVE-2018-8043"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4187-1:481CA", "DEBIAN:DSA-4188-1:E4177"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-18232", "DEBIANCVE:CVE-2018-10323", "DEBIANCVE:CVE-2018-8043", "DEBIANCVE:CVE-2019-18808", "DEBIANCVE:CVE-2019-19054", "DEBIANCVE:CVE-2019-19061", "DEBIANCVE:CVE-2019-19073", "DEBIANCVE:CVE-2019-19074", "DEBIANCVE:CVE-2019-3016", "DEBIANCVE:CVE-2019-9445", "DEBIANCVE:CVE-2020-10781", "DEBIANCVE:CVE-2020-12655", "DEBIANCVE:CVE-2020-15393"]}, {"type": "f5", "idList": ["F5:K43378049", "F5:K92969318"]}, {"type": "fedora", "idList": ["FEDORA:089B7605072B", "FEDORA:08D3760E6566", "FEDORA:10F7D6255145", "FEDORA:122AE604D3F9", "FEDORA:1C6F16348980", "FEDORA:1CA16613DD7E", "FEDORA:1EFAB60ACFB0", "FEDORA:2281662F1093", "FEDORA:250CB6087A80", "FEDORA:25BDD6190ECF", "FEDORA:29049600CFF3", "FEDORA:29FCE65ECD33", "FEDORA:3266960F0E44", "FEDORA:41B546014626", "FEDORA:42DA3601FD86", "FEDORA:44065605602A", "FEDORA:4832F6079717", "FEDORA:4D5AD601FDAC", "FEDORA:50E6E6087656", "FEDORA:5591D601DA24", "FEDORA:5AA3D60505E7", "FEDORA:5D742610B071", "FEDORA:5F9DC60BDC80", "FEDORA:621A2609A69C", "FEDORA:648496077DD1", "FEDORA:6B39A60C690C", "FEDORA:6B66A6047312", "FEDORA:6EC6360BEA04", "FEDORA:6F1BC604D0C1", "FEDORA:7024B6092556", "FEDORA:73C3960CDDB3", "FEDORA:74245604D4DA", "FEDORA:7640C641CB61", "FEDORA:87BD56087904", "FEDORA:8F974604E846", "FEDORA:909D360491BF", "FEDORA:9145860769FE", "FEDORA:9289D60560A2", "FEDORA:95A686085F81", "FEDORA:975D760A94D0", "FEDORA:9E3D9606D195", "FEDORA:A02E3603EB55", "FEDORA:AB52460321C9", "FEDORA:AC7FC600CFCA", "FEDORA:B395E6087A9D", "FEDORA:B54D264CBCAC", "FEDORA:B7EFE60A96DB", "FEDORA:B96016015F64", "FEDORA:BBFE360460D0", "FEDORA:BD35260BC96F", "FEDORA:C49D061F375F", "FEDORA:C64AE6007F37", "FEDORA:C65F560874BD", "FEDORA:C780262C7ED2", "FEDORA:D6CAE607A456", "FEDORA:D6F86601E6D9", "FEDORA:DF5176048167", "FEDORA:E6F08605DCE7", "FEDORA:E93AE6077DCD", "FEDORA:EBB026048D2E"]}, {"type": "ibm", "idList": ["89705B406BC34CFDE34239974351BBFD8507A55179356911F33A32F43F42DBB9", "B599429672D35F0898136CCC25113D8FA5E242634C8CEB73C87851525F0DA4BB"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/ORACLE_LINUX-CVE-2020-10742/"]}, {"type": "nessus", "idList": ["ALA_ALAS-2018-993.NASL", "DEBIAN_DSA-4187.NASL", "DEBIAN_DSA-4188.NASL", "EULEROS_SA-2020-1012.NASL", "EULEROS_SA-2020-1042.NASL", "FEDORA_2018-BF60EC1389.NASL", "FEDORA_2018-CF76003E1F.NASL", "ORACLELINUX_ELSA-2018-4114.NASL", "ORACLEVM_OVMSA-2018-0223.NASL", "PHOTONOS_PHSA-2019-3_0-0046_LINUX.NASL", "SUSE_SU-2018-1048-1.NASL", "SUSE_SU-2018-1173-1.NASL", "SUSE_SU-2020-0093-1.NASL", "SUSE_SU-2021-3929-1.NASL", "SUSE_SU-2021-3935-1.NASL", "UBUNTU_USN-3619-2.NASL", "UBUNTU_USN-3630-1.NASL", "UBUNTU_USN-3630-2.NASL", "UBUNTU_USN-3632-1.NASL", "UBUNTU_USN-4904-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704187", "OPENVAS:1361412562310704188", "OPENVAS:1361412562310843496", "OPENVAS:1361412562310843497", "OPENVAS:1361412562310843509", "OPENVAS:1361412562310843510", "OPENVAS:1361412562310843512", "OPENVAS:1361412562310851731", "OPENVAS:1361412562310852971", "OPENVAS:1361412562310874238", "OPENVAS:1361412562310874241", "OPENVAS:1361412562310874365", "OPENVAS:1361412562310874366", "OPENVAS:1361412562310874400", "OPENVAS:1361412562310874427", "OPENVAS:1361412562310874566", "OPENVAS:1361412562310874597", "OPENVAS:1361412562310874600", "OPENVAS:1361412562310874606", "OPENVAS:1361412562310874619", "OPENVAS:1361412562310874620", "OPENVAS:1361412562310874623", "OPENVAS:1361412562310875099", "OPENVAS:1361412562310877113", "OPENVAS:1361412562310877132", "OPENVAS:1361412562310877136", "OPENVAS:1361412562310877209"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-4114"]}, {"type": "photon", "idList": ["PHSA-2018-1.0-0135", "PHSA-2018-1.0-0161", "PHSA-2018-2.0-0072", "PHSA-2019-3.0-0046", "PHSA-2020-0288", "PHSA-2020-1.0-0309", "PHSA-2020-3.0-0069", "PHSA-2020-3.0-0127", "PHSA-2020-3.0-0153", "PHSA-2021-0399"]}, {"type": "redhat", "idList": ["RHSA-2020:1567"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-10323", "RH:CVE-2019-19061", "RH:CVE-2019-19074", "RH:CVE-2019-9445", "RH:CVE-2020-10781", "RH:CVE-2020-12655", "RH:CVE-2020-15393"]}, {"type": "slackware", "idList": ["SSA-2020-295-01"]}, {"type": "suse", "idList": ["SUSE-SU-2018:1173-1"]}, {"type": "symantec", "idList": ["SMNTC-110895"]}, {"type": "ubuntu", "idList": ["USN-3619-1", "USN-3619-2", "USN-3630-1", "USN-3630-2", "USN-3632-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-18808", "UB:CVE-2019-19054", "UB:CVE-2019-19061", "UB:CVE-2019-19073", "UB:CVE-2019-19074", "UB:CVE-2019-3016", "UB:CVE-2019-9445", "UB:CVE-2020-10781", "UB:CVE-2020-12655", "UB:CVE-2020-15393"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2017-18232", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2018-10323", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2018-8043", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2019-18808", "epss": 0.00045, "percentile": 0.121, "modified": "2023-05-07"}, {"cve": "CVE-2019-19054", "epss": 0.00045, "percentile": 0.121, "modified": "2023-05-07"}, {"cve": "CVE-2019-19061", "epss": 0.003, "percentile": 0.64944, "modified": "2023-05-07"}, {"cve": "CVE-2019-19073", "epss": 0.00158, "percentile": 0.50895, "modified": "2023-05-07"}, {"cve": "CVE-2019-19074", "epss": 0.02751, "percentile": 0.89017, "modified": "2023-05-07"}, {"cve": "CVE-2019-3016", "epss": 0.0005, "percentile": 0.16969, "modified": "2023-05-07"}, {"cve": "CVE-2019-9445", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2020-10781", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2020-12655", "epss": 0.00046, "percentile": 0.14002, "modified": "2023-05-07"}, {"cve": "CVE-2020-15393", "epss": 0.00045, "percentile": 0.121, "modified": "2023-05-07"}], "vulnersScore": -0.2}, "_state": {"dependencies": 1684442002, "score": 1698840310, "epss": 0}, "_internal": {"score_hash": "157551213e75e117474fb99b250b8f0d"}, "pluginID": "139858", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1480.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139858);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\n \"CVE-2017-18232\",\n \"CVE-2018-8043\",\n \"CVE-2018-10323\",\n \"CVE-2019-3016\",\n \"CVE-2019-9445\",\n \"CVE-2019-18808\",\n \"CVE-2019-19054\",\n \"CVE-2019-19061\",\n \"CVE-2019-19073\",\n \"CVE-2019-19074\",\n \"CVE-2020-10781\",\n \"CVE-2020-12655\",\n \"CVE-2020-15393\"\n );\n script_bugtraq_id(103354, 103423);\n script_xref(name:\"ALAS\", value:\"2020-1480\");\n\n script_name(english:\"Amazon Linux 2 : kernel (ALAS-2020-1480)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the ALAS2-2020-1480 advisory.\n\n - The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within\n libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-\n handling code. (CVE-2017-18232)\n\n - The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8\n does not validate certain resource availability, which allows local users to cause a denial of service\n (NULL pointer dereference). (CVE-2018-8043)\n\n - A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel\n through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.\n (CVE-2019-18808)\n\n - A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux\n kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering\n kfifo_alloc() failures, aka CID-a7b2df76b42b. (CVE-2019-19054)\n\n - A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux\n kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka\n CID-9c0530e898f3. (CVE-2019-19061)\n\n - Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow\n attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout()\n failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the\n htc_connect_service() function, aka CID-853acf7caf10. (CVE-2019-19073)\n\n - A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.\n (CVE-2019-19074)\n\n - In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory\n locations from another process in the same guest. This problem is limit to the host running linux kernel\n 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel\n CPUs cannot be ruled out. (CVE-2019-3016)\n\n - In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check.\n This could lead to local information disclosure with system execution privileges needed. User interaction\n is not needed for exploitation. (CVE-2019-9445)\n\n - An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10.\n Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka\n CID-d0c7feaf8767. (CVE-2020-12655)\n\n - In the Linux kernel through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka\n CID-28ebeb8db770. (CVE-2020-15393)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1480.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-18232\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-10323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-8043\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-18808\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19061\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-3016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10781\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15393\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9445\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-3016\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-4.14.192-147.314\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n cve_list = make_list(\"CVE-2017-18232\", \"CVE-2018-8043\", \"CVE-2018-10323\", \"CVE-2019-3016\", \"CVE-2019-9445\", \"CVE-2019-18808\", \"CVE-2019-19054\", \"CVE-2019-19061\", \"CVE-2019-19073\", \"CVE-2019-19074\", \"CVE-2020-10781\", \"CVE-2020-12655\", \"CVE-2020-15393\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALAS-2020-1480\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\npkgs = [\n {'reference':'kernel-4.14.192-147.314.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-4.14.192-147.314.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-debuginfo-4.14.192-147.314.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-debuginfo-4.14.192-147.314.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-debuginfo-common-aarch64-4.14.192-147.314.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-debuginfo-common-x86_64-4.14.192-147.314.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-devel-4.14.192-147.314.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-devel-4.14.192-147.314.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-headers-4.14.192-147.314.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-headers-4.14.192-147.314.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'kernel-headers-4.14.192-147.314.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-livepatch-4.14.192-147.314-1.0-0.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-tools-4.14.192-147.314.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-tools-4.14.192-147.314.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-tools-debuginfo-4.14.192-147.314.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-tools-debuginfo-4.14.192-147.314.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-tools-devel-4.14.192-147.314.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-tools-devel-4.14.192-147.314.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'perf-4.14.192-147.314.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'perf-4.14.192-147.314.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'perf-debuginfo-4.14.192-147.314.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'perf-debuginfo-4.14.192-147.314.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'python-perf-4.14.192-147.314.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'python-perf-4.14.192-147.314.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'python-perf-debuginfo-4.14.192-147.314.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'python-perf-debuginfo-4.14.192-147.314.amzn2', 'cpu':'x86_64', 'release':'AL2'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}\n", "naslFamily": "Amazon Linux Local Security Checks", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-livepatch-4.14.192-147.314", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "solution": "Run 'yum update kernel' to update your system.", "nessusSeverity": "Low", "cvssScoreSource": "CVE-2019-9445", "vendor_cvss2": {"score": 2.1, "vector": "CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "vendor_cvss3": {"score": 4.7, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "vpr": {"risk factor": "Medium", "score": "4.4"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2020-08-18T00:00:00", "vulnerabilityPublicationDate": "2018-03-10T00:00:00", "exploitableWith": []}

{"amazon": [{"lastseen": "2023-12-06T21:53:21", "description": "**Issue Overview:**\n\nA memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3. (CVE-2019-19061)\n\nA memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4. (CVE-2019-19074)\n\nIn the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. (CVE-2019-9445)\n\nA memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b. (CVE-2019-19054)\n\nIn a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out. (CVE-2019-3016)\n\nThe unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference). (CVE-2018-8043)\n\nIn the Linux kernel through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770. ( CVE-2020-15393 )\n\nA memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247. (CVE-2019-18808)\n\nThe xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image. (CVE-2018-10323)\n\nAn issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767. (CVE-2020-12655)\n\nMemory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function, aka CID-853acf7caf10. (CVE-2019-19073)\n\nThe Serial Attached SCSI (SAS) implementation in the Linux kernel mishandles a mutex within libsas. This allows local users to cause a denial of service (deadlock) by triggering certain error-handling code. (CVE-2017-18232)\n\nThe Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code. (CVE-2017-18232)\n\nA flaw was found in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable. (CVE-2020-10781)\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Note:**\n\nThis advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this [FAQ section](<../../faqs.html#clarify-al2-advisories>) for the difference between AL2 Core and AL2 Extras advisories. \n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 kernel-4.14.192-147.314.amzn2.aarch64 \n \u00a0\u00a0\u00a0 kernel-headers-4.14.192-147.314.amzn2.aarch64 \n \u00a0\u00a0\u00a0 kernel-debuginfo-common-aarch64-4.14.192-147.314.amzn2.aarch64 \n \u00a0\u00a0\u00a0 perf-4.14.192-147.314.amzn2.aarch64 \n \u00a0\u00a0\u00a0 perf-debuginfo-4.14.192-147.314.amzn2.aarch64 \n \u00a0\u00a0\u00a0 python-perf-4.14.192-147.314.amzn2.aarch64 \n \u00a0\u00a0\u00a0 python-perf-debuginfo-4.14.192-147.314.amzn2.aarch64 \n \u00a0\u00a0\u00a0 kernel-tools-4.14.192-147.314.amzn2.aarch64 \n \u00a0\u00a0\u00a0 kernel-tools-devel-4.14.192-147.314.amzn2.aarch64 \n \u00a0\u00a0\u00a0 kernel-tools-debuginfo-4.14.192-147.314.amzn2.aarch64 \n \u00a0\u00a0\u00a0 kernel-devel-4.14.192-147.314.amzn2.aarch64 \n \u00a0\u00a0\u00a0 kernel-debuginfo-4.14.192-147.314.amzn2.aarch64 \n \n i686: \n \u00a0\u00a0\u00a0 kernel-headers-4.14.192-147.314.amzn2.i686 \n \n src: \n \u00a0\u00a0\u00a0 kernel-4.14.192-147.314.amzn2.src \n \n x86_64: \n \u00a0\u00a0\u00a0 kernel-4.14.192-147.314.amzn2.x86_64 \n \u00a0\u00a0\u00a0 kernel-headers-4.14.192-147.314.amzn2.x86_64 \n \u00a0\u00a0\u00a0 kernel-debuginfo-common-x86_64-4.14.192-147.314.amzn2.x86_64 \n \u00a0\u00a0\u00a0 perf-4.14.192-147.314.amzn2.x86_64 \n \u00a0\u00a0\u00a0 perf-debuginfo-4.14.192-147.314.amzn2.x86_64 \n \u00a0\u00a0\u00a0 python-perf-4.14.192-147.314.amzn2.x86_64 \n \u00a0\u00a0\u00a0 python-perf-debuginfo-4.14.192-147.314.amzn2.x86_64 \n \u00a0\u00a0\u00a0 kernel-tools-4.14.192-147.314.amzn2.x86_64 \n \u00a0\u00a0\u00a0 kernel-tools-devel-4.14.192-147.314.amzn2.x86_64 \n \u00a0\u00a0\u00a0 kernel-tools-debuginfo-4.14.192-147.314.amzn2.x86_64 \n \u00a0\u00a0\u00a0 kernel-devel-4.14.192-147.314.amzn2.x86_64 \n \u00a0\u00a0\u00a0 kernel-debuginfo-4.14.192-147.314.amzn2.x86_64 \n \u00a0\u00a0\u00a0 kernel-livepatch-4.14.192-147.314-1.0-0.amzn2.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2017-18232](<https://access.redhat.com/security/cve/CVE-2017-18232>), [CVE-2018-10323](<https://access.redhat.com/security/cve/CVE-2018-10323>), [CVE-2018-8043](<https://access.redhat.com/security/cve/CVE-2018-8043>), [CVE-2019-18808](<https://access.redhat.com/security/cve/CVE-2019-18808>), [CVE-2019-19054](<https://access.redhat.com/security/cve/CVE-2019-19054>), [CVE-2019-19061](<https://access.redhat.com/security/cve/CVE-2019-19061>), [CVE-2019-19073](<https://access.redhat.com/security/cve/CVE-2019-19073>), [CVE-2019-19074](<https://access.redhat.com/security/cve/CVE-2019-19074>), [CVE-2019-3016](<https://access.redhat.com/security/cve/CVE-2019-3016>), [CVE-2019-9445](<https://access.redhat.com/security/cve/CVE-2019-9445>), [CVE-2020-10781](<https://access.redhat.com/security/cve/CVE-2020-10781>), [CVE-2020-12655](<https://access.redhat.com/security/cve/CVE-2020-12655>), [CVE-2020-15393](<https://access.redhat.com/security/cve/CVE-2020-15393>)\n\nMitre: [CVE-2017-18232](<https://vulners.com/cve/CVE-2017-18232>), [CVE-2018-10323](<https://vulners.com/cve/CVE-2018-10323>), [CVE-2018-8043](<https://vulners.com/cve/CVE-2018-8043>), [CVE-2019-18808](<https://vulners.com/cve/CVE-2019-18808>), [CVE-2019-19054](<https://vulners.com/cve/CVE-2019-19054>), [CVE-2019-19061](<https://vulners.com/cve/CVE-2019-19061>), [CVE-2019-19073](<https://vulners.com/cve/CVE-2019-19073>), [CVE-2019-19074](<https://vulners.com/cve/CVE-2019-19074>), [CVE-2019-3016](<https://vulners.com/cve/CVE-2019-3016>), [CVE-2019-9445](<https://vulners.com/cve/CVE-2019-9445>), [CVE-2020-10781](<https://vulners.com/cve/CVE-2020-10781>), [CVE-2020-12655](<https://vulners.com/cve/CVE-2020-12655>), [CVE-2020-15393](<https://vulners.com/cve/CVE-2020-15393>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-08-18T20:29:00", "type": "amazon", "title": "Important: kernel", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18232", "CVE-2018-10323", "CVE-2018-8043", "CVE-2019-18808", "CVE-2019-19054", "CVE-2019-19061", "CVE-2019-19073", "CVE-2019-19074", "CVE-2019-3016", "CVE-2019-9445", "CVE-2020-10781", "CVE-2020-12655", "CVE-2020-15393"], "modified": "2020-08-24T23:58:00", "id": "ALAS2-2020-1480", "href": "https://alas.aws.amazon.com/AL2/ALAS-2020-1480.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-06T20:46:50", "description": "**Issue Overview:**\n\nMissing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service: \nAn error in the \"_sctp_make_chunk()\" function (net/sctp/sm_make_chunk.c) when handling SCTP, packet length can be exploited by a malicious local user to cause a kernel crash and a DoS. (CVE-2018-5803)\n\nMishandling mutex within libsas allowing local Denial of Service \nThe Serial Attached SCSI (SAS) implementation in the Linux kernel mishandles a mutex within libsas. This allows local users to cause a denial of service (deadlock) by triggering certain error-handling code. (CVE-2017-18232)\n\nA flaw was found in the Linux kernel's client-side implementation of the cifs protocol. This flaw allows an attacker controlling the server to kernel panic a client which has the CIFS server mounted.(CVE-2018-1066)\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 kernel-debuginfo-common-i686-4.9.93-41.60.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-4.9.93-41.60.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-tools-devel-4.9.93-41.60.amzn1.i686 \n \u00a0\u00a0\u00a0 perf-4.9.93-41.60.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-debuginfo-4.9.93-41.60.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-tools-debuginfo-4.9.93-41.60.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-devel-4.9.93-41.60.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-headers-4.9.93-41.60.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-tools-4.9.93-41.60.amzn1.i686 \n \u00a0\u00a0\u00a0 perf-debuginfo-4.9.93-41.60.amzn1.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 kernel-doc-4.9.93-41.60.amzn1.noarch \n \n src: \n \u00a0\u00a0\u00a0 kernel-4.9.93-41.60.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 perf-4.9.93-41.60.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-tools-debuginfo-4.9.93-41.60.amzn1.x86_64 \n \u00a0\u00a0\u00a0 perf-debuginfo-4.9.93-41.60.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-tools-4.9.93-41.60.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-4.9.93-41.60.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-devel-4.9.93-41.60.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-tools-devel-4.9.93-41.60.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-headers-4.9.93-41.60.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-debuginfo-4.9.93-41.60.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-debuginfo-common-x86_64-4.9.93-41.60.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2017-18232](<https://access.redhat.com/security/cve/CVE-2017-18232>), [CVE-2018-1066](<https://access.redhat.com/security/cve/CVE-2018-1066>), [CVE-2018-5803](<https://access.redhat.com/security/cve/CVE-2018-5803>)\n\nMitre: [CVE-2017-18232](<https://vulners.com/cve/CVE-2017-18232>), [CVE-2018-1066](<https://vulners.com/cve/CVE-2018-1066>), [CVE-2018-5803](<https://vulners.com/cve/CVE-2018-5803>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-04-19T04:44:00", "type": "amazon", "title": "Medium: kernel", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18232", "CVE-2018-1066", "CVE-2018-5803"], "modified": "2018-05-10T23:20:00", "id": "ALAS-2018-993", "href": "https://alas.aws.amazon.com/ALAS-2018-993.html", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "cloudfoundry": [{"lastseen": "2023-12-06T16:31:46", "description": "## Severity\n\nMedium\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 16.04\n\n## Description\n\nIt was discovered that the AMD Cryptographic Coprocessor device driver in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-18808)\n\nIt was discovered that the Conexant 23885 TV card device driver for the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19054)\n\nIt was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19061)\n\nIt was discovered that the AMD Audio Coprocessor driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker with the ability to load modules could use this to cause a denial of service (memory exhaustion). (CVE-2019-19067)\n\nIt was discovered that the Atheros HTC based wireless driver in the Linux kernel did not properly deallocate in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19073, CVE-2019-19074)\n\nIt was discovered that the F2FS file system in the Linux kernel did not properly perform bounds checking in some situations, leading to an out-of- bounds read. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-9445)\n\nIt was discovered that the VFIO PCI driver in the Linux kernel did not properly handle attempts to access disabled memory spaces. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12888)\n\nIt was discovered that the cgroup v2 subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. (CVE-2020-14356)\n\nIt was discovered that the state of network RNG in the Linux kernel was potentially observable. A remote attacker could use this to expose sensitive information. (CVE-2020-16166)\n\nCVEs contained in this USN include: CVE-2019-19061, CVE-2019-19067, CVE-2020-14356, CVE-2019-18808, CVE-2019-19054, CVE-2020-12888, CVE-2020-16166, CVE-2019-19073, CVE-2019-19074, CVE-2019-9445.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Xenial Stemcells \n * 250.x versions prior to 250.207\n * 315.x versions prior to 315.194\n * 456.x versions prior to 456.121\n * 621.x versions prior to 621.85\n * All other stemcells not listed.\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * Xenial Stemcells \n * Upgrade 250.x versions to 250.207 or greater\n * Upgrade 315.x versions to 315.194 or greater\n * Upgrade 456.x versions to 456.121 or greater\n * Upgrade 621.x versions to 621.85 or greater\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells>).\n\n## References\n\n * [USN Notice](<https://usn.ubuntu.com/4526-1/>)\n * [CVE-2019-19061](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19061>)\n * [CVE-2019-19067](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19067>)\n * [CVE-2020-14356](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14356>)\n * [CVE-2019-18808](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18808>)\n * [CVE-2019-19054](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19054>)\n * [CVE-2020-12888](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12888>)\n * [CVE-2020-16166](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-16166>)\n * [CVE-2019-19073](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19073>)\n * [CVE-2019-19074](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19074>)\n * [CVE-2019-9445](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9445>)\n\n## History\n\n2020-11-20: Initial vulnerability report published.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-19T00:00:00", "type": "cloudfoundry", "title": "USN-4526-1: Linux kernel vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18808", "CVE-2019-19054", "CVE-2019-19061", "CVE-2019-19067", "CVE-2019-19073", "CVE-2019-19074", "CVE-2019-9445", "CVE-2020-12888", "CVE-2020-14356", "CVE-2020-16166"], "modified": "2020-11-19T00:00:00", "id": "CFOUNDRY:ABBF4BD74406CA92477E7CFB1AD01190", "href": "https://www.cloudfoundry.org/blog/usn-4526-1/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2023-10-27T15:00:35", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4526-1 advisory.\n\n - In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check.\n This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. (CVE-2019-9445)\n\n - A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.\n (CVE-2019-18808)\n\n - A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b. (CVE-2019-19054)\n\n - A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3. (CVE-2019-19061)\n\n - ** DISPUTED ** Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures, aka CID-57be09c6e874. NOTE: third parties dispute the relevance of this because the attacker must already have privileges for module loading. (CVE-2019-19067)\n\n - Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function, aka CID-853acf7caf10. (CVE-2019-19073)\n\n - A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.\n (CVE-2019-19074)\n\n - The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. (CVE-2020-12888)\n\n - A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2020-14356)\n\n - The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c. (CVE-2020-16166)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-09-22T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4526-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18808", "CVE-2019-19054", "CVE-2019-19061", "CVE-2019-19067", "CVE-2019-19073", "CVE-2019-19074", "CVE-2019-9445", "CVE-2020-12888", "CVE-2020-14356", "CVE-2020-16166"], "modified": "2023-10-20T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1054-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1070-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1071-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1075-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1083-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1084-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1087-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1096-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1097-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-118-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-118-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-118-lowlatency"], "id": "UBUNTU_USN-4526-1.NASL", "href": "https://www.tenable.com/plugins/nessus/140722", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4526-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140722);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2019-9445\",\n \"CVE-2019-18808\",\n \"CVE-2019-19054\",\n \"CVE-2019-19061\",\n \"CVE-2019-19067\",\n \"CVE-2019-19073\",\n \"CVE-2019-19074\",\n \"CVE-2020-12888\",\n \"CVE-2020-14356\",\n \"CVE-2020-16166\"\n );\n script_xref(name:\"USN\", value:\"4526-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4526-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-4526-1 advisory.\n\n - In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check.\n This could lead to local information disclosure with system execution privileges needed. User interaction\n is not needed for exploitation. (CVE-2019-9445)\n\n - A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel\n through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.\n (CVE-2019-18808)\n\n - A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux\n kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering\n kfifo_alloc() failures, aka CID-a7b2df76b42b. (CVE-2019-19054)\n\n - A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux\n kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka\n CID-9c0530e898f3. (CVE-2019-19061)\n\n - ** DISPUTED ** Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c\n in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption) by\n triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures, aka CID-57be09c6e874. NOTE: third\n parties dispute the relevance of this because the attacker must already have privileges for module\n loading. (CVE-2019-19067)\n\n - Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow\n attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout()\n failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the\n htc_connect_service() function, aka CID-853acf7caf10. (CVE-2019-19073)\n\n - A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.\n (CVE-2019-19074)\n\n - The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory\n space. (CVE-2020-12888)\n\n - A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found\n in the way when reboot the system. A local user could use this flaw to crash the system or escalate their\n privileges on the system. (CVE-2020-14356)\n\n - The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive\n information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to\n drivers/char/random.c and kernel/time/timer.c. (CVE-2020-16166)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4526-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14356\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1054-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1070-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1071-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1075-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1083-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1084-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1087-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1096-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1097-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-118-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-118-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-118-lowlatency\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release || '18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '16.04': {\n '4.15.0': {\n 'generic': '4.15.0-118',\n 'generic-lpae': '4.15.0-118',\n 'lowlatency': '4.15.0-118',\n 'oracle': '4.15.0-1054',\n 'aws': '4.15.0-1083',\n 'gcp': '4.15.0-1084',\n 'azure': '4.15.0-1096'\n }\n },\n '18.04': {\n '4.15.0': {\n 'generic': '4.15.0-118',\n 'generic-lpae': '4.15.0-118',\n 'lowlatency': '4.15.0-118',\n 'oracle': '4.15.0-1054',\n 'gke': '4.15.0-1070',\n 'raspi2': '4.15.0-1071',\n 'kvm': '4.15.0-1075',\n 'aws': '4.15.0-1083',\n 'gcp': '4.15.0-1084',\n 'snapdragon': '4.15.0-1087',\n 'azure': '4.15.0-1096',\n 'oem': '4.15.0-1097'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-4526-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2019-9445', 'CVE-2019-18808', 'CVE-2019-19054', 'CVE-2019-19061', 'CVE-2019-19067', 'CVE-2019-19073', 'CVE-2019-19074', 'CVE-2020-12888', 'CVE-2020-14356', 'CVE-2020-16166');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4526-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-27T14:57:06", "description": "The version of kernel installed on the remote host is prior to 5.4.58-27.104. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-014 advisory.\n\n - A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.\n (CVE-2019-18808)\n\n - A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b. (CVE-2019-19054)\n\n - A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable. (CVE-2020-10781)\n\n - ** DISPUTED ** gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. Note: This was disputed with the assertion that the issue does not grant any access not already available. It is a problem that on unloading a specific kernel module some memory is leaked, but loading kernel modules is a privileged operation. A user could also write a kernel module to consume any amount of memory they like and load that replicating the effect of this bug. (CVE-2020-12656)\n\n - In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770. (CVE-2020-15393)\n\n - The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c. (CVE-2020-16166)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-02T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-014)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18808", "CVE-2019-19054", "CVE-2020-10781", "CVE-2020-12656", "CVE-2020-15393", "CVE-2020-16166"], "modified": "2023-09-05T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALASKERNEL-5_4-2022-014.NASL", "href": "https://www.tenable.com/plugins/nessus/160431", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASKERNEL-5.4-2022-014.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160431);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/05\");\n\n script_cve_id(\n \"CVE-2019-18808\",\n \"CVE-2019-19054\",\n \"CVE-2020-10781\",\n \"CVE-2020-12656\",\n \"CVE-2020-15393\",\n \"CVE-2020-16166\"\n );\n\n script_name(english:\"Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-014)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 5.4.58-27.104. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-014 advisory.\n\n - A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel\n through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.\n (CVE-2019-18808)\n\n - A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux\n kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering\n kfifo_alloc() failures, aka CID-a7b2df76b42b. (CVE-2019-19054)\n\n - A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local\n account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in\n the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the\n creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large\n amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random\n userspace processes, possibly making the system inoperable. (CVE-2020-10781)\n\n - ** DISPUTED ** gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5\n implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory\n leak. Note: This was disputed with the assertion that the issue does not grant any access not already\n available. It is a problem that on unloading a specific kernel module some memory is leaked, but loading\n kernel modules is a privileged operation. A user could also write a kernel module to consume any amount of\n memory they like and load that replicating the effect of this bug. (CVE-2020-12656)\n\n - In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak,\n aka CID-28ebeb8db770. (CVE-2020-15393)\n\n - The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive\n information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to\n drivers/char/random.c and kernel/time/timer.c. (CVE-2020-16166)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2022-014.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2019-18808.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2019-19054.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-10781.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-12656.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-15393.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-16166.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16166\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"kpatch.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2019-18808\", \"CVE-2019-19054\", \"CVE-2020-10781\", \"CVE-2020-12656\", \"CVE-2020-15393\", \"CVE-2020-16166\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALASKERNEL-5.4-2022-014\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'kernel-5.4.58-27.104.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-5.4.58-27.104.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-5.4.58-27.104.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-5.4.58-27.104.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-common-aarch64-5.4.58-27.104.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-common-x86_64-5.4.58-27.104.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-devel-5.4.58-27.104.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-devel-5.4.58-27.104.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.58-27.104.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.58-27.104.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.58-27.104.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-5.4.58-27.104.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-5.4.58-27.104.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-debuginfo-5.4.58-27.104.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-debuginfo-5.4.58-27.104.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-devel-5.4.58-27.104.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-devel-5.4.58-27.104.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-5.4.58-27.104.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-5.4.58-27.104.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-debuginfo-5.4.58-27.104.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-debuginfo-5.4.58-27.104.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-5.4.58-27.104.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-5.4.58-27.104.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-debuginfo-5.4.58-27.104.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-debuginfo-5.4.58-27.104.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:39:37", "description": "An update of 'linux', 'linux-esx' packages of Photon OS has been released.", "cvss3": {}, "published": "2018-08-17T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Linux PHSA-2018-1.0-0161 (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18232", "CVE-2018-10323"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2018-1_0-0161.NASL", "href": "https://www.tenable.com/plugins/nessus/111943", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-1.0-0161. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111943);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/02/07 18:59:50\");\n\n script_cve_id(\"CVE-2017-18232\", \"CVE-2018-10323\");\n\n script_name(english:\"Photon OS 1.0: Linux PHSA-2018-1.0-0161 (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of 'linux', 'linux-esx' packages of Photon OS has been\nreleased.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-1.0-161\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f3300528\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10323\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"linux-4.4.139-2.ph1\",\n \"linux-debuginfo-4.4.139-2.ph1\",\n \"linux-dev-4.4.139-2.ph1\",\n \"linux-docs-4.4.139-2.ph1\",\n \"linux-drivers-gpu-4.4.139-2.ph1\",\n \"linux-esx-4.4.139-2.ph1\",\n \"linux-esx-debuginfo-4.4.139-2.ph1\",\n \"linux-esx-devel-4.4.139-2.ph1\",\n \"linux-esx-docs-4.4.139-2.ph1\",\n \"linux-oprofile-4.4.139-2.ph1\",\n \"linux-sound-4.4.139-2.ph1\",\n \"linux-tools-4.4.139-2.ph1\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-1.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-27T14:59:50", "description": "The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4527-1 advisory.\n\n - In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check.\n This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. (CVE-2019-9445)\n\n - In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. (CVE-2019-9453)\n\n - A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b. (CVE-2019-19054)\n\n - Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function, aka CID-853acf7caf10. (CVE-2019-19073)\n\n - A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.\n (CVE-2019-19074)\n\n - An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.\n (CVE-2019-20811)\n\n - In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: Android. Versions: Android kernel. Android ID:\n A-120551147. (CVE-2020-0067)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-09-22T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4527-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19054", "CVE-2019-19073", "CVE-2019-19074", "CVE-2019-20811", "CVE-2019-9445", "CVE-2019-9453", "CVE-2020-0067", "CVE-2020-25212"], "modified": "2023-10-23T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1080-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1114-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1139-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1143-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-190-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-190-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-190-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-190-powerpc-e500mc", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-190-powerpc-smp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-190-powerpc64-emb", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-190-powerpc64-smp"], "id": "UBUNTU_USN-4527-1.NASL", "href": "https://www.tenable.com/plugins/nessus/140724", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4527-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140724);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/23\");\n\n script_cve_id(\n \"CVE-2019-9445\",\n \"CVE-2019-9453\",\n \"CVE-2019-19054\",\n \"CVE-2019-19073\",\n \"CVE-2019-19074\",\n \"CVE-2019-20811\",\n \"CVE-2020-0067\",\n \"CVE-2020-25212\"\n );\n script_xref(name:\"USN\", value:\"4527-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4527-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-4527-1 advisory.\n\n - In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check.\n This could lead to local information disclosure with system execution privileges needed. User interaction\n is not needed for exploitation. (CVE-2019-9445)\n\n - In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input\n validation. This could lead to local information disclosure with system execution privileges needed. User\n interaction is not needed for exploitation. (CVE-2019-9453)\n\n - A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux\n kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering\n kfifo_alloc() failures, aka CID-a7b2df76b42b. (CVE-2019-19054)\n\n - Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow\n attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout()\n failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the\n htc_connect_service() function, aka CID-853acf7caf10. (CVE-2019-19073)\n\n - A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.\n (CVE-2019-19074)\n\n - An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and\n netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.\n (CVE-2019-20811)\n\n - In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds\n check. This could lead to local information disclosure with System execution privileges needed. User\n interaction is not required for exploitation.Product: Android. Versions: Android kernel. Android ID:\n A-120551147. (CVE-2020-0067)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers\n to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c\n instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4527-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25212\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1080-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1114-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1139-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1143-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-190-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-190-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-190-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-190-powerpc-e500mc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-190-powerpc-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-190-powerpc64-emb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-190-powerpc64-smp\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '16.04': {\n '4.4.0': {\n 'generic': '4.4.0-190',\n 'generic-lpae': '4.4.0-190',\n 'lowlatency': '4.4.0-190',\n 'powerpc-e500mc': '4.4.0-190',\n 'powerpc-smp': '4.4.0-190',\n 'powerpc64-emb': '4.4.0-190',\n 'powerpc64-smp': '4.4.0-190',\n 'kvm': '4.4.0-1080',\n 'aws': '4.4.0-1114',\n 'raspi2': '4.4.0-1139',\n 'snapdragon': '4.4.0-1143'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-4527-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2019-9445', 'CVE-2019-9453', 'CVE-2019-19054', 'CVE-2019-19073', 'CVE-2019-19074', 'CVE-2019-20811', 'CVE-2020-0067', 'CVE-2020-25212');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4527-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:34", "description": "An update of the linux package has been released.", "cvss3": {}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Linux PHSA-2018-1.0-0161", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18232", "CVE-2018-10323"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2018-1_0-0161_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/121857", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-1.0-0161. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121857);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/02/07\");\n\n script_cve_id(\"CVE-2017-18232\", \"CVE-2018-10323\");\n\n script_name(english:\"Photon OS 1.0: Linux PHSA-2018-1.0-0161\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-161.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10323\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-debuginfo-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-debuginfo-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-dev-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-dev-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-docs-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-docs-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-drivers-gpu-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-drivers-gpu-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-debuginfo-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-debuginfo-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-devel-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-devel-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-docs-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-docs-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-oprofile-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-oprofile-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-sound-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-sound-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-tools-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-tools-4.4.139-2.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:29:24", "description": "An update of the linux package has been released.", "cvss3": {}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Linux PHSA-2018-2.0-0072", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18232", "CVE-2017-18249", "CVE-2018-10323"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2018-2_0-0072_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/121966", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-2.0-0072. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121966);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/02/07\");\n\n script_cve_id(\"CVE-2017-18232\", \"CVE-2017-18249\", \"CVE-2018-10323\");\n\n script_name(english:\"Photon OS 2.0: Linux PHSA-2018-2.0-0072\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-72.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-18249\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-debuginfo-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-devel-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-docs-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-drivers-gpu-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-oprofile-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-sound-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-tools-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-debuginfo-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-debuginfo-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-debuginfo-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-devel-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-devel-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-devel-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-docs-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-docs-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-docs-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-drivers-gpu-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-drivers-gpu-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-drivers-gpu-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-debuginfo-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-debuginfo-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-debuginfo-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-devel-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-devel-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-devel-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-docs-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-docs-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-docs-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-oprofile-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-oprofile-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-oprofile-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-debuginfo-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-debuginfo-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-debuginfo-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-devel-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-devel-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-devel-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-docs-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-docs-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-docs-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-lkcm-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-lkcm-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-lkcm-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-sound-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-sound-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-sound-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-tools-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-tools-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-tools-4.9.111-3.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:39:38", "description": "An update of 'linux-aws', 'linux', 'linux-esx', 'linux-secure' packages of Photon OS has been released.", "cvss3": {}, "published": "2018-08-17T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Linux PHSA-2018-2.0-0072 (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18232", "CVE-2017-18249", "CVE-2018-10323"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2018-2_0-0072.NASL", "href": "https://www.tenable.com/plugins/nessus/111956", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-2.0-0072. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111956);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/02/07 18:59:51\");\n\n script_cve_id(\"CVE-2017-18232\", \"CVE-2017-18249\", \"CVE-2018-10323\");\n\n script_name(english:\"Photon OS 2.0: Linux PHSA-2018-2.0-0072 (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of 'linux-aws', 'linux', 'linux-esx', 'linux-secure'\npackages of Photon OS has been released.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-2-72\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?80c5dd65\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10323\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"linux-4.9.111-3.ph2\",\n \"linux-aws-4.9.111-3.ph2\",\n \"linux-aws-debuginfo-4.9.111-3.ph2\",\n \"linux-aws-devel-4.9.111-3.ph2\",\n \"linux-aws-docs-4.9.111-3.ph2\",\n \"linux-aws-drivers-gpu-4.9.111-3.ph2\",\n \"linux-aws-oprofile-4.9.111-3.ph2\",\n \"linux-aws-sound-4.9.111-3.ph2\",\n \"linux-aws-tools-4.9.111-3.ph2\",\n \"linux-debuginfo-4.9.111-3.ph2\",\n \"linux-devel-4.9.111-3.ph2\",\n \"linux-docs-4.9.111-3.ph2\",\n \"linux-drivers-gpu-4.9.111-3.ph2\",\n \"linux-esx-4.9.111-2.ph2\",\n \"linux-esx-debuginfo-4.9.111-2.ph2\",\n \"linux-esx-devel-4.9.111-2.ph2\",\n \"linux-esx-docs-4.9.111-2.ph2\",\n \"linux-oprofile-4.9.111-3.ph2\",\n \"linux-secure-4.9.111-2.ph2\",\n \"linux-secure-debuginfo-4.9.111-2.ph2\",\n \"linux-secure-devel-4.9.111-2.ph2\",\n \"linux-secure-docs-4.9.111-2.ph2\",\n \"linux-secure-lkcm-4.9.111-2.ph2\",\n \"linux-sound-4.9.111-3.ph2\",\n \"linux-tools-4.9.111-3.ph2\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T15:33:26", "description": "It was discovered that the XFS file system implementation in the Linux kernel did not properly validate meta data in some circumstances. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. (CVE-2020-12655) It was discovered that the bcache subsystem in the Linux kernel did not properly release a lock in some error conditions. A local attacker could possibly use this to cause a denial of service. (CVE-2020-12771) Kyungtae Kim discovered that the USB testing driver in the Linux kernel did not properly deallocate memory on disconnect events. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2020-15393).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-08-19T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS : linux kernel vulnerabilities (USN-4465-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12655", "CVE-2020-12771", "CVE-2020-15393", "CVE-2020-24394"], "modified": "2023-10-21T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3.0-1033-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3.0-1033-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3.0-1035-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3.0-65-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3.0-65-lowlatency", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-4465-1.NASL", "href": "https://www.tenable.com/plugins/nessus/139693", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4465-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139693);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/21\");\n\n script_cve_id(\n \"CVE-2020-12655\",\n \"CVE-2020-12771\",\n \"CVE-2020-15393\",\n \"CVE-2020-24394\"\n );\n script_xref(name:\"USN\", value:\"4465-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS : linux kernel vulnerabilities (USN-4465-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"It was discovered that the XFS file system implementation in the Linux\nkernel did not properly validate meta data in some circumstances. An\nattacker could use this to construct a malicious XFS image that, when\nmounted, could cause a denial of service. (CVE-2020-12655) It was\ndiscovered that the bcache subsystem in the Linux kernel did not\nproperly release a lock in some error conditions. A local attacker\ncould possibly use this to cause a denial of service. (CVE-2020-12771)\nKyungtae Kim discovered that the USB testing driver in the Linux\nkernel did not properly deallocate memory on disconnect events. A\nphysically proximate attacker could use this to cause a denial of\nservice (memory exhaustion). (CVE-2020-15393).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4465-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-24394\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3.0-1033-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3.0-1033-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3.0-1035-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3.0-65-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3.0-65-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '18.04': {\n '5.3.0': {\n 'generic': '5.3.0-65',\n 'lowlatency': '5.3.0-65',\n 'aws': '5.3.0-1033',\n 'gke': '5.3.0-1033',\n 'azure': '5.3.0-1035'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-4465-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2020-12655', 'CVE-2020-12771', 'CVE-2020-15393', 'CVE-2020-24394');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4465-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-11T15:45:17", "description": "New kernel packages are available for Slackware 14.2 to fix security issues.", "cvss3": {}, "published": "2020-10-22T00:00:00", "type": "nessus", "title": "Slackware 14.2 : Slackware 14.2 kernel (SSA:2020-295-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10323", "CVE-2018-13094", "CVE-2018-8043", "CVE-2019-19054", "CVE-2019-19073", "CVE-2019-19074", "CVE-2019-19448", "CVE-2019-20810", "CVE-2019-9445", "CVE-2020-12351", "CVE-2020-12352", "CVE-2020-12771", "CVE-2020-14314", "CVE-2020-14331", "CVE-2020-14390", "CVE-2020-15393", "CVE-2020-16166", "CVE-2020-24490", "CVE-2020-25211", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285", "CVE-2020-25643", "CVE-2020-26088"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:kernel-generic", "p-cpe:/a:slackware:slackware_linux:kernel-generic-smp", "p-cpe:/a:slackware:slackware_linux:kernel-headers", "p-cpe:/a:slackware:slackware_linux:kernel-huge", "p-cpe:/a:slackware:slackware_linux:kernel-huge-smp", "p-cpe:/a:slackware:slackware_linux:kernel-modules", "p-cpe:/a:slackware:slackware_linux:kernel-modules-smp", "p-cpe:/a:slackware:slackware_linux:kernel-source", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2020-295-01.NASL", "href": "https://www.tenable.com/plugins/nessus/141789", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2020-295-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141789);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2018-8043\",\n \"CVE-2018-10323\",\n \"CVE-2018-13094\",\n \"CVE-2019-9445\",\n \"CVE-2019-19054\",\n \"CVE-2019-19073\",\n \"CVE-2019-19074\",\n \"CVE-2019-19448\",\n \"CVE-2019-20810\",\n \"CVE-2020-12351\",\n \"CVE-2020-12352\",\n \"CVE-2020-12771\",\n \"CVE-2020-14314\",\n \"CVE-2020-14331\",\n \"CVE-2020-14390\",\n \"CVE-2020-15393\",\n \"CVE-2020-16166\",\n \"CVE-2020-24490\",\n \"CVE-2020-25211\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\",\n \"CVE-2020-25643\",\n \"CVE-2020-26088\"\n );\n script_xref(name:\"SSA\", value:\"2020-295-01\");\n\n script_name(english:\"Slackware 14.2 : Slackware 14.2 kernel (SSA:2020-295-01)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Slackware host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"New kernel packages are available for Slackware 14.2 to fix security\nissues.\");\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2020&m=slackware-security.780685\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c92df204\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-12351\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-generic-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-huge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-huge-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-modules-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Slackware Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-generic\", pkgver:\"4.4.240\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-generic-smp\", pkgver:\"4.4.240_smp\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-headers\", pkgver:\"4.4.240_smp\", pkgarch:\"x86\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-huge\", pkgver:\"4.4.240\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-huge-smp\", pkgver:\"4.4.240_smp\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-modules\", pkgver:\"4.4.240\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-modules-smp\", pkgver:\"4.4.240_smp\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-source\", pkgver:\"4.4.240_smp\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-generic\", pkgver:\"4.4.240\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-headers\", pkgver:\"4.4.240\", pkgarch:\"x86\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-huge\", pkgver:\"4.4.240\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-modules\", pkgver:\"4.4.240\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-source\", pkgver:\"4.4.240\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-27T15:00:36", "description": "The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4525-1 advisory.\n\n - A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.\n (CVE-2019-18808)\n\n - A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b. (CVE-2019-19054)\n\n - The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. (CVE-2020-12888)\n\n - The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c. (CVE-2020-16166)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-09-22T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4525-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18808", "CVE-2019-19054", "CVE-2020-12888", "CVE-2020-16166", "CVE-2020-25212"], "modified": "2023-10-21T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1019-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1024-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1025-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1025-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1025-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1026-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-48-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-48-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-48-lowlatency"], "id": "UBUNTU_USN-4525-1.NASL", "href": "https://www.tenable.com/plugins/nessus/140723", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4525-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140723);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/21\");\n\n script_cve_id(\n \"CVE-2019-18808\",\n \"CVE-2019-19054\",\n \"CVE-2020-12888\",\n \"CVE-2020-16166\",\n \"CVE-2020-25212\"\n );\n script_xref(name:\"USN\", value:\"4525-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4525-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-4525-1 advisory.\n\n - A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel\n through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.\n (CVE-2019-18808)\n\n - A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux\n kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering\n kfifo_alloc() failures, aka CID-a7b2df76b42b. (CVE-2019-19054)\n\n - The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory\n space. (CVE-2020-12888)\n\n - The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive\n information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to\n drivers/char/random.c and kernel/time/timer.c. (CVE-2020-16166)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers\n to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c\n instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4525-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25212\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1019-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1024-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1025-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1025-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1025-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1026-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-48-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-48-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-48-lowlatency\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '18.04': {\n '5.4.0': {\n 'generic': '5.4.0-48',\n 'generic-lpae': '5.4.0-48',\n 'lowlatency': '5.4.0-48',\n 'raspi': '5.4.0-1019',\n 'aws': '5.4.0-1025',\n 'gcp': '5.4.0-1025',\n 'oracle': '5.4.0-1025',\n 'azure': '5.4.0-1026'\n }\n },\n '20.04': {\n '5.4.0': {\n 'generic': '5.4.0-48',\n 'generic-lpae': '5.4.0-48',\n 'lowlatency': '5.4.0-48',\n 'raspi': '5.4.0-1019',\n 'kvm': '5.4.0-1024',\n 'aws': '5.4.0-1025',\n 'gcp': '5.4.0-1025',\n 'oracle': '5.4.0-1025',\n 'azure': '5.4.0-1026'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-4525-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2019-18808', 'CVE-2019-19054', 'CVE-2020-12888', 'CVE-2020-16166', 'CVE-2020-25212');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4525-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:15:36", "description": "Incremental update to fix kernel-devel issues.\n\n----\n\nThe 4.15.12 update contains numerous fixes across the tree.\n\n----\n\nThe 4.15.11 update contains a number of important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-03-28T00:00:00", "type": "nessus", "title": "Fedora 27 : kernel (2018-e378863e47)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18232"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2018-E378863E47.NASL", "href": "https://www.tenable.com/plugins/nessus/108677", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-e378863e47.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108677);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-18232\");\n script_xref(name:\"FEDORA\", value:\"2018-e378863e47\");\n\n script_name(english:\"Fedora 27 : kernel (2018-e378863e47)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Incremental update to fix kernel-devel issues.\n\n----\n\nThe 4.15.12 update contains numerous fixes across the tree.\n\n----\n\nThe 4.15.11 update contains a number of important fixes across the\ntree\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-e378863e47\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-18232\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2018-e378863e47\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"kernel-4.15.12-301.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T16:41:30", "description": "Incremental update to fix kernel-devel issues.\n\n----\n\nThe 4.15.12 update contains a variety of fixes across the tree.\n\n----\n\nThe 4.15.11 update contains a number of important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-03-28T00:00:00", "type": "nessus", "title": "Fedora 26 : kernel (2018-ba39fc0e07)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18232"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2018-BA39FC0E07.NASL", "href": "https://www.tenable.com/plugins/nessus/108673", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-ba39fc0e07.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108673);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-18232\");\n script_xref(name:\"FEDORA\", value:\"2018-ba39fc0e07\");\n\n script_name(english:\"Fedora 26 : kernel (2018-ba39fc0e07)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Incremental update to fix kernel-devel issues.\n\n----\n\nThe 4.15.12 update contains a variety of fixes across the tree.\n\n----\n\nThe 4.15.11 update contains a number of important fixes across the\ntree\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-ba39fc0e07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-18232\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2018-ba39fc0e07\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"kernel-4.15.12-201.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:55:06", "description": "An update of the linux package has been released.", "cvss3": {}, "published": "2020-01-18T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Linux PHSA-2019-3.0-0046", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19062", "CVE-2019-19066", "CVE-2019-19072", "CVE-2019-19073", "CVE-2019-19074", "CVE-2019-19078"], "modified": "2020-01-20T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2019-3_0-0046_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/133061", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-3.0-0046. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133061);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/20\");\n\n script_cve_id(\n \"CVE-2019-19062\",\n \"CVE-2019-19066\",\n \"CVE-2019-19072\",\n \"CVE-2019-19073\",\n \"CVE-2019-19074\",\n \"CVE-2019-19078\"\n );\n\n script_name(english:\"Photon OS 3.0: Linux PHSA-2019-3.0-0046\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-46.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19078\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 3.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_exists(rpm:\"linux-4.19\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"aarch64\", reference:\"linux-4.19.87-1.ph3\")) flag++;\nif (rpm_exists(rpm:\"linux-4.19\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-4.19.87-1.ph3\")) flag++;\nif (rpm_exists(rpm:\"linux-4.19\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"src\", reference:\"linux-4.19.87-1.ph3.src\")) flag++;\nif (rpm_exists(rpm:\"linux-api-headers-4.19\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-api-headers-4.19.87-1.ph3\")) flag++;\nif (rpm_exists(rpm:\"linux-api-headers-4.19\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"src\", reference:\"linux-api-headers-4.19.87-1.ph3.src\")) flag++;\nif (rpm_exists(rpm:\"linux-aws-4.19\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-aws-4.19.87-1.ph3\")) flag++;\nif (rpm_exists(rpm:\"linux-aws-4.19\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"src\", reference:\"linux-aws-4.19.87-1.ph3.src\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-aws-debuginfo-4.19.87-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-aws-devel-4.19.87-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-aws-docs-4.19.87-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-aws-drivers-gpu-4.19.87-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-aws-hmacgen-4.19.87-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-aws-oprofile-4.19.87-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-aws-sound-4.19.87-1.ph3\")) flag++;\nif (rpm_exists(rpm:\"linux-debuginfo-4.19\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"aarch64\", reference:\"linux-debuginfo-4.19.87-1.ph3\")) flag++;\nif (rpm_exists(rpm:\"linux-debuginfo-4.19\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-debuginfo-4.19.87-1.ph3\")) flag++;\nif (rpm_exists(rpm:\"linux-devel-4.19\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"aarch64\", reference:\"linux-devel-4.19.87-1.ph3\")) flag++;\nif (rpm_exists(rpm:\"linux-devel-4.19\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-devel-4.19.87-1.ph3\")) flag++;\nif (rpm_exists(rpm:\"linux-docs-4.19\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"aarch64\", reference:\"linux-docs-4.19.87-1.ph3\")) flag++;\nif (rpm_exists(rpm:\"linux-docs-4.19\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-docs-4.19.87-1.ph3\")) flag++;\nif (rpm_exists(rpm:\"linux-drivers-gpu-4.19\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"aarch64\", reference:\"linux-drivers-gpu-4.19.87-1.ph3\")) flag++;\nif (rpm_exists(rpm:\"linux-drivers-gpu-4.19\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-drivers-gpu-4.19.87-1.ph3\")) flag++;\nif (rpm_exists(rpm:\"linux-drivers-sound-4.19\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"aarch64\", reference:\"linux-drivers-sound-4.19.87-1.ph3\")) flag++;\nif (rpm_exists(rpm:\"linux-drivers-sound-4.19\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-drivers-sound-4.19.87-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"aarch64\", reference:\"linux-dtb-ls1012afrwy-4.19.87-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"aarch64\", reference:\"linux-dtb-rpi3-4.19.87-1.ph3\")) flag++;\nif (rpm_exists(rpm:\"linux-esx-4.19\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-esx-4.19.87-1.ph3\")) flag++;\nif (rpm_exists(rpm:\"linux-esx-4.19\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"src\", reference:\"linux-esx-4.19.87-1.ph3.src\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-esx-debuginfo-4.19.87-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-esx-devel-4.19.87-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-esx-docs-4.19.87-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-esx-hmacgen-4.19.87-1.ph3\")) flag++;\nif (rpm_exists(rpm:\"linux-hmacgen-4.19\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"aarch64\", reference:\"linux-hmacgen-4.19.87-1.ph3\")) flag++;\nif (rpm_exists(rpm:\"linux-hmacgen-4.19\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-hmacgen-4.19.87-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-oprofile-4.19.87-1.ph3\")) flag++;\nif (rpm_exists(rpm:\"linux-secure-4.19\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-secure-4.19.87-1.ph3\")) flag++;\nif (rpm_exists(rpm:\"linux-secure-4.19\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"src\", reference:\"linux-secure-4.19.87-1.ph3.src\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-secure-debuginfo-4.19.87-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-secure-devel-4.19.87-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-secure-docs-4.19.87-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-secure-hmacgen-4.19.87-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-secure-lkcm-4.19.87-1.ph3\")) flag++;\nif (rpm_exists(rpm:\"linux-tools-4.19\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"aarch64\", reference:\"linux-tools-4.19.87-1.ph3\")) flag++;\nif (rpm_exists(rpm:\"linux-tools-4.19\", release:\"PhotonOS-3.0\") && rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"linux-tools-4.19.87-1.ph3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-27T15:00:34", "description": "Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate meta-data information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-09-02T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : Linux kernel vulnerability (USN-4486-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10323"], "modified": "2023-10-20T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1079-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1113-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1138-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1142-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-189-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-189-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-189-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-189-powerpc-e500mc", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-189-powerpc-smp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-189-powerpc64-emb", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-189-powerpc64-smp", "cpe:/o:canonical:ubuntu_linux:16.04:-:lts"], "id": "UBUNTU_USN-4486-1.NASL", "href": "https://www.tenable.com/plugins/nessus/140184", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4486-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140184);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\"CVE-2018-10323\");\n script_xref(name:\"USN\", value:\"4486-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : Linux kernel vulnerability (USN-4486-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Wen Xu discovered that the XFS filesystem implementation in the Linux\nkernel did not properly validate meta-data information. An attacker\ncould use this to construct a malicious xfs image that, when mounted,\ncould cause a denial of service (system crash).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4486-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10323\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1079-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1113-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1138-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1142-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-189-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-189-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-189-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-189-powerpc-e500mc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-189-powerpc-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-189-powerpc64-emb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-189-powerpc64-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '16.04': {\n '4.4.0': {\n 'generic': '4.4.0-189',\n 'generic-lpae': '4.4.0-189',\n 'lowlatency': '4.4.0-189',\n 'powerpc-e500mc': '4.4.0-189',\n 'powerpc-smp': '4.4.0-189',\n 'powerpc64-emb': '4.4.0-189',\n 'powerpc64-smp': '4.4.0-189',\n 'kvm': '4.4.0-1079',\n 'aws': '4.4.0-1113',\n 'raspi2': '4.4.0-1138',\n 'snapdragon': '4.4.0-1142'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-4486-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2018-10323');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4486-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T16:43:48", "description": "It was discovered that the Broadcom UniMAC MDIO bus controller driver in the Linux kernel did not properly validate device resources. A local attacker could use this to cause a denial of service (system crash).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-04-24T00:00:00", "type": "nessus", "title": "Ubuntu 17.10 : Linux kernel vulnerability (USN-3630-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-8043"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "cpe:/o:canonical:ubuntu_linux:17.10"], "id": "UBUNTU_USN-3630-1.NASL", "href": "https://www.tenable.com/plugins/nessus/109312", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3630-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109312);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2018-8043\");\n script_xref(name:\"USN\", value:\"3630-1\");\n\n script_name(english:\"Ubuntu 17.10 : Linux kernel vulnerability (USN-3630-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the Broadcom UniMAC MDIO bus controller driver\nin the Linux kernel did not properly validate device resources. A\nlocal attacker could use this to cause a denial of service (system\ncrash).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3630-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-8043\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3630-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-4.13.0-1017-raspi2\", pkgver:\"4.13.0-1017.18\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-4.13.0-39-generic\", pkgver:\"4.13.0-39.44\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-4.13.0-39-generic-lpae\", pkgver:\"4.13.0-39.44\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-4.13.0-39-lowlatency\", pkgver:\"4.13.0-39.44\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-generic\", pkgver:\"4.13.0.39.42\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.13.0.39.42\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.13.0.39.42\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-raspi2\", pkgver:\"4.13.0.1017.15\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.13-generic / linux-image-4.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T16:42:08", "description": "USN-3630-1 fixed a vulnerability in the Linux kernel for Ubuntu 17.10.\nThis update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS.\n\nIt was discovered that the Broadcom UniMAC MDIO bus controller driver in the Linux kernel did not properly validate device resources. A local attacker could use this to cause a denial of service (system crash).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-04-24T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerability (USN-3630-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-8043"], "modified": "2023-10-20T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13.0-1013-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13.0-1024-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13.0-39-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13.0-39-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13.0-39-lowlatency", "cpe:/o:canonical:ubuntu_linux:16.04:-:lts"], "id": "UBUNTU_USN-3630-2.NASL", "href": "https://www.tenable.com/plugins/nessus/109313", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3630-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(109313);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\"CVE-2018-8043\");\n script_xref(name:\"USN\", value:\"3630-2\");\n\n script_name(english:\"Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerability (USN-3630-2)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"USN-3630-1 fixed a vulnerability in the Linux kernel for Ubuntu 17.10.\nThis update provides the corresponding updates for the Linux Hardware\nEnablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS.\n\nIt was discovered that the Broadcom UniMAC MDIO bus controller driver\nin the Linux kernel did not properly validate device resources. A\nlocal attacker could use this to cause a denial of service (system\ncrash).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-3630-2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8043\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13.0-1013-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13.0-1024-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13.0-39-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13.0-39-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13.0-39-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '16.04': {\n '4.13.0': {\n 'generic': '4.13.0-39',\n 'generic-lpae': '4.13.0-39',\n 'lowlatency': '4.13.0-39',\n 'gcp': '4.13.0-1013',\n 'oem': '4.13.0-1024'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-3630-2');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2018-8043');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-3630-2');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:06:38", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5802 advisory.\n\n - A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b. (CVE-2019-19054)\n\n - A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042. (CVE-2019-19062)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-08-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5802)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19054", "CVE-2019-19062"], "modified": "2022-01-26T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.48.1.el6uek", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.48.1.el7uek", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2020-5802.NASL", "href": "https://www.tenable.com/plugins/nessus/139541", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5802.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139541);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\"CVE-2019-19054\", \"CVE-2019-19062\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5802)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2020-5802 advisory.\n\n - A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux\n kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering\n kfifo_alloc() failures, aka CID-a7b2df76b42b. (CVE-2019-19054)\n\n - A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through\n 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering\n crypto_report_alg() failures, aka CID-ffdde5932042. (CVE-2019-19062)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5802.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19062\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.48.1.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.48.1.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.8.13-118.48.1.el6uek', '3.8.13-118.48.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-5802');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.8';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'dtrace-modules-3.8.13-118.48.1.el6uek-0.4.5-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.48.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.48.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.48.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.48.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.48.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.48.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'},\n {'reference':'dtrace-modules-3.8.13-118.48.1.el7uek-0.4.5-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.48.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.48.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.48.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.48.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.48.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.48.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dtrace-modules-3.8.13-118.48.1.el6uek / dtrace-modules-3.8.13-118.48.1.el7uek / kernel-uek / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-27T15:00:36", "description": "Chuhong Yuan discovered that go7007 USB audio device driver in the Linux kernel did not properly deallocate memory in some failure conditions. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-20810) Fan Yang discovered that the mremap implementation in the Linux kernel did not properly handle DAX Huge Pages. A local attacker with access to DAX storage could use this to gain administrative privileges.\n(CVE-2020-10757) It was discovered that the Linux kernel did not correctly apply Speculative Store Bypass Disable (SSBD) mitigations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10766) It was discovered that the Linux kernel did not correctly apply Indirect Branch Predictor Barrier (IBPB) mitigations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10767) It was discovered that the Linux kernel could incorrectly enable Indirect Branch Speculation after it has been disabled for a process via a prctl() call. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10768) Luca Bruno discovered that the zram module in the Linux kernel did not properly restrict unprivileged users from accessing the hot_add sysfs file. A local attacker could use this to cause a denial of service (memory exhaustion).\n(CVE-2020-10781) It was discovered that the XFS file system implementation in the Linux kernel did not properly validate meta data in some circumstances. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. (CVE-2020-12655) It was discovered that the bcache subsystem in the Linux kernel did not properly release a lock in some error conditions. A local attacker could possibly use this to cause a denial of service. (CVE-2020-12771) It was discovered that the Virtual Terminal keyboard driver in the Linux kernel contained an integer overflow. A local attacker could possibly use this to have an unspecified impact. (CVE-2020-13974) It was discovered that the cgroup v2 subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. (CVE-2020-14356) Kyungtae Kim discovered that the USB testing driver in the Linux kernel did not properly deallocate memory on disconnect events. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2020-15393) It was discovered that the NFS server implementation in the Linux kernel did not properly honor umask settings when setting permissions while creating file system objects if the underlying file system did not support ACLs. An attacker could possibly use this to expose sensitive information or violate system integrity. (CVE-2020-24394) It was discovered that the Kerberos SUNRPC GSS implementation in the Linux kernel did not properly deallocate memory on module unload. A local privileged attacker could possibly use this to cause a denial of service (memory exhaustion).\n(CVE-2020-12656).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-09-02T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4483-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-20810", "CVE-2020-10757", "CVE-2020-10766", "CVE-2020-10767", "CVE-2020-10768", "CVE-2020-10781", "CVE-2020-12655", "CVE-2020-12656", "CVE-2020-12771", "CVE-2020-13974", "CVE-2020-14356", "CVE-2020-15393", "CVE-2020-24394"], "modified": "2023-10-20T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1016-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1022-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1022-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1022-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1023-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-45-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-45-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-45-lowlatency", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts"], "id": "UBUNTU_USN-4483-1.NASL", "href": "https://www.tenable.com/plugins/nessus/140181", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4483-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140181);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2019-20810\",\n \"CVE-2020-10757\",\n \"CVE-2020-10766\",\n \"CVE-2020-10767\",\n \"CVE-2020-10768\",\n \"CVE-2020-10781\",\n \"CVE-2020-12655\",\n \"CVE-2020-12656\",\n \"CVE-2020-12771\",\n \"CVE-2020-13974\",\n \"CVE-2020-14356\",\n \"CVE-2020-15393\",\n \"CVE-2020-24394\"\n );\n script_xref(name:\"USN\", value:\"4483-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4483-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Chuhong Yuan discovered that go7007 USB audio device driver in the\nLinux kernel did not properly deallocate memory in some failure\nconditions. A physically proximate attacker could use this to cause a\ndenial of service (memory exhaustion). (CVE-2019-20810) Fan Yang\ndiscovered that the mremap implementation in the Linux kernel did not\nproperly handle DAX Huge Pages. A local attacker with access to DAX\nstorage could use this to gain administrative privileges.\n(CVE-2020-10757) It was discovered that the Linux kernel did not\ncorrectly apply Speculative Store Bypass Disable (SSBD) mitigations in\ncertain situations. A local attacker could possibly use this to expose\nsensitive information. (CVE-2020-10766) It was discovered that the\nLinux kernel did not correctly apply Indirect Branch Predictor Barrier\n(IBPB) mitigations in certain situations. A local attacker could\npossibly use this to expose sensitive information. (CVE-2020-10767) It\nwas discovered that the Linux kernel could incorrectly enable Indirect\nBranch Speculation after it has been disabled for a process via a\nprctl() call. A local attacker could possibly use this to expose\nsensitive information. (CVE-2020-10768) Luca Bruno discovered that the\nzram module in the Linux kernel did not properly restrict unprivileged\nusers from accessing the hot_add sysfs file. A local attacker could\nuse this to cause a denial of service (memory exhaustion).\n(CVE-2020-10781) It was discovered that the XFS file system\nimplementation in the Linux kernel did not properly validate meta data\nin some circumstances. An attacker could use this to construct a\nmalicious XFS image that, when mounted, could cause a denial of\nservice. (CVE-2020-12655) It was discovered that the bcache subsystem\nin the Linux kernel did not properly release a lock in some error\nconditions. A local attacker could possibly use this to cause a denial\nof service. (CVE-2020-12771) It was discovered that the Virtual\nTerminal keyboard driver in the Linux kernel contained an integer\noverflow. A local attacker could possibly use this to have an\nunspecified impact. (CVE-2020-13974) It was discovered that the cgroup\nv2 subsystem in the Linux kernel did not properly perform reference\ncounting in some situations, leading to a NULL pointer dereference. A\nlocal attacker could use this to cause a denial of service or possibly\ngain administrative privileges. (CVE-2020-14356) Kyungtae Kim\ndiscovered that the USB testing driver in the Linux kernel did not\nproperly deallocate memory on disconnect events. A physically\nproximate attacker could use this to cause a denial of service (memory\nexhaustion). (CVE-2020-15393) It was discovered that the NFS server\nimplementation in the Linux kernel did not properly honor umask\nsettings when setting permissions while creating file system objects\nif the underlying file system did not support ACLs. An attacker could\npossibly use this to expose sensitive information or violate system\nintegrity. (CVE-2020-24394) It was discovered that the Kerberos SUNRPC\nGSS implementation in the Linux kernel did not properly deallocate\nmemory on module unload. A local privileged attacker could possibly\nuse this to cause a denial of service (memory exhaustion).\n(CVE-2020-12656).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4483-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14356\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1016-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1022-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1022-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1022-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1023-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-45-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-45-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-45-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '18.04': {\n '5.4.0': {\n 'generic': '5.4.0-45',\n 'generic-lpae': '5.4.0-45',\n 'lowlatency': '5.4.0-45',\n 'raspi': '5.4.0-1016',\n 'aws': '5.4.0-1022',\n 'gcp': '5.4.0-1022',\n 'oracle': '5.4.0-1022',\n 'azure': '5.4.0-1023'\n }\n },\n '20.04': {\n '5.4.0': {\n 'generic': '5.4.0-45',\n 'generic-lpae': '5.4.0-45',\n 'lowlatency': '5.4.0-45',\n 'raspi': '5.4.0-1016',\n 'aws': '5.4.0-1022',\n 'gcp': '5.4.0-1022',\n 'oracle': '5.4.0-1022',\n 'azure': '5.4.0-1023'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-4483-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2019-20810', 'CVE-2020-10757', 'CVE-2020-10766', 'CVE-2020-10767', 'CVE-2020-10768', 'CVE-2020-10781', 'CVE-2020-12655', 'CVE-2020-12656', 'CVE-2020-12771', 'CVE-2020-13974', 'CVE-2020-14356', 'CVE-2020-15393', 'CVE-2020-24394');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4483-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:07", "description": "The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5878 advisory.\n\n - A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b. (CVE-2019-19054)\n\n - A flaw was found in the Linux kernels implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14331)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-10T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2020-5878)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19054", "CVE-2020-14331"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2020-5878.NASL", "href": "https://www.tenable.com/plugins/nessus/141364", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5878.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141364);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2019-19054\", \"CVE-2020-14331\");\n\n script_name(english:\"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2020-5878)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-5878 advisory.\n\n - A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux\n kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering\n kfifo_alloc() failures, aka CID-a7b2df76b42b. (CVE-2019-19054)\n\n - A flaw was found in the Linux kernels implementation of the invert video code on VGA consoles when a\n local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds\n write to occur. This flaw allows a local user with access to the VGA console to crash the system,\n potentially escalating their privileges on the system. The highest threat from this vulnerability is to\n data confidentiality and integrity as well as system availability. (CVE-2020-14331)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5878.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14331\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.39-400.325.1.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-5878');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.39-400.325.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-2.6.39-400.325.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.325.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.325.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.325.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.325.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.325.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.325.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-doc-2.6.39-400.325.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.39'},\n {'reference':'kernel-uek-firmware-2.6.39-400.325.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.39'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T15:33:24", "description": "It was discovered that the bcache subsystem in the Linux kernel did not properly release a lock in some error conditions. A local attacker could possibly use this to cause a denial of service. (CVE-2020-12771) Kyungtae Kim discovered that the USB testing driver in the Linux kernel did not properly deallocate memory on disconnect events. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2020-15393).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-08-18T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4463-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12771", "CVE-2020-15393"], "modified": "2023-10-20T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1078-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1112-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1137-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1141-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-187-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-187-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-187-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-187-powerpc-e500mc", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-187-powerpc-smp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-187-powerpc64-emb", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-187-powerpc64-smp", "cpe:/o:canonical:ubuntu_linux:16.04:-:lts"], "id": "UBUNTU_USN-4463-1.NASL", "href": "https://www.tenable.com/plugins/nessus/139662", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4463-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139662);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\"CVE-2020-12771\", \"CVE-2020-15393\");\n script_xref(name:\"USN\", value:\"4463-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4463-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"It was discovered that the bcache subsystem in the Linux kernel did\nnot properly release a lock in some error conditions. A local attacker\ncould possibly use this to cause a denial of service. (CVE-2020-12771)\nKyungtae Kim discovered that the USB testing driver in the Linux\nkernel did not properly deallocate memory on disconnect events. A\nphysically proximate attacker could use this to cause a denial of\nservice (memory exhaustion). (CVE-2020-15393).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4463-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12771\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-15393\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1078-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1112-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1137-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1141-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-187-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-187-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-187-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-187-powerpc-e500mc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-187-powerpc-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-187-powerpc64-emb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-187-powerpc64-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '16.04': {\n '4.4.0': {\n 'generic': '4.4.0-187',\n 'generic-lpae': '4.4.0-187',\n 'lowlatency': '4.4.0-187',\n 'powerpc-e500mc': '4.4.0-187',\n 'powerpc-smp': '4.4.0-187',\n 'powerpc64-emb': '4.4.0-187',\n 'powerpc64-smp': '4.4.0-187',\n 'kvm': '4.4.0-1078',\n 'aws': '4.4.0-1112',\n 'raspi2': '4.4.0-1137',\n 'snapdragon': '4.4.0-1141'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-4463-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2020-12771', 'CVE-2020-15393');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4463-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:55:16", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5526 advisory.\n\n - An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c. (CVE-2019-15917)\n\n - In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out. (CVE-2019-3016)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-01-31T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5526)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-15917", "CVE-2019-3016"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2020-5526.NASL", "href": "https://www.tenable.com/plugins/nessus/133381", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5526.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133381);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2019-3016\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5526)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-5526 advisory.\n\n - An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when\n hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c. (CVE-2019-15917)\n\n - In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory\n locations from another process in the same guest. This problem is limit to the host running linux kernel\n 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel\n CPUs cannot be ruled out. (CVE-2019-3016)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5526.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15917\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.14.35-1902.10.4.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-5526');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.14.35-1902.10.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-4.14.35-1902.10.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-1902.10.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-1902.10.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-1902.10.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-1902.10.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-1902.10.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-1902.10.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-doc-4.14.35-1902.10.4.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.14.35'},\n {'reference':'kernel-uek-headers-4.14.35-1902.10.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-1902.10.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-1902.10.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-libs-4.14.35-1902.10.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-4.14.35'},\n {'reference':'kernel-uek-tools-libs-devel-4.14.35-1902.10.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-devel-4.14.35'},\n {'reference':'perf-4.14.35-1902.10.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.35-1902.10.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T15:34:48", "description": "Timothy Michaud discovered that the i915 graphics driver in the Linux kernel did not properly validate user memory locations for the i915_gem_execbuffer2_ioctl. A local attacker could possibly use this to cause a denial of service or execute arbitrary code.\n(CVE-2018-20669) It was discovered that the Kvaser CAN/USB driver in the Linux kernel did not properly initialize memory in certain situations. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-19947) Chuhong Yuan discovered that go7007 USB audio device driver in the Linux kernel did not properly deallocate memory in some failure conditions. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-20810) It was discovered that the elf handling code in the Linux kernel did not initialize memory before using it in certain situations. A local attacker could use this to possibly expose sensitive information (kernel memory).\n(CVE-2020-10732) It was discovered that the Linux kernel did not correctly apply Speculative Store Bypass Disable (SSBD) mitigations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10766) It was discovered that the Linux kernel did not correctly apply Indirect Branch Predictor Barrier (IBPB) mitigations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10767) It was discovered that the Linux kernel could incorrectly enable Indirect Branch Speculation after it has been disabled for a process via a prctl() call. A local attacker could possibly use this to expose sensitive information. (CVE-2020-10768) Luca Bruno discovered that the zram module in the Linux kernel did not properly restrict unprivileged users from accessing the hot_add sysfs file. A local attacker could use this to cause a denial of service (memory exhaustion).\n(CVE-2020-10781) It was discovered that the XFS file system implementation in the Linux kernel did not properly validate meta data in some circumstances. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. (CVE-2020-12655) It was discovered that the bcache subsystem in the Linux kernel did not properly release a lock in some error conditions. A local attacker could possibly use this to cause a denial of service. (CVE-2020-12771) It was discovered that the Virtual Terminal keyboard driver in the Linux kernel contained an integer overflow. A local attacker could possibly use this to have an unspecified impact. (CVE-2020-13974) Kyungtae Kim discovered that the USB testing driver in the Linux kernel did not properly deallocate memory on disconnect events. A physically proximate attacker could use this to cause a denial of service (memory exhaustion).\n(CVE-2020-15393) It was discovered that the NFS server implementation in the Linux kernel did not properly honor umask settings when setting permissions while creating file system objects if the underlying file system did not support ACLs. An attacker could possibly use this to expose sensitive information or violate system integrity.\n(CVE-2020-24394) It was discovered that the Kerberos SUNRPC GSS implementation in the Linux kernel did not properly deallocate memory on module unload. A local privileged attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2020-12656).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-09-02T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4485-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20669", "CVE-2019-19947", "CVE-2019-20810", "CVE-2020-10732", "CVE-2020-10766", "CVE-2020-10767", "CVE-2020-10768", "CVE-2020-10781", "CVE-2020-12655", "CVE-2020-12656", "CVE-2020-12771", "CVE-2020-13974", "CVE-2020-15393", "CVE-2020-24394"], "modified": "2023-10-20T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1051-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1067-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1068-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1072-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1080-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1081-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1084-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1093-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1094-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-115-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-115-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-115-lowlatency", "cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-4485-1.NASL", "href": "https://www.tenable.com/plugins/nessus/140183", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4485-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140183);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2018-20669\",\n \"CVE-2019-19947\",\n \"CVE-2019-20810\",\n \"CVE-2020-10732\",\n \"CVE-2020-10766\",\n \"CVE-2020-10767\",\n \"CVE-2020-10768\",\n \"CVE-2020-10781\",\n \"CVE-2020-12655\",\n \"CVE-2020-12656\",\n \"CVE-2020-12771\",\n \"CVE-2020-13974\",\n \"CVE-2020-15393\",\n \"CVE-2020-24394\"\n );\n script_xref(name:\"USN\", value:\"4485-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4485-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Timothy Michaud discovered that the i915 graphics driver in the Linux\nkernel did not properly validate user memory locations for the\ni915_gem_execbuffer2_ioctl. A local attacker could possibly use this\nto cause a denial of service or execute arbitrary code.\n(CVE-2018-20669) It was discovered that the Kvaser CAN/USB driver in\nthe Linux kernel did not properly initialize memory in certain\nsituations. A local attacker could possibly use this to expose\nsensitive information (kernel memory). (CVE-2019-19947) Chuhong Yuan\ndiscovered that go7007 USB audio device driver in the Linux kernel did\nnot properly deallocate memory in some failure conditions. A\nphysically proximate attacker could use this to cause a denial of\nservice (memory exhaustion). (CVE-2019-20810) It was discovered that\nthe elf handling code in the Linux kernel did not initialize memory\nbefore using it in certain situations. A local attacker could use this\nto possibly expose sensitive information (kernel memory).\n(CVE-2020-10732) It was discovered that the Linux kernel did not\ncorrectly apply Speculative Store Bypass Disable (SSBD) mitigations in\ncertain situations. A local attacker could possibly use this to expose\nsensitive information. (CVE-2020-10766) It was discovered that the\nLinux kernel did not correctly apply Indirect Branch Predictor Barrier\n(IBPB) mitigations in certain situations. A local attacker could\npossibly use this to expose sensitive information. (CVE-2020-10767) It\nwas discovered that the Linux kernel could incorrectly enable Indirect\nBranch Speculation after it has been disabled for a process via a\nprctl() call. A local attacker could possibly use this to expose\nsensitive information. (CVE-2020-10768) Luca Bruno discovered that the\nzram module in the Linux kernel did not properly restrict unprivileged\nusers from accessing the hot_add sysfs file. A local attacker could\nuse this to cause a denial of service (memory exhaustion).\n(CVE-2020-10781) It was discovered that the XFS file system\nimplementation in the Linux kernel did not properly validate meta data\nin some circumstances. An attacker could use this to construct a\nmalicious XFS image that, when mounted, could cause a denial of\nservice. (CVE-2020-12655) It was discovered that the bcache subsystem\nin the Linux kernel did not properly release a lock in some error\nconditions. A local attacker could possibly use this to cause a denial\nof service. (CVE-2020-12771) It was discovered that the Virtual\nTerminal keyboard driver in the Linux kernel contained an integer\noverflow. A local attacker could possibly use this to have an\nunspecified impact. (CVE-2020-13974) Kyungtae Kim discovered that the\nUSB testing driver in the Linux kernel did not properly deallocate\nmemory on disconnect events. A physically proximate attacker could use\nthis to cause a denial of service (memory exhaustion).\n(CVE-2020-15393) It was discovered that the NFS server implementation\nin the Linux kernel did not properly honor umask settings when setting\npermissions while creating file system objects if the underlying file\nsystem did not support ACLs. An attacker could possibly use this to\nexpose sensitive information or violate system integrity.\n(CVE-2020-24394) It was discovered that the Kerberos SUNRPC GSS\nimplementation in the Linux kernel did not properly deallocate memory\non module unload. A local privileged attacker could possibly use this\nto cause a denial of service (memory exhaustion). (CVE-2020-12656).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4485-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-13974\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1051-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1067-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1068-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1072-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1080-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1081-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1084-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1093-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1094-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-115-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-115-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-115-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release || '18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '16.04': {\n '4.15.0': {\n 'oracle': '4.15.0-1051',\n 'aws': '4.15.0-1080',\n 'gcp': '4.15.0-1081',\n 'azure': '4.15.0-1093'\n }\n },\n '18.04': {\n '4.15.0': {\n 'generic': '4.15.0-115',\n 'generic-lpae': '4.15.0-115',\n 'lowlatency': '4.15.0-115',\n 'oracle': '4.15.0-1051',\n 'gke': '4.15.0-1067',\n 'raspi2': '4.15.0-1068',\n 'kvm': '4.15.0-1072',\n 'aws': '4.15.0-1080',\n 'gcp': '4.15.0-1081',\n 'snapdragon': '4.15.0-1084',\n 'azure': '4.15.0-1093',\n 'oem': '4.15.0-1094'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-4485-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2018-20669', 'CVE-2019-19947', 'CVE-2019-20810', 'CVE-2020-10732', 'CVE-2020-10766', 'CVE-2020-10767', 'CVE-2020-10768', 'CVE-2020-10781', 'CVE-2020-12655', 'CVE-2020-12656', 'CVE-2020-12771', 'CVE-2020-13974', 'CVE-2020-15393', 'CVE-2020-24394');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4485-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:05:14", "description": "The openSUSE Leap 15.2 was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c had a memory leak, aka CID-28ebeb8db770 (bnc#1173514).\n\n - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a deadlock if a coalescing operation fails (bnc#1171732).\n\nThe following non-security bugs were fixed :\n\n - ACPI: configfs: Disallow loading ACPI tables when locked down (git-fixes).\n\n - ACPI: sysfs: Fix pm_profile_attr type (git-fixes).\n\n - aio: fix async fsync creds (bsc#1173828).\n\n - ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table (git-fixes).\n\n - ALSA: hda/hdmi: fix failures at PCM open on Intel ICL and later (git-fixes).\n\n - ALSA: hda/hdmi: improve debug traces for stream lookups (git-fixes).\n\n - ALSA: hda - let hs_mic be picked ahead of hp_mic (git-fixes).\n\n - ALSA: hda/realtek: Add mute LED and micmute LED support for HP systems (git-fixes).\n\n - ALSA: hda/realtek - Add quirk for MSI GE63 laptop (git-fixes).\n\n - ALSA: hda/realtek - Enable audio jacks of Acer vCopperbox with ALC269VC (git-fixes).\n\n - ALSA: hda/realtek: Enable headset mic of Acer C20-820 with ALC269VC (git-fixes).\n\n - ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with ALC269VC (git-fixes).\n\n - ALSA: hda/realtek - Fix Lenovo Thinkpad X1 Carbon 7th quirk subdevice id (git-fixes).\n\n - ALSA: isa/wavefront: prevent out of bounds write in ioctl (git-fixes).\n\n - ALSA: opl3: fix infoleak in opl3 (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for RTX6001 (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for SSL2+ (git-fixes).\n\n - ALSA: usb-audio: add quirk for Denon DCD-1500RE (git-fixes).\n\n - ALSA: usb-audio: add quirk for MacroSilicon MS2109 (git-fixes).\n\n - ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG) (git-fixes).\n\n - ALSA: usb-audio: Fix OOB access of mixer element list (git-fixes).\n\n - ALSA: usb-audio: Fix packet size calculation (bsc#1173847).\n\n - ALSA: usb-audio: Fix potential use-after-free of streams (git-fixes).\n\n - ALSA: usb-audio: Replace s/frame/packet/ where appropriate (git-fixes).\n\n - amdgpu: a NULL ->mm does not mean a thread is a kthread (git-fixes).\n\n - ASoC: core: only convert non DPCM link to DPCM link (git-fixes).\n\n - ASoC: davinci-mcasp: Fix dma_chan refcnt leak when getting dma type (git-fixes).\n\n - ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed (git-fixes).\n\n - ASoC: fsl_ssi: Fix bclk calculation for mono channel (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for Toshiba Encore WT8-A tablet (git-fixes).\n\n - ASoC: max98373: reorder max98373_reset() in resume (git-fixes).\n\n - ASoc: q6afe: add support to get port direction (git-fixes).\n\n - ASoC: q6asm: handle EOS correctly (git-fixes).\n\n - ASoC: qcom: q6asm-dai: kCFI fix (git-fixes).\n\n - ASoC: rockchip: Fix a reference count leak (git-fixes).\n\n - ASoC: SOF: Do nothing when DSP PM callbacks are not set (git-fixes).\n\n - ASoC: SOF: nocodec: conditionally set dpcm_capture/dpcm_playback flags (git-fixes).\n\n - ASoC: tegra: tegra_wm8903: Support nvidia, headset property (git-fixes).\n\n - ASoC: ti: omap-mcbsp: Fix an error handling path in 'asoc_mcbsp_probe()' (git-fixes).\n\n - ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function (git-fixes).\n\n - ath10k: fix kernel NULL pointer dereference (git-fixes).\n\n - ath10k: Fix the race condition in firmware dump work queue (git-fixes).\n\n - b43: Fix connection problem with WPA3 (git-fixes).\n\n - b43_legacy: Fix connection problem with WPA3 (git-fixes).\n\n - backlight: lp855x: Ensure regulators are disabled on probe failure (git-fixes).\n\n - batman-adv: Revert 'disable ethtool link speed detection when auto negotiation off' (git-fixes).\n\n - bdev: fix bdev inode reference count disbalance regression (bsc#1174244)\n\n - block/bio-integrity: do not free 'buf' if bio_integrity_add_page() failed (bsc#1173817).\n\n - block: Fix use-after-free in blkdev_get() (bsc#1173834).\n\n - block: nr_sects_write(): Disable preemption on seqcount write (bsc#1173818).\n\n - Bluetooth: Add SCO fallback for invalid LMP parameters error (git-fixes).\n\n - Bluetooth: btbcm: Add 2 missing models to subver tables (git-fixes).\n\n - bnxt_en: Fix AER reset logic on 57500 chips (bsc#1171150).\n\n - bnxt_en: fix firmware message length endianness (bsc#1173894).\n\n - bnxt_en: Fix return code to 'flash_device' (bsc#1173894).\n\n - bnxt_en: Re-enable SRIOV during resume (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Return from timer if interface is not in open state (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Simplify bnxt_resume() (jsc#SLE-8371 bsc#1153274).\n\n - bpf: Document optval > PAGE_SIZE behavior for sockopt hooks (bsc#1155518).\n\n - bpf: Do not return EINVAL from (get,set)sockopt when optlen > PAGE_SIZE (bsc#1155518).\n\n - bpf: Fix an error code in check_btf_func() (bsc#1154353).\n\n - bpf: Restrict bpf_trace_printk()'s %s usage and add %pks, %pus specifier (bsc#1172344).\n\n - bpf, xdp, samples: Fix NULL pointer dereference in\n *_user code (bsc#1155518).\n\n - brcmfmac: expose RPi firmware config files through modinfo (bsc#1169094).\n\n - bus: ti-sysc: Ignore clockactivity unless specified as a quirk (git-fixes).\n\n - carl9170: remove P2P_GO support (git-fixes).\n\n - cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip (git-fixes).\n\n - clk: qcom: msm8916: Fix the address location of pll->config_reg (git-fixes).\n\n - clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1 (git-fixes).\n\n - clk: sifive: allocate sufficient memory for struct\n __prci_data (git-fixes).\n\n - clk: ti: composite: fix memory leak (git-fixes).\n\n - clk: zynqmp: fix memory leak in zynqmp_register_clocks (git-fixes).\n\n - clocksource: dw_apb_timer: Make CPU-affiliation being optional (git-fixes).\n\n - cpufreq: Fix up cpufreq_boost_set_sw() (git-fixes).\n\n - cpufreq: intel_pstate: Only mention the BIOS disabling turbo mode once (git-fixes).\n\n - cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn (git-fixes).\n\n - cpuidle: Fix three reference count leaks (git-fixes).\n\n - crypto: algif_skcipher - Cap recv SG list at ctx->used (git-fixes).\n\n - crypto - Avoid free() namespace collision (git-fixes).\n\n - Crypto/chcr: fix for ccm(aes) failed test (git-fixes).\n\n - crypto: omap-sham - add proper load balancing support for multicore (git-fixes).\n\n - debugfs: Check module state before warning in (full/open)_proxy_open() (bsc#1173746).\n\n - devlink: fix return value after hitting end in region read (networking-stable-20_05_12).\n\n - devmap: Use bpf_map_area_alloc() for allocating hash buckets (bsc#1154353).\n\n - dm writecache: reject asynchronous pmem devices (bsc#1156395).\n\n - dpaa2-eth: prevent array underflow in update_cls_rule() (networking-stable-20_05_16).\n\n - dpaa2-eth: properly handle buffer size restrictions (networking-stable-20_05_16).\n\n - dpaa_eth: fix usage as DSA master, try 3 (networking-stable-20_05_27).\n\n - drivers: base: Fix NULL pointer exception in\n __platform_driver_probe() if a driver developer is foolish (git-fixes).\n\n - Drivers: hv: Change flag to write log level in panic msg to false (bsc#1170617).\n\n - drm: amd/display: fix Kconfig help text (bsc#1152489) &#9;* context changes\n\n - drm/amd/display: Revalidate bandwidth before commiting DC updates (git-fixes).\n\n - drm/amd: fix potential memleak in err branch (git-fixes).\n\n - drm/amdgpu: add fw release for sdma v5_0 (git-fixes).\n\n - drm/amdgpu: drop redundant cg/pg ungate on runpm enter (git-fixes).\n\n - drm/amdgpu: fix gfx hang during suspend with video playback (v2) (git-fixes).\n\n - drm/amdgpu: fix the hw hang during perform system reboot and reset (git-fixes).\n\n - drm/amdgpu: Init data to avoid oops while reading pp_num_states (git-fixes).\n\n - drm/amdgpu: move kfd suspend after ip_suspend_phase1 (git-fixes).\n\n - drm/amdgpu: Replace invalid device ID with a valid device ID (bsc#1152472)\n\n - drm/amd/powerpay: Disable gfxoff when setting manual mode on picasso and raven (git-fixes).\n\n - drm: bridge: adv7511: Extend list of audio sample rates (git-fixes).\n\n - drm/connector: notify userspace on hotplug after register complete (bsc#1152489) &#9;* context changes\n\n - drm/i915/gt: Do not schedule normal requests immediately along (bsc#1152489)\n\n - drm/i915/gvt: Fix two CFL MMIO handling caused by regression. (bsc#1152489)\n\n - drm/i915/gvt: Fix two CFL MMIO handling caused by regression (git-fixes).\n\n - drm/i915/icl+: Fix hotplug interrupt disabling after storm detection (bsc#1152489)\n\n - drm/msm: Check for powered down HW in the devfreq callbacks (bsc#1152489)\n\n - drm/msm/dpu: fix error return code in dpu_encoder_init (bsc#1152489)\n\n - drm/msm/dpu: fix error return code in dpu_encoder_init (git-fixes).\n\n - drm/msm/mdp5: Fix mdp5_init error path for failed mdp5_kms allocation (git-fixes).\n\n - drm/nouveau/disp/gm200-: fix NV_PDISP_SOR_HDMI2_CTRL(n) selection (git-fixes).\n\n - drm/qxl: Use correct notify port address when creating cursor ring (bsc#1152472)\n\n - drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1152472)\n\n - drm: rcar-du: Fix build error (bsc#1152472)\n\n - drm: sun4i: hdmi: Remove extra HPD polling (bsc#1152489)\n\n - drm: sun4i: hdmi: Remove extra HPD polling (git-fixes).\n\n - e1000: Distribute switch variables for initialization (git-fixes).\n\n - e1000e: Relax condition to trigger reset for ME workaround (git-fixes).\n\n - ext4: avoid utf8_strncasecmp() with unstable name (bsc#1173843).\n\n - ext4: fix error pointer dereference (bsc#1173837).\n\n - ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max (bsc#1173836).\n\n - ext4: fix partial cluster initialization when splitting extent (bsc#1173839).\n\n - ext4: fix race between ext4_sync_parent() and rename() (bsc#1173838).\n\n - ext4, jbd2: ensure panic by fix a race between jbd2 abort and ext4 error handlers (bsc#1173833).\n\n - ext4: stop overwrite the errcode in ext4_setup_super (bsc#1173841).\n\n - fat: do not allow to mount if the FAT length == 0 (bsc#1173831).\n\n - Fix boot crash with MD (bsc#1173860)\n\n - fix multiplication overflow in copy_fdtable() (bsc#1173825).\n\n - fork: prevent accidental access to clone3 features (bsc#1174018).\n\n - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks (networking-stable-20_05_12).\n\n - geneve: allow changing DF behavior after creation (git-fixes).\n\n - geneve: change from tx_error to tx_dropped on missing metadata (git-fixes).\n\n - gfs2: fix glock reference problem in gfs2_trans_remove_revoke (bsc#1173823).\n\n - gfs2: Multi-block allocations in gfs2_page_mkwrite (bsc#1173822).\n\n - gpio: pca953x: fix handling of automatic address incrementing (git-fixes).\n\n - HID: Add quirks for Trust Panora Graphic Tablet (git-fixes).\n\n - hinic: fix a bug of ndo_stop (networking-stable-20_05_16).\n\n - hinic: fix wrong para of wait_for_completion_timeout (networking-stable-20_05_16).\n\n - hv_netvsc: Fix netvsc_start_xmit's return type (git-fixes).\n\n - hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add() (git-fixes).\n\n - hwmon: (k10temp) Add AMD family 17h model 60h PCI match (git-fixes).\n\n - hwmon: (max6697) Make sure the OVERT mask is set correctly (git-fixes).\n\n - hwmon: (pmbus) fix a typo in Kconfig SENSORS_IR35221 option (git-fixes).\n\n - i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665 (git-fixes).\n\n - i2c: core: check returned size of emulated smbus block read (git-fixes).\n\n - i2c: fsi: Fix the port number field in status register (git-fixes).\n\n - i2c: mlxcpld: check correct size of maximum RECV_LEN packet (git-fixes).\n\n - i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets (git-fixes).\n\n - i2c: pxa: clear all master action bits in i2c_pxa_stop_message() (git-fixes).\n\n - i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output (git-fixes).\n\n - IB/rdmavt: Free kernel completion queue when done (bsc#1173625).\n\n - iio: bmp280: fix compensation of humidity (git-fixes).\n\n - input: i8042 - Remove special PowerPC handling (git-fixes).\n\n - ionic: add pcie_print_link_status (bsc#1167773).\n\n - ionic: export features for vlans to use (bsc#1167773).\n\n - ionic: no link check while resetting queues (bsc#1167773).\n\n - ionic: remove support for mgmt device (bsc#1167773).\n\n - ionic: tame the watchdog timer on reconfig (bsc#1167773).\n\n - ionic: wait on queue start until after IFF_UP (bsc#1167773).\n\n - io_uring: use kvfree() in io_sqe_buffer_register() (bsc#1173832).\n\n - ipmi: use vzalloc instead of kmalloc for user creation (git-fixes).\n\n - iwlwifi: mvm: fix aux station leak (git-fixes).\n\n - ixgbe: do not check firmware errors (bsc#1170284).\n\n - jbd2: avoid leaking transaction credits when unreserving handle (bsc#1173845).\n\n - jbd2: Preserve kABI when adding j_abort_mutex (bsc#1173833).\n\n - kABI fixup mtk-vpu: avoid unaligned access to DTCM buffer (git-fixes).\n\n - kabi: hv: prevent struct device_node to become defined (bsc#1172871).\n\n - kABI: protect struct fib_dump_filter (kabi).\n\n - kABI: protect struct mlx5_cmd_work_ent (kabi).\n\n - libceph: do not omit recovery_deletes in target_copy() (git-fixes).\n\n - loop: replace kill_bdev with invalidate_bdev (bsc#1173820).\n\n - media: dvbdev: Fix tuner->demod media controller link (git-fixes).\n\n - media: dvbsky: add support for eyeTV Geniatech T2 lite (bsc#1173776).\n\n - media: dvbsky: add support for Mygica T230C v2 (bsc#1173776).\n\n - media: imx: imx7-mipi-csis: Cleanup and fix subdev pad format handling (git-fixes).\n\n - media: mtk-vpu: avoid unaligned access to DTCM buffer (git-fixes).\n\n - media: ov5640: fix use of destroyed mutex (git-fixes).\n\n - media: si2157: Better check for running tuner in init (git-fixes).\n\n - media: si2168: add support for Mygica T230C v2 (bsc#1173776).\n\n - media: staging: imgu: do not hold spinlock during freeing mmu page table (git-fixes).\n\n - media: staging/intel-ipu3: Implement lock for stream on/off operations (git-fixes).\n\n - media: vicodec: Fix error codes in probe function (git-fixes).\n\n - mfd: wm8994: Fix driver operation if loaded as modules (git-fixes).\n\n - mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly (networking-stable-20_05_12).\n\n - mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk (git-fixes).\n\n - mmc: via-sdmmc: Respect the cmd->busy_timeout from the mmc core (git-fixes).\n\n - mm: fix NUMA node file count error in replace_page_cache() (bsc#1173844).\n\n - mm/memory_hotplug: refrain from adding memory into an impossible node (bsc#1173552).\n\n - mvpp2: remove module bugfix (bsc#1154353).\n\n - namei: only return -ECHILD from follow_dotdot_rcu() (bsc#1173824).\n\n - neigh: send protocol value in neighbor create notification (networking-stable-20_05_12).\n\n - net: core: device_rename: Use rwsem instead of a seqcount (bsc#1162702).\n\n - net: do not return invalid table id error when we fall back to PF_UNSPEC (networking-stable-20_05_27).\n\n - net: dsa: Do not leave DSA master with NULL netdev_ops (networking-stable-20_05_12).\n\n - net: dsa: loop: Add module soft dependency (networking-stable-20_05_16).\n\n - net: dsa: mt7530: fix roaming from DSA user ports (networking-stable-20_05_27).\n\n - net: ethernet: ti: cpsw: fix ASSERT_RTNL() warning during suspend (networking-stable-20_05_27).\n\n - net: fix a potential recursive NETDEV_FEAT_CHANGE (networking-stable-20_05_16).\n\n - __netif_receive_skb_core: pass skb by reference (networking-stable-20_05_27).\n\n - net: inet_csk: Fix so_reuseport bind-address cache in tb->fast* (networking-stable-20_05_27).\n\n - net: ipip: fix wrong address family in init error path (networking-stable-20_05_27).\n\n - net: macb: fix an issue about leak related system resources (networking-stable-20_05_12).\n\n - net: macsec: preserve ingress frame ordering (networking-stable-20_05_12).\n\n - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() (networking-stable-20_05_12).\n\n - net/mlx5: Add command entry handling completion (networking-stable-20_05_27).\n\n - net/mlx5: Disable reload while removing the device (jsc#SLE-8464).\n\n - net/mlx5: DR, Fix freeing in dr_create_rc_qp() (jsc#SLE-8464).\n\n - net/mlx5e: Fix inner tirs handling (networking-stable-20_05_27).\n\n - net/mlx5e: kTLS, Destroy key object after destroying the TIS (networking-stable-20_05_27).\n\n - net/mlx5e: Update netdev txq on completions during closure (networking-stable-20_05_27).\n\n - net/mlx5: Fix command entry leak in Internal Error State (networking-stable-20_05_12).\n\n - net/mlx5: Fix error flow in case of function_setup failure (networking-stable-20_05_27).\n\n - net/mlx5: Fix forced completion access non initialized command entry (networking-stable-20_05_12).\n\n - net/mlx5: Fix memory leak in mlx5_events_init (networking-stable-20_05_27).\n\n - net: mvpp2: cls: Prevent buffer overflow in mvpp2_ethtool_cls_rule_del() (networking-stable-20_05_12).\n\n - net: mvpp2: fix RX hashing for non-10G ports (networking-stable-20_05_27).\n\n - net: mvpp2: prevent buffer overflow in mvpp22_rss_ctx() (networking-stable-20_05_12).\n\n - net: nlmsg_cancel() if put fails for nhmsg (networking-stable-20_05_27).\n\n - net: phy: fix aneg restart in phy_ethtool_set_eee (networking-stable-20_05_16).\n\n - netprio_cgroup: Fix unlimited memory leak of v2 cgroups (networking-stable-20_05_16).\n\n - net: qrtr: Fix passing invalid reference to qrtr_local_enqueue() (networking-stable-20_05_27).\n\n - net sched: fix reporting the first-time use timestamp (networking-stable-20_05_27).\n\n - net_sched: sch_skbprio: add message validation to skbprio_change() (networking-stable-20_05_12).\n\n - net/smc: tolerate future SMCD versions (bsc#1172543 LTC#186069).\n\n - net: stmmac: fix num_por initialization (networking-stable-20_05_16).\n\n - net: stricter validation of untrusted gso packets (networking-stable-20_05_12).\n\n - net: tc35815: Fix phydev supported/advertising mask (networking-stable-20_05_12).\n\n - net: tcp: fix rx timestamp behavior for tcp_recvmsg (networking-stable-20_05_16).\n\n - net/tls: fix race condition causing kernel panic (networking-stable-20_05_27).\n\n - net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict() (networking-stable-20_05_12).\n\n - net/tls: Fix sk_psock refcnt leak when in tls_data_ready() (networking-stable-20_05_12).\n\n - net: usb: qmi_wwan: add support for DW5816e (networking-stable-20_05_12).\n\n - nexthop: Fix attribute checking for groups (networking-stable-20_05_27).\n\n - nfp: abm: fix a memory leak bug (networking-stable-20_05_12).\n\n - nfp: abm: fix error return code in nfp_abm_vnic_alloc() (networking-stable-20_05_16).\n\n - nfsd4: fix nfsdfs reference count loop (git-fixes).\n\n - nfsd: apply umask on fs without ACL support (git-fixes).\n\n - nfsd: fix nfsdfs inode reference count leak (git-fixes).\n\n - NFSv4 fix CLOSE not waiting for direct IO compeletion (git-fixes).\n\n - PCI: aardvark: Do not blindly enable ASPM L0s and do not write to read-only register (git-fixes).\n\n - PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints (git-fixes).\n\n - PCI: Add Loongson vendor ID (git-fixes).\n\n - PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges (git-fixes).\n\n - PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0 (git-fixes).\n\n - PCI: Avoid FLR for AMD Starship USB 3.0 (git-fixes).\n\n - PCI: Do not disable decoding when mmio_always_on is set (git-fixes).\n\n - PCI: dwc: Fix inner MSI IRQ domain registration (git-fixes).\n\n - PCI: hv: Change pci_protocol_version to per-hbus (bsc#1172871).\n\n - PCI: hv: Decouple the func definition in hv_dr_state from VSP message (bsc#1172871).\n\n - PCI: hv: Fix the PCI HyperV probe failure path to release resource properly (bsc#1172871).\n\n - PCI: hv: Introduce hv_msi_entry (bsc#1172871).\n\n - PCI: hv: Move hypercall related definitions into tlfs header (bsc#1172871).\n\n - PCI: hv: Move retarget related structures into tlfs header (bsc#1172871).\n\n - PCI: hv: Reorganize the code in preparation of hibernation (bsc#1172871).\n\n - PCI: hv: Retry PCI bus D0 entry on invalid device state (bsc#1172871).\n\n - PCI: pci-bridge-emul: Fix PCIe bit conflicts (git-fixes).\n\n - PCI: vmd: Add device id for VMD device 8086:9A0B (git-fixes).\n\n - pinctrl: rockchip: fix memleak in rockchip_dt_node_to_map (git-fixes).\n\n - pinctrl: tegra: Use noirq suspend/resume callbacks (git-fixes).\n\n - platform/x86: asus_wmi: Reserve more space for struct bias_args (git-fixes).\n\n - platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32() (git-fixes).\n\n - platform/x86: intel-hid: Add a quirk to support HP Spectre X2 (2015) (git-fixes).\n\n - pNFS/flexfiles: Fix list corruption if the mirror count changes (git-fixes).\n\n - pppoe: only process PADT targeted at local interfaces (networking-stable-20_05_16).\n\n - proc: Use new_inode not new_inode_pseudo (bsc#1173830).\n\n - pwm: img: Call pm_runtime_put() in pm_runtime_get_sync() failed case (git-fixes).\n\n - RDMA/core: Check that type_attrs is not NULL prior access (jsc#SLE-8449).\n\n - regualtor: pfuze100: correct sw1a/sw2 on pfuze3000 (git-fixes).\n\n - remoteproc: qcom_q6v5_mss: map/unmap mpss segments before/after use (git-fixes).\n\n - Revert commit e918e570415c ('tpm_tis: Remove the HID IFX0102') (git-fixes).\n\n - Revert 'i2c: tegra: Fix suspending in active runtime PM state' (git-fixes).\n\n - Revert 'ipv6: add mtu lock check in\n __ip6_rt_update_pmtu' (networking-stable-20_05_16).\n\n - ring-buffer: Zero out time extend if it is nested and not absolute (git-fixes).\n\n - sata_rcar: handle pm_runtime_get_sync failure cases (git-fixes).\n\n - sch_choke: avoid potential panic in choke_reset() (networking-stable-20_05_12).\n\n - sched: Fix loadavg accounting race (bnc#1155798 (CPU scheduler functional and performance backports)).\n\n - sched: Fix race against ptrace_freeze_trace() (bsc#1174345).\n\n - sch_sfq: validate silly quantum values (networking-stable-20_05_12).\n\n - scsi: lpfc: Add an internal trace log buffer (bsc#1172687 bsc#1171530).\n\n - scsi: lpfc: Add blk_io_poll support for latency improvment (bsc#1172687 bsc#1171530).\n\n - scsi: lpfc: Add support to display if adapter dumps are available (bsc#1172687 bsc#1171530).\n\n - scsi: lpfc: Allow applications to issue Common Set Features mailbox command (bsc#1172687 bsc#1171530).\n\n - scsi: lpfc: Fix inconsistent indenting (bsc#1172687 bsc#1171530).\n\n - scsi: lpfc: Fix interrupt assignments when multiple vectors are supported on same CPU (bsc#1172687 bsc#1171530).\n\n - scsi: lpfc: Fix kdump hang on PPC (bsc#1172687 bsc#1171530).\n\n - scsi: lpfc: Fix language in 0373 message to reflect non-error message (bsc#1172687 bsc#1171530).\n\n - scsi: lpfc: Fix less-than-zero comparison of unsigned value (bsc#1172687 bsc#1171530).\n\n - scsi: lpfc: Fix missing MDS functionality (bsc#1172687 bsc#1171530).\n\n - scsi: lpfc: Fix NVMe rport deregister and registration during ADISC (bsc#1172687 bsc#1171530).\n\n - scsi: lpfc: Fix oops due to overrun when reading SLI3 data (bsc#1172687 bsc#1171530).\n\n - scsi: lpfc: Fix shost refcount mismatch when deleting vport (bsc#1172687 bsc#1171530).\n\n - scsi: lpfc: Fix stack trace seen while setting rrq active (bsc#1172687 bsc#1171530).\n\n - scsi: lpfc: Fix unused assignment in lpfc_sli4_bsg_link_diag_test (bsc#1172687 bsc#1171530).\n\n - scsi: lpfc: Update lpfc version to 12.8.0.2 (bsc#1172687 bsc#1171530).\n\n - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983).\n\n - sctp: Do not add the shutdown timer if its already been added (networking-stable-20_05_27).\n\n - sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed (networking-stable-20_05_27).\n\n - selftests/bpf: Make sure optvals > PAGE_SIZE are bypassed (bsc#1155518).\n\n - signal: Avoid corrupting si_pid and si_uid in do_notify_parent (bsc#1171529).\n\n - slimbus: ngd: get drvdata from correct device (git-fixes).\n\n - socionext: account for napi_gro_receive never returning GRO_DROP (bsc#1154353).\n\n - spi: dw: Enable interrupts in accordance with DMA xfer mode (git-fixes).\n\n - spi: dw: Fix Rx-only DMA transfers (git-fixes).\n\n - spi: dw: Return any value retrieved from the dma_transfer callback (git-fixes).\n\n - spi: pxa2xx: Apply CS clk quirk to BXT (git-fixes).\n\n - spi: sprd: switch the sequence of setting WDG_LOAD_LOW and _HIGH (git-fixes).\n\n - Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate() (git-fixes).\n\n - sunrpc: fixed rollback in rpc_gssd_dummy_populate() (git-fixes).\n\n - SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment() (git-fixes).\n\n - tcp: fix error recovery in tcp_zerocopy_receive() (networking-stable-20_05_16).\n\n - tcp: fix SO_RCVLOWAT hangs with fat skbs (networking-stable-20_05_16).\n\n - tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes (bsc#1173284).\n\n - thermal/drivers/mediatek: Fix bank number settings on mt8183 (git-fixes).\n\n - thermal/drivers/rcar_gen3: Fix undefined temperature if negative (git-fixes).\n\n - thermal/drivers/ti-soc-thermal: Avoid dereferencing ERR_PTR (git-fixes).\n\n - tipc: block BH before using dst_cache (networking-stable-20_05_27).\n\n - tipc: fix partial topology connection closure (networking-stable-20_05_12).\n\n - tpm: Fix TIS locality timeout problems (git-fixes).\n\n - tpm_tis: Remove the HID IFX0102 (git-fixes).\n\n - tracing: Fix event trigger to accept redundant spaces (git-fixes).\n\n - tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040 (networking-stable-20_05_12).\n\n - ubifs: fix wrong use of crypto_shash_descsize() (bsc#1173827).\n\n - ubifs: remove broken lazytime support (bsc#1173826).\n\n - Update patch reference tag for ACPI lockdown fix (bsc#1173573)\n\n - usb: add USB_QUIRK_DELAY_INIT for Logitech C922 (git-fixes).\n\n - usb/ehci-platform: Set PM runtime as active on resume (git-fixes).\n\n - USB: ehci: reopen solution for Synopsys HC bug (git-fixes).\n\n - usb: gadget: udc: Potential Oops in error handling code (git-fixes).\n\n - usb: host: ehci-exynos: Fix error check in exynos_ehci_probe() (git-fixes).\n\n - usb: host: ehci-platform: add a quirk to avoid stuck (git-fixes).\n\n - usb: host: xhci-mtk: avoid runtime suspend when removing hcd (git-fixes).\n\n - usblp: poison URBs upon disconnect (git-fixes).\n\n - usb/ohci-platform: Fix a warning when hibernating (git-fixes).\n\n - USB: ohci-sm501: Add missed iounmap() in remove (git-fixes).\n\n - usb: renesas_usbhs: getting residue from callback_result (git-fixes).\n\n - USB: serial: ch341: add basis for quirk detection (git-fixes).\n\n - usb: typec: tcpci_rt1711h: avoid screaming irq causing boot hangs (git-fixes).\n\n - usb/xhci-plat: Set PM runtime as active on resume (git-fixes).\n\n - video: vt8500lcdfb: fix fallthrough warning (bsc#1152489)\n\n - virtio_net: fix lockdep warning on 32 bit (networking-stable-20_05_16).\n\n - watchdog: da9062: No need to ping manually before setting timeout (git-fixes).\n\n - wil6210: account for napi_gro_receive never returning GRO_DROP (bsc#1154353).\n\n - wil6210: add wil_netif_rx() helper function (bsc#1154353).\n\n - wil6210: use after free in wil_netif_rx_any() (bsc#1154353).\n\n - x86/amd_nb: Add AMD family 17h model 60h PCI IDs (git-fixes).\n\n - xhci: Fix enumeration issue when setting max packet size for FS devices (git-fixes).\n\n - xhci: Fix incorrect EP_STATE_MASK (git-fixes).\n\n - xhci: Poll for U0 after disabling USB2 LPM (git-fixes).\n\n - xhci: Return if xHCI does not support LPM (git-fixes).\n\n - xprtrdma: Fix handling of RDMA_ERROR replies (git-fixes).", "cvss3": {}, "published": "2020-07-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2020-1062)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12771", "CVE-2020-15393"], "modified": "2020-07-30T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-rebuild", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-preempt", "p-cpe:/a:novell:opensuse:kernel-preempt-debuginfo", "p-cpe:/a:novell:opensuse:kernel-preempt-debugsource", "p-cpe:/a:novell:opensuse:kernel-preempt-devel", "p-cpe:/a:novell:opensuse:kernel-preempt-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-1062.NASL", "href": "https://www.tenable.com/plugins/nessus/138986", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1062.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138986);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/30\");\n\n script_cve_id(\"CVE-2020-12771\", \"CVE-2020-15393\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2020-1062)\");\n script_summary(english:\"Check for the openSUSE-2020-1062 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The openSUSE Leap 15.2 was updated to receive various security and\nbugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-15393: usbtest_disconnect in\n drivers/usb/misc/usbtest.c had a memory leak, aka\n CID-28ebeb8db770 (bnc#1173514).\n\n - CVE-2020-12771: btree_gc_coalesce in\n drivers/md/bcache/btree.c had a deadlock if a coalescing\n operation fails (bnc#1171732).\n\nThe following non-security bugs were fixed :\n\n - ACPI: configfs: Disallow loading ACPI tables when locked\n down (git-fixes).\n\n - ACPI: sysfs: Fix pm_profile_attr type (git-fixes).\n\n - aio: fix async fsync creds (bsc#1173828).\n\n - ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to\n patch table (git-fixes).\n\n - ALSA: hda/hdmi: fix failures at PCM open on Intel ICL\n and later (git-fixes).\n\n - ALSA: hda/hdmi: improve debug traces for stream lookups\n (git-fixes).\n\n - ALSA: hda - let hs_mic be picked ahead of hp_mic\n (git-fixes).\n\n - ALSA: hda/realtek: Add mute LED and micmute LED support\n for HP systems (git-fixes).\n\n - ALSA: hda/realtek - Add quirk for MSI GE63 laptop\n (git-fixes).\n\n - ALSA: hda/realtek - Enable audio jacks of Acer\n vCopperbox with ALC269VC (git-fixes).\n\n - ALSA: hda/realtek: Enable headset mic of Acer C20-820\n with ALC269VC (git-fixes).\n\n - ALSA: hda/realtek: Enable headset mic of Acer Veriton\n N4660G with ALC269VC (git-fixes).\n\n - ALSA: hda/realtek - Fix Lenovo Thinkpad X1 Carbon 7th\n quirk subdevice id (git-fixes).\n\n - ALSA: isa/wavefront: prevent out of bounds write in\n ioctl (git-fixes).\n\n - ALSA: opl3: fix infoleak in opl3 (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for RTX6001\n (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for SSL2+\n (git-fixes).\n\n - ALSA: usb-audio: add quirk for Denon DCD-1500RE\n (git-fixes).\n\n - ALSA: usb-audio: add quirk for MacroSilicon MS2109\n (git-fixes).\n\n - ALSA: usb-audio: add quirk for Samsung USBC Headset\n (AKG) (git-fixes).\n\n - ALSA: usb-audio: Fix OOB access of mixer element list\n (git-fixes).\n\n - ALSA: usb-audio: Fix packet size calculation\n (bsc#1173847).\n\n - ALSA: usb-audio: Fix potential use-after-free of streams\n (git-fixes).\n\n - ALSA: usb-audio: Replace s/frame/packet/ where\n appropriate (git-fixes).\n\n - amdgpu: a NULL ->mm does not mean a thread is a kthread\n (git-fixes).\n\n - ASoC: core: only convert non DPCM link to DPCM link\n (git-fixes).\n\n - ASoC: davinci-mcasp: Fix dma_chan refcnt leak when\n getting dma type (git-fixes).\n\n - ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA\n channel failed (git-fixes).\n\n - ASoC: fsl_ssi: Fix bclk calculation for mono channel\n (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for Toshiba Encore\n WT8-A tablet (git-fixes).\n\n - ASoC: max98373: reorder max98373_reset() in resume\n (git-fixes).\n\n - ASoc: q6afe: add support to get port direction\n (git-fixes).\n\n - ASoC: q6asm: handle EOS correctly (git-fixes).\n\n - ASoC: qcom: q6asm-dai: kCFI fix (git-fixes).\n\n - ASoC: rockchip: Fix a reference count leak (git-fixes).\n\n - ASoC: SOF: Do nothing when DSP PM callbacks are not set\n (git-fixes).\n\n - ASoC: SOF: nocodec: conditionally set\n dpcm_capture/dpcm_playback flags (git-fixes).\n\n - ASoC: tegra: tegra_wm8903: Support nvidia, headset\n property (git-fixes).\n\n - ASoC: ti: omap-mcbsp: Fix an error handling path in\n 'asoc_mcbsp_probe()' (git-fixes).\n\n - ata/libata: Fix usage of page address by page_address in\n ata_scsi_mode_select_xlat function (git-fixes).\n\n - ath10k: fix kernel NULL pointer dereference (git-fixes).\n\n - ath10k: Fix the race condition in firmware dump work\n queue (git-fixes).\n\n - b43: Fix connection problem with WPA3 (git-fixes).\n\n - b43_legacy: Fix connection problem with WPA3\n (git-fixes).\n\n - backlight: lp855x: Ensure regulators are disabled on\n probe failure (git-fixes).\n\n - batman-adv: Revert 'disable ethtool link speed detection\n when auto negotiation off' (git-fixes).\n\n - bdev: fix bdev inode reference count disbalance\n regression (bsc#1174244)\n\n - block/bio-integrity: do not free 'buf' if\n bio_integrity_add_page() failed (bsc#1173817).\n\n - block: Fix use-after-free in blkdev_get() (bsc#1173834).\n\n - block: nr_sects_write(): Disable preemption on seqcount\n write (bsc#1173818).\n\n - Bluetooth: Add SCO fallback for invalid LMP parameters\n error (git-fixes).\n\n - Bluetooth: btbcm: Add 2 missing models to subver tables\n (git-fixes).\n\n - bnxt_en: Fix AER reset logic on 57500 chips\n (bsc#1171150).\n\n - bnxt_en: fix firmware message length endianness\n (bsc#1173894).\n\n - bnxt_en: Fix return code to 'flash_device'\n (bsc#1173894).\n\n - bnxt_en: Re-enable SRIOV during resume (jsc#SLE-8371\n bsc#1153274).\n\n - bnxt_en: Return from timer if interface is not in open\n state (jsc#SLE-8371 bsc#1153274).\n\n - bnxt_en: Simplify bnxt_resume() (jsc#SLE-8371\n bsc#1153274).\n\n - bpf: Document optval > PAGE_SIZE behavior for sockopt\n hooks (bsc#1155518).\n\n - bpf: Do not return EINVAL from (get,set)sockopt when\n optlen > PAGE_SIZE (bsc#1155518).\n\n - bpf: Fix an error code in check_btf_func()\n (bsc#1154353).\n\n - bpf: Restrict bpf_trace_printk()'s %s usage and add\n %pks, %pus specifier (bsc#1172344).\n\n - bpf, xdp, samples: Fix NULL pointer dereference in\n *_user code (bsc#1155518).\n\n - brcmfmac: expose RPi firmware config files through\n modinfo (bsc#1169094).\n\n - bus: ti-sysc: Ignore clockactivity unless specified as a\n quirk (git-fixes).\n\n - carl9170: remove P2P_GO support (git-fixes).\n\n - cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip\n (git-fixes).\n\n - clk: qcom: msm8916: Fix the address location of\n pll->config_reg (git-fixes).\n\n - clk: samsung: exynos5433: Add IGNORE_UNUSED flag to\n sclk_i2s1 (git-fixes).\n\n - clk: sifive: allocate sufficient memory for struct\n __prci_data (git-fixes).\n\n - clk: ti: composite: fix memory leak (git-fixes).\n\n - clk: zynqmp: fix memory leak in zynqmp_register_clocks\n (git-fixes).\n\n - clocksource: dw_apb_timer: Make CPU-affiliation being\n optional (git-fixes).\n\n - cpufreq: Fix up cpufreq_boost_set_sw() (git-fixes).\n\n - cpufreq: intel_pstate: Only mention the BIOS disabling\n turbo mode once (git-fixes).\n\n - cpufreq: powernv: Fix frame-size-overflow in\n powernv_cpufreq_work_fn (git-fixes).\n\n - cpuidle: Fix three reference count leaks (git-fixes).\n\n - crypto: algif_skcipher - Cap recv SG list at ctx->used\n (git-fixes).\n\n - crypto - Avoid free() namespace collision (git-fixes).\n\n - Crypto/chcr: fix for ccm(aes) failed test (git-fixes).\n\n - crypto: omap-sham - add proper load balancing support\n for multicore (git-fixes).\n\n - debugfs: Check module state before warning in\n (full/open)_proxy_open() (bsc#1173746).\n\n - devlink: fix return value after hitting end in region\n read (networking-stable-20_05_12).\n\n - devmap: Use bpf_map_area_alloc() for allocating hash\n buckets (bsc#1154353).\n\n - dm writecache: reject asynchronous pmem devices\n (bsc#1156395).\n\n - dpaa2-eth: prevent array underflow in update_cls_rule()\n (networking-stable-20_05_16).\n\n - dpaa2-eth: properly handle buffer size restrictions\n (networking-stable-20_05_16).\n\n - dpaa_eth: fix usage as DSA master, try 3\n (networking-stable-20_05_27).\n\n - drivers: base: Fix NULL pointer exception in\n __platform_driver_probe() if a driver developer is\n foolish (git-fixes).\n\n - Drivers: hv: Change flag to write log level in panic msg\n to false (bsc#1170617).\n\n - drm: amd/display: fix Kconfig help text (bsc#1152489)\n &#9;* context changes\n\n - drm/amd/display: Revalidate bandwidth before commiting\n DC updates (git-fixes).\n\n - drm/amd: fix potential memleak in err branch\n (git-fixes).\n\n - drm/amdgpu: add fw release for sdma v5_0 (git-fixes).\n\n - drm/amdgpu: drop redundant cg/pg ungate on runpm enter\n (git-fixes).\n\n - drm/amdgpu: fix gfx hang during suspend with video\n playback (v2) (git-fixes).\n\n - drm/amdgpu: fix the hw hang during perform system reboot\n and reset (git-fixes).\n\n - drm/amdgpu: Init data to avoid oops while reading\n pp_num_states (git-fixes).\n\n - drm/amdgpu: move kfd suspend after ip_suspend_phase1\n (git-fixes).\n\n - drm/amdgpu: Replace invalid device ID with a valid\n device ID (bsc#1152472)\n\n - drm/amd/powerpay: Disable gfxoff when setting manual\n mode on picasso and raven (git-fixes).\n\n - drm: bridge: adv7511: Extend list of audio sample rates\n (git-fixes).\n\n - drm/connector: notify userspace on hotplug after\n register complete (bsc#1152489) &#9;* context changes\n\n - drm/i915/gt: Do not schedule normal requests immediately\n along (bsc#1152489)\n\n - drm/i915/gvt: Fix two CFL MMIO handling caused by\n regression. (bsc#1152489)\n\n - drm/i915/gvt: Fix two CFL MMIO handling caused by\n regression (git-fixes).\n\n - drm/i915/icl+: Fix hotplug interrupt disabling after\n storm detection (bsc#1152489)\n\n - drm/msm: Check for powered down HW in the devfreq\n callbacks (bsc#1152489)\n\n - drm/msm/dpu: fix error return code in dpu_encoder_init\n (bsc#1152489)\n\n - drm/msm/dpu: fix error return code in dpu_encoder_init\n (git-fixes).\n\n - drm/msm/mdp5: Fix mdp5_init error path for failed\n mdp5_kms allocation (git-fixes).\n\n - drm/nouveau/disp/gm200-: fix NV_PDISP_SOR_HDMI2_CTRL(n)\n selection (git-fixes).\n\n - drm/qxl: Use correct notify port address when creating\n cursor ring (bsc#1152472)\n\n - drm/radeon: fix fb_div check in ni_init_smc_spll_table()\n (bsc#1152472)\n\n - drm: rcar-du: Fix build error (bsc#1152472)\n\n - drm: sun4i: hdmi: Remove extra HPD polling (bsc#1152489)\n\n - drm: sun4i: hdmi: Remove extra HPD polling (git-fixes).\n\n - e1000: Distribute switch variables for initialization\n (git-fixes).\n\n - e1000e: Relax condition to trigger reset for ME\n workaround (git-fixes).\n\n - ext4: avoid utf8_strncasecmp() with unstable name\n (bsc#1173843).\n\n - ext4: fix error pointer dereference (bsc#1173837).\n\n - ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed\n eh_max (bsc#1173836).\n\n - ext4: fix partial cluster initialization when splitting\n extent (bsc#1173839).\n\n - ext4: fix race between ext4_sync_parent() and rename()\n (bsc#1173838).\n\n - ext4, jbd2: ensure panic by fix a race between jbd2\n abort and ext4 error handlers (bsc#1173833).\n\n - ext4: stop overwrite the errcode in ext4_setup_super\n (bsc#1173841).\n\n - fat: do not allow to mount if the FAT length == 0\n (bsc#1173831).\n\n - Fix boot crash with MD (bsc#1173860)\n\n - fix multiplication overflow in copy_fdtable()\n (bsc#1173825).\n\n - fork: prevent accidental access to clone3 features\n (bsc#1174018).\n\n - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks\n (networking-stable-20_05_12).\n\n - geneve: allow changing DF behavior after creation\n (git-fixes).\n\n - geneve: change from tx_error to tx_dropped on missing\n metadata (git-fixes).\n\n - gfs2: fix glock reference problem in\n gfs2_trans_remove_revoke (bsc#1173823).\n\n - gfs2: Multi-block allocations in gfs2_page_mkwrite\n (bsc#1173822).\n\n - gpio: pca953x: fix handling of automatic address\n incrementing (git-fixes).\n\n - HID: Add quirks for Trust Panora Graphic Tablet\n (git-fixes).\n\n - hinic: fix a bug of ndo_stop\n (networking-stable-20_05_16).\n\n - hinic: fix wrong para of wait_for_completion_timeout\n (networking-stable-20_05_16).\n\n - hv_netvsc: Fix netvsc_start_xmit's return type\n (git-fixes).\n\n - hwmon: (acpi_power_meter) Fix potential memory leak in\n acpi_power_meter_add() (git-fixes).\n\n - hwmon: (k10temp) Add AMD family 17h model 60h PCI match\n (git-fixes).\n\n - hwmon: (max6697) Make sure the OVERT mask is set\n correctly (git-fixes).\n\n - hwmon: (pmbus) fix a typo in Kconfig SENSORS_IR35221\n option (git-fixes).\n\n - i2c: algo-pca: Add 0x78 as SCL stuck low status for\n PCA9665 (git-fixes).\n\n - i2c: core: check returned size of emulated smbus block\n read (git-fixes).\n\n - i2c: fsi: Fix the port number field in status register\n (git-fixes).\n\n - i2c: mlxcpld: check correct size of maximum RECV_LEN\n packet (git-fixes).\n\n - i2c: piix4: Detect secondary SMBus controller on AMD AM4\n chipsets (git-fixes).\n\n - i2c: pxa: clear all master action bits in\n i2c_pxa_stop_message() (git-fixes).\n\n - i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output\n (git-fixes).\n\n - IB/rdmavt: Free kernel completion queue when done\n (bsc#1173625).\n\n - iio: bmp280: fix compensation of humidity (git-fixes).\n\n - input: i8042 - Remove special PowerPC handling\n (git-fixes).\n\n - ionic: add pcie_print_link_status (bsc#1167773).\n\n - ionic: export features for vlans to use (bsc#1167773).\n\n - ionic: no link check while resetting queues\n (bsc#1167773).\n\n - ionic: remove support for mgmt device (bsc#1167773).\n\n - ionic: tame the watchdog timer on reconfig\n (bsc#1167773).\n\n - ionic: wait on queue start until after IFF_UP\n (bsc#1167773).\n\n - io_uring: use kvfree() in io_sqe_buffer_register()\n (bsc#1173832).\n\n - ipmi: use vzalloc instead of kmalloc for user creation\n (git-fixes).\n\n - iwlwifi: mvm: fix aux station leak (git-fixes).\n\n - ixgbe: do not check firmware errors (bsc#1170284).\n\n - jbd2: avoid leaking transaction credits when unreserving\n handle (bsc#1173845).\n\n - jbd2: Preserve kABI when adding j_abort_mutex\n (bsc#1173833).\n\n - kABI fixup mtk-vpu: avoid unaligned access to DTCM\n buffer (git-fixes).\n\n - kabi: hv: prevent struct device_node to become defined\n (bsc#1172871).\n\n - kABI: protect struct fib_dump_filter (kabi).\n\n - kABI: protect struct mlx5_cmd_work_ent (kabi).\n\n - libceph: do not omit recovery_deletes in target_copy()\n (git-fixes).\n\n - loop: replace kill_bdev with invalidate_bdev\n (bsc#1173820).\n\n - media: dvbdev: Fix tuner->demod media controller link\n (git-fixes).\n\n - media: dvbsky: add support for eyeTV Geniatech T2 lite\n (bsc#1173776).\n\n - media: dvbsky: add support for Mygica T230C v2\n (bsc#1173776).\n\n - media: imx: imx7-mipi-csis: Cleanup and fix subdev pad\n format handling (git-fixes).\n\n - media: mtk-vpu: avoid unaligned access to DTCM buffer\n (git-fixes).\n\n - media: ov5640: fix use of destroyed mutex (git-fixes).\n\n - media: si2157: Better check for running tuner in init\n (git-fixes).\n\n - media: si2168: add support for Mygica T230C v2\n (bsc#1173776).\n\n - media: staging: imgu: do not hold spinlock during\n freeing mmu page table (git-fixes).\n\n - media: staging/intel-ipu3: Implement lock for stream\n on/off operations (git-fixes).\n\n - media: vicodec: Fix error codes in probe function\n (git-fixes).\n\n - mfd: wm8994: Fix driver operation if loaded as modules\n (git-fixes).\n\n - mlxsw: spectrum_acl_tcam: Position vchunk in a vregion\n list properly (networking-stable-20_05_12).\n\n - mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12\n quirk (git-fixes).\n\n - mmc: via-sdmmc: Respect the cmd->busy_timeout from the\n mmc core (git-fixes).\n\n - mm: fix NUMA node file count error in\n replace_page_cache() (bsc#1173844).\n\n - mm/memory_hotplug: refrain from adding memory into an\n impossible node (bsc#1173552).\n\n - mvpp2: remove module bugfix (bsc#1154353).\n\n - namei: only return -ECHILD from follow_dotdot_rcu()\n (bsc#1173824).\n\n - neigh: send protocol value in neighbor create\n notification (networking-stable-20_05_12).\n\n - net: core: device_rename: Use rwsem instead of a\n seqcount (bsc#1162702).\n\n - net: do not return invalid table id error when we fall\n back to PF_UNSPEC (networking-stable-20_05_27).\n\n - net: dsa: Do not leave DSA master with NULL netdev_ops\n (networking-stable-20_05_12).\n\n - net: dsa: loop: Add module soft dependency\n (networking-stable-20_05_16).\n\n - net: dsa: mt7530: fix roaming from DSA user ports\n (networking-stable-20_05_27).\n\n - net: ethernet: ti: cpsw: fix ASSERT_RTNL() warning\n during suspend (networking-stable-20_05_27).\n\n - net: fix a potential recursive NETDEV_FEAT_CHANGE\n (networking-stable-20_05_16).\n\n - __netif_receive_skb_core: pass skb by reference\n (networking-stable-20_05_27).\n\n - net: inet_csk: Fix so_reuseport bind-address cache in\n tb->fast* (networking-stable-20_05_27).\n\n - net: ipip: fix wrong address family in init error path\n (networking-stable-20_05_27).\n\n - net: macb: fix an issue about leak related system\n resources (networking-stable-20_05_12).\n\n - net: macsec: preserve ingress frame ordering\n (networking-stable-20_05_12).\n\n - net/mlx4_core: Fix use of ENOSPC around\n mlx4_counter_alloc() (networking-stable-20_05_12).\n\n - net/mlx5: Add command entry handling completion\n (networking-stable-20_05_27).\n\n - net/mlx5: Disable reload while removing the device\n (jsc#SLE-8464).\n\n - net/mlx5: DR, Fix freeing in dr_create_rc_qp()\n (jsc#SLE-8464).\n\n - net/mlx5e: Fix inner tirs handling\n (networking-stable-20_05_27).\n\n - net/mlx5e: kTLS, Destroy key object after destroying the\n TIS (networking-stable-20_05_27).\n\n - net/mlx5e: Update netdev txq on completions during\n closure (networking-stable-20_05_27).\n\n - net/mlx5: Fix command entry leak in Internal Error State\n (networking-stable-20_05_12).\n\n - net/mlx5: Fix error flow in case of function_setup\n failure (networking-stable-20_05_27).\n\n - net/mlx5: Fix forced completion access non initialized\n command entry (networking-stable-20_05_12).\n\n - net/mlx5: Fix memory leak in mlx5_events_init\n (networking-stable-20_05_27).\n\n - net: mvpp2: cls: Prevent buffer overflow in\n mvpp2_ethtool_cls_rule_del()\n (networking-stable-20_05_12).\n\n - net: mvpp2: fix RX hashing for non-10G ports\n (networking-stable-20_05_27).\n\n - net: mvpp2: prevent buffer overflow in mvpp22_rss_ctx()\n (networking-stable-20_05_12).\n\n - net: nlmsg_cancel() if put fails for nhmsg\n (networking-stable-20_05_27).\n\n - net: phy: fix aneg restart in phy_ethtool_set_eee\n (networking-stable-20_05_16).\n\n - netprio_cgroup: Fix unlimited memory leak of v2 cgroups\n (networking-stable-20_05_16).\n\n - net: qrtr: Fix passing invalid reference to\n qrtr_local_enqueue() (networking-stable-20_05_27).\n\n - net sched: fix reporting the first-time use timestamp\n (networking-stable-20_05_27).\n\n - net_sched: sch_skbprio: add message validation to\n skbprio_change() (networking-stable-20_05_12).\n\n - net/smc: tolerate future SMCD versions (bsc#1172543\n LTC#186069).\n\n - net: stmmac: fix num_por initialization\n (networking-stable-20_05_16).\n\n - net: stricter validation of untrusted gso packets\n (networking-stable-20_05_12).\n\n - net: tc35815: Fix phydev supported/advertising mask\n (networking-stable-20_05_12).\n\n - net: tcp: fix rx timestamp behavior for tcp_recvmsg\n (networking-stable-20_05_16).\n\n - net/tls: fix race condition causing kernel panic\n (networking-stable-20_05_27).\n\n - net/tls: Fix sk_psock refcnt leak in\n bpf_exec_tx_verdict() (networking-stable-20_05_12).\n\n - net/tls: Fix sk_psock refcnt leak when in\n tls_data_ready() (networking-stable-20_05_12).\n\n - net: usb: qmi_wwan: add support for DW5816e\n (networking-stable-20_05_12).\n\n - nexthop: Fix attribute checking for groups\n (networking-stable-20_05_27).\n\n - nfp: abm: fix a memory leak bug\n (networking-stable-20_05_12).\n\n - nfp: abm: fix error return code in nfp_abm_vnic_alloc()\n (networking-stable-20_05_16).\n\n - nfsd4: fix nfsdfs reference count loop (git-fixes).\n\n - nfsd: apply umask on fs without ACL support (git-fixes).\n\n - nfsd: fix nfsdfs inode reference count leak (git-fixes).\n\n - NFSv4 fix CLOSE not waiting for direct IO compeletion\n (git-fixes).\n\n - PCI: aardvark: Do not blindly enable ASPM L0s and do not\n write to read-only register (git-fixes).\n\n - PCI: Add ACS quirk for Intel Root Complex Integrated\n Endpoints (git-fixes).\n\n - PCI: Add Loongson vendor ID (git-fixes).\n\n - PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X\n Bridges (git-fixes).\n\n - PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0\n (git-fixes).\n\n - PCI: Avoid FLR for AMD Starship USB 3.0 (git-fixes).\n\n - PCI: Do not disable decoding when mmio_always_on is set\n (git-fixes).\n\n - PCI: dwc: Fix inner MSI IRQ domain registration\n (git-fixes).\n\n - PCI: hv: Change pci_protocol_version to per-hbus\n (bsc#1172871).\n\n - PCI: hv: Decouple the func definition in hv_dr_state\n from VSP message (bsc#1172871).\n\n - PCI: hv: Fix the PCI HyperV probe failure path to\n release resource properly (bsc#1172871).\n\n - PCI: hv: Introduce hv_msi_entry (bsc#1172871).\n\n - PCI: hv: Move hypercall related definitions into tlfs\n header (bsc#1172871).\n\n - PCI: hv: Move retarget related structures into tlfs\n header (bsc#1172871).\n\n - PCI: hv: Reorganize the code in preparation of\n hibernation (bsc#1172871).\n\n - PCI: hv: Retry PCI bus D0 entry on invalid device state\n (bsc#1172871).\n\n - PCI: pci-bridge-emul: Fix PCIe bit conflicts\n (git-fixes).\n\n - PCI: vmd: Add device id for VMD device 8086:9A0B\n (git-fixes).\n\n - pinctrl: rockchip: fix memleak in\n rockchip_dt_node_to_map (git-fixes).\n\n - pinctrl: tegra: Use noirq suspend/resume callbacks\n (git-fixes).\n\n - platform/x86: asus_wmi: Reserve more space for struct\n bias_args (git-fixes).\n\n - platform/x86: hp-wmi: Convert simple_strtoul() to\n kstrtou32() (git-fixes).\n\n - platform/x86: intel-hid: Add a quirk to support HP\n Spectre X2 (2015) (git-fixes).\n\n - pNFS/flexfiles: Fix list corruption if the mirror count\n changes (git-fixes).\n\n - pppoe: only process PADT targeted at local interfaces\n (networking-stable-20_05_16).\n\n - proc: Use new_inode not new_inode_pseudo (bsc#1173830).\n\n - pwm: img: Call pm_runtime_put() in pm_runtime_get_sync()\n failed case (git-fixes).\n\n - RDMA/core: Check that type_attrs is not NULL prior\n access (jsc#SLE-8449).\n\n - regualtor: pfuze100: correct sw1a/sw2 on pfuze3000\n (git-fixes).\n\n - remoteproc: qcom_q6v5_mss: map/unmap mpss segments\n before/after use (git-fixes).\n\n - Revert commit e918e570415c ('tpm_tis: Remove the HID\n IFX0102') (git-fixes).\n\n - Revert 'i2c: tegra: Fix suspending in active runtime PM\n state' (git-fixes).\n\n - Revert 'ipv6: add mtu lock check in\n __ip6_rt_update_pmtu' (networking-stable-20_05_16).\n\n - ring-buffer: Zero out time extend if it is nested and\n not absolute (git-fixes).\n\n - sata_rcar: handle pm_runtime_get_sync failure cases\n (git-fixes).\n\n - sch_choke: avoid potential panic in choke_reset()\n (networking-stable-20_05_12).\n\n - sched: Fix loadavg accounting race (bnc#1155798 (CPU\n scheduler functional and performance backports)).\n\n - sched: Fix race against ptrace_freeze_trace()\n (bsc#1174345).\n\n - sch_sfq: validate silly quantum values\n (networking-stable-20_05_12).\n\n - scsi: lpfc: Add an internal trace log buffer\n (bsc#1172687 bsc#1171530).\n\n - scsi: lpfc: Add blk_io_poll support for latency\n improvment (bsc#1172687 bsc#1171530).\n\n - scsi: lpfc: Add support to display if adapter dumps are\n available (bsc#1172687 bsc#1171530).\n\n - scsi: lpfc: Allow applications to issue Common Set\n Features mailbox command (bsc#1172687 bsc#1171530).\n\n - scsi: lpfc: Fix inconsistent indenting (bsc#1172687\n bsc#1171530).\n\n - scsi: lpfc: Fix interrupt assignments when multiple\n vectors are supported on same CPU (bsc#1172687\n bsc#1171530).\n\n - scsi: lpfc: Fix kdump hang on PPC (bsc#1172687\n bsc#1171530).\n\n - scsi: lpfc: Fix language in 0373 message to reflect\n non-error message (bsc#1172687 bsc#1171530).\n\n - scsi: lpfc: Fix less-than-zero comparison of unsigned\n value (bsc#1172687 bsc#1171530).\n\n - scsi: lpfc: Fix missing MDS functionality (bsc#1172687\n bsc#1171530).\n\n - scsi: lpfc: Fix NVMe rport deregister and registration\n during ADISC (bsc#1172687 bsc#1171530).\n\n - scsi: lpfc: Fix oops due to overrun when reading SLI3\n data (bsc#1172687 bsc#1171530).\n\n - scsi: lpfc: Fix shost refcount mismatch when deleting\n vport (bsc#1172687 bsc#1171530).\n\n - scsi: lpfc: Fix stack trace seen while setting rrq\n active (bsc#1172687 bsc#1171530).\n\n - scsi: lpfc: Fix unused assignment in\n lpfc_sli4_bsg_link_diag_test (bsc#1172687 bsc#1171530).\n\n - scsi: lpfc: Update lpfc version to 12.8.0.2 (bsc#1172687\n bsc#1171530).\n\n - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP\n request (bsc#1158983).\n\n - sctp: Do not add the shutdown timer if its already been\n added (networking-stable-20_05_27).\n\n - sctp: Start shutdown on association restart if in\n SHUTDOWN-SENT state and socket is closed\n (networking-stable-20_05_27).\n\n - selftests/bpf: Make sure optvals > PAGE_SIZE are\n bypassed (bsc#1155518).\n\n - signal: Avoid corrupting si_pid and si_uid in\n do_notify_parent (bsc#1171529).\n\n - slimbus: ngd: get drvdata from correct device\n (git-fixes).\n\n - socionext: account for napi_gro_receive never returning\n GRO_DROP (bsc#1154353).\n\n - spi: dw: Enable interrupts in accordance with DMA xfer\n mode (git-fixes).\n\n - spi: dw: Fix Rx-only DMA transfers (git-fixes).\n\n - spi: dw: Return any value retrieved from the\n dma_transfer callback (git-fixes).\n\n - spi: pxa2xx: Apply CS clk quirk to BXT (git-fixes).\n\n - spi: sprd: switch the sequence of setting WDG_LOAD_LOW\n and _HIGH (git-fixes).\n\n - Staging: rtl8723bs: prevent buffer overflow in\n update_sta_support_rate() (git-fixes).\n\n - sunrpc: fixed rollback in rpc_gssd_dummy_populate()\n (git-fixes).\n\n - SUNRPC: Properly set the @subbuf parameter of\n xdr_buf_subsegment() (git-fixes).\n\n - tcp: fix error recovery in tcp_zerocopy_receive()\n (networking-stable-20_05_16).\n\n - tcp: fix SO_RCVLOWAT hangs with fat skbs\n (networking-stable-20_05_16).\n\n - tg3: driver sleeps indefinitely when EEH errors exceed\n eeh_max_freezes (bsc#1173284).\n\n - thermal/drivers/mediatek: Fix bank number settings on\n mt8183 (git-fixes).\n\n - thermal/drivers/rcar_gen3: Fix undefined temperature if\n negative (git-fixes).\n\n - thermal/drivers/ti-soc-thermal: Avoid dereferencing\n ERR_PTR (git-fixes).\n\n - tipc: block BH before using dst_cache\n (networking-stable-20_05_27).\n\n - tipc: fix partial topology connection closure\n (networking-stable-20_05_12).\n\n - tpm: Fix TIS locality timeout problems (git-fixes).\n\n - tpm_tis: Remove the HID IFX0102 (git-fixes).\n\n - tracing: Fix event trigger to accept redundant spaces\n (git-fixes).\n\n - tunnel: Propagate ECT(1) when decapsulating as\n recommended by RFC6040 (networking-stable-20_05_12).\n\n - ubifs: fix wrong use of crypto_shash_descsize()\n (bsc#1173827).\n\n - ubifs: remove broken lazytime support (bsc#1173826).\n\n - Update patch reference tag for ACPI lockdown fix\n (bsc#1173573)\n\n - usb: add USB_QUIRK_DELAY_INIT for Logitech C922\n (git-fixes).\n\n - usb/ehci-platform: Set PM runtime as active on resume\n (git-fixes).\n\n - USB: ehci: reopen solution for Synopsys HC bug\n (git-fixes).\n\n - usb: gadget: udc: Potential Oops in error handling code\n (git-fixes).\n\n - usb: host: ehci-exynos: Fix error check in\n exynos_ehci_probe() (git-fixes).\n\n - usb: host: ehci-platform: add a quirk to avoid stuck\n (git-fixes).\n\n - usb: host: xhci-mtk: avoid runtime suspend when removing\n hcd (git-fixes).\n\n - usblp: poison URBs upon disconnect (git-fixes).\n\n - usb/ohci-platform: Fix a warning when hibernating\n (git-fixes).\n\n - USB: ohci-sm501: Add missed iounmap() in remove\n (git-fixes).\n\n - usb: renesas_usbhs: getting residue from callback_result\n (git-fixes).\n\n - USB: serial: ch341: add basis for quirk detection\n (git-fixes).\n\n - usb: typec: tcpci_rt1711h: avoid screaming irq causing\n boot hangs (git-fixes).\n\n - usb/xhci-plat: Set PM runtime as active on resume\n (git-fixes).\n\n - video: vt8500lcdfb: fix fallthrough warning\n (bsc#1152489)\n\n - virtio_net: fix lockdep warning on 32 bit\n (networking-stable-20_05_16).\n\n - watchdog: da9062: No need to ping manually before\n setting timeout (git-fixes).\n\n - wil6210: account for napi_gro_receive never returning\n GRO_DROP (bsc#1154353).\n\n - wil6210: add wil_netif_rx() helper function\n (bsc#1154353).\n\n - wil6210: use after free in wil_netif_rx_any()\n (bsc#1154353).\n\n - x86/amd_nb: Add AMD family 17h model 60h PCI IDs\n (git-fixes).\n\n - xhci: Fix enumeration issue when setting max packet size\n for FS devices (git-fixes).\n\n - xhci: Fix incorrect EP_STATE_MASK (git-fixes).\n\n - xhci: Poll for U0 after disabling USB2 LPM (git-fixes).\n\n - xhci: Return if xHCI does not support LPM (git-fixes).\n\n - xprtrdma: Fix handling of RDMA_ERROR replies\n (git-fixes).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152489\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153274\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1155518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1155798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1156395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1158983\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1162702\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1167773\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1170284\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1170617\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171150\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171529\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171530\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172344\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172687\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173284\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173552\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173776\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173823\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173826\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173828\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173833\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173836\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173838\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173839\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173841\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173845\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173860\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173894\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174345\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-rebuild\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-5.3.18-lp152.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-debuginfo-5.3.18-lp152.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-debugsource-5.3.18-lp152.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-devel-5.3.18-lp152.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-devel-debuginfo-5.3.18-lp152.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-5.3.18-lp152.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-base-5.3.18-lp152.33.1.lp152.8.4.4\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-base-rebuild-5.3.18-lp152.33.1.lp152.8.4.4\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-debuginfo-5.3.18-lp152.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-debugsource-5.3.18-lp152.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-devel-5.3.18-lp152.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-devel-debuginfo-5.3.18-lp152.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-devel-5.3.18-lp152.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-docs-html-5.3.18-lp152.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-5.3.18-lp152.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-debuginfo-5.3.18-lp152.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-debugsource-5.3.18-lp152.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-devel-5.3.18-lp152.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-devel-debuginfo-5.3.18-lp152.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-macros-5.3.18-lp152.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-obs-build-5.3.18-lp152.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-obs-build-debugsource-5.3.18-lp152.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-obs-qa-5.3.18-lp152.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-5.3.18-lp152.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-debuginfo-5.3.18-lp152.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-debugsource-5.3.18-lp152.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-devel-5.3.18-lp152.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-devel-debuginfo-5.3.18-lp152.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-source-5.3.18-lp152.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-source-vanilla-5.3.18-lp152.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-syms-5.3.18-lp152.33.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-debuginfo / kernel-debug-debugsource / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-11T15:47:38", "description": "This update corrects a regression in some Xen virtual machine environments. For reference the original advisory text follows.\n\nSeveral vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service or information leaks.\n\nCVE-2019-9445\n\nA potential out-of-bounds read was discovered in the F2FS implementation. A user permitted to mount and access arbitrary filesystems could potentially use this to cause a denial of service (crash) or to read sensitive information.\n\nCVE-2019-19073, CVE-2019-19074\n\nNavid Emamdoost discovered potential memory leaks in the ath9k and ath9k_htc drivers. The security impact of these is unclear.\n\nCVE-2019-19448\n\n'Team bobfuzzer' reported a bug in Btrfs that could lead to a use-after-free, and could be triggered by crafted filesystem images. A user permitted to mount and access arbitrary filesystems could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2020-12351\n\nAndy Nguyen discovered a flaw in the Bluetooth implementation in the way L2CAP packets with A2MP CID are handled. A remote attacker within a short distance, knowing the victim's Bluetooth device address, can send a malicious l2cap packet and cause a denial of service or possibly arbitrary code execution with kernel privileges.\n\nCVE-2020-12352\n\nAndy Nguyen discovered a flaw in the Bluetooth implementation. Stack memory is not properly initialised when handling certain AMP packets.\nA remote attacker within a short distance, knowing the victim's Bluetooth device address address, can retrieve kernel stack information.\n\nCVE-2020-12655\n\nZheng Bin reported that crafted XFS volumes could trigger a system hang. An attacker able to mount such a volume could use this to cause a denial of service.\n\nCVE-2020-12771\n\nZhiqiang Liu reported a bug in the bcache block driver that could lead to a system hang. The security impact of this is unclear.\n\nCVE-2020-12888\n\nIt was discovered that the PCIe Virtual Function I/O (vfio-pci) driver allowed users to disable a device's memory space while it was still mapped into a process. On some hardware platforms, local users or guest virtual machines permitted to access PCIe Virtual Functions could use this to cause a denial of service (hardware error and crash).\n\nCVE-2020-14305\n\nVasily Averin of Virtuozzo discovered a potential heap buffer overflow in the netfilter nf_contrack_h323 module. When this module is used to perform connection tracking for TCP/IPv6, a remote attacker could use this to cause a denial of service (crash or memory corruption) or possibly for remote code execution with kernel privilege.\n\nCVE-2020-14314\n\nA bug was discovered in the ext4 filesystem that could lead to an out-of-bound read. A local user permitted to mount and access arbitrary filesystem images could use this to cause a denial of service (crash).\n\nCVE-2020-14331\n\nA bug was discovered in the VGA console driver's soft-scrollback feature that could lead to a heap buffer overflow. On a system with a custom kernel that has CONFIG_VGACON_SOFT_SCROLLBACK enabled, a local user with access to a console could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2020-14356, CVE-2020-25220\n\nA bug was discovered in the cgroup subsystem's handling of socket references to cgroups. In some cgroup configurations, this could lead to a use-after-free. A local user might be able to use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nThe original fix for this bug introudced a new security issue, which is also addressed in this update.\n\nCVE-2020-14386\n\nOr Cohen discovered a bug in the packet socket (AF_PACKET) implementation which could lead to a heap buffer overflow. A local user with the CAP_NET_RAW capability (in any user namespace) could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2020-14390\n\nMinh Yuan discovered a bug in the framebuffer console driver's scrollback feature that could lead to a heap buffer overflow. On a system using framebuffer consoles, a local user with access to a console could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nThe scrollback feature has been disabled for now, as no other fix was available for this issue.\n\nCVE-2020-15393\n\nKyungtae Kim reported a memory leak in the usbtest driver. The security impact of this is unclear.\n\nCVE-2020-16166\n\nAmit Klein reported that the random number generator used by the network stack might not be re-seeded for long periods of time, making e.g. client port number allocations more predictable. This made it easier for remote attackers to carry out some network- based attacks such as DNS cache poisoning or device tracking.\n\nCVE-2020-24490\n\nAndy Nguyen discovered a flaw in the Bluetooth implementation that can lead to a heap buffer overflow. On systems with a Bluetooth 5 hardware interface, a remote attacker within a short distance can use this to cause a denial of service (crash or memory corruption) or possibly for remote code execution with kernel privilege.\n\nCVE-2020-25211\n\nA flaw was discovered in netfilter subsystem. A local attacker able to inject conntrack Netlink configuration can cause a denial of service.\n\nCVE-2020-25212\n\nA bug was discovered in the NFSv4 client implementation that could lead to a heap buffer overflow. A malicious NFS server could use this to cause a denial of service (crash or memory corruption) or possibly to execute arbitrary code on the client.\n\nCVE-2020-25284\n\nIt was discovered that the Rados block device (rbd) driver allowed tasks running as uid 0 to add and remove rbd devices, even if they dropped capabilities. On a system with the rbd driver loaded, this might allow privilege escalation from a container with a task running as root.\n\nCVE-2020-25285\n\nA race condition was discovered in the hugetlb filesystem's sysctl handlers, that could lead to stack corruption. A local user permitted to write to hugepages sysctls could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation. By default only the root user can do this.\n\nCVE-2020-25641\n\nThe syzbot tool found a bug in the block layer that could lead to an infinite loop. A local user with access to a raw block device could use this to cause a denial of service (unbounded CPU use and possible system hang).\n\nCVE-2020-25643\n\nChenNan Of Chaitin Security Research Lab discovered a flaw in the hdlc_ppp module. Improper input validation in the ppp_cp_parse_cr() function may lead to memory corruption and information disclosure.\n\nCVE-2020-26088\n\nIt was discovered that the NFC (Near Field Communication) socket implementation allowed any user to create raw sockets. On a system with an NFC interface, this allowed local users to evade local network security policy.\n\nFor Debian 9 stretch, these problems have been fixed in version 4.9.240-1. This update additionally includes many more bug fixes from stable updates 4.9.229-4.9.240 inclusive.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-11-02T00:00:00", "type": "nessus", "title": "Debian DLA-2420-2 : linux regression update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19073", "CVE-2019-19074", "CVE-2019-19448", "CVE-2019-9445", "CVE-2020-12351", "CVE-2020-12352", "CVE-2020-12655", "CVE-2020-12771", "CVE-2020-12888", "CVE-2020-14305", "CVE-2020-14314", "CVE-2020-14331", "CVE-2020-14356", "CVE-2020-14386", "CVE-2020-14390", "CVE-2020-15393", "CVE-2020-16166", "CVE-2020-24490", "CVE-2020-25211", "CVE-2020-25212", "CVE-2020-25220", "CVE-2020-25284", "CVE-2020-25285", "CVE-2020-25641", "CVE-2020-25643", "CVE-2020-26088"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:hyperv-daemons", "p-cpe:/a:debian:debian_linux:libcpupower-dev", "p-cpe:/a:debian:debian_linux:libcpupower1", "p-cpe:/a:debian:debian_linux:libusbip-dev", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-arm", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-s390", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-x86", "p-cpe:/a:debian:debian_linux:linux-cpupower", "p-cpe:/a:debian:debian_linux:linux-doc-4.9", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-octeon", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-s390x", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips64el", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mipsel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-ppc64el", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-s390x", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-loongson-3", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-marvell", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x-dbg", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.9", "p-cpe:/a:debian:debian_linux:linux-libc-dev", "p-cpe:/a:debian:debian_linux:linux-manual-4.9", "p-cpe:/a:debian:debian_linux:linux-perf-4.9", "p-cpe:/a:debian:debian_linux:linux-source-4.9", "p-cpe:/a:debian:debian_linux:linux-support-4.9.0-9", "p-cpe:/a:debian:debian_linux:usbip", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2420.NASL", "href": "https://www.tenable.com/plugins/nessus/142176", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2420-2. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142176);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2019-19073\", \"CVE-2019-19074\", \"CVE-2019-19448\", \"CVE-2019-9445\", \"CVE-2020-12351\", \"CVE-2020-12352\", \"CVE-2020-12655\", \"CVE-2020-12771\", \"CVE-2020-12888\", \"CVE-2020-14305\", \"CVE-2020-14314\", \"CVE-2020-14331\", \"CVE-2020-14356\", \"CVE-2020-14386\", \"CVE-2020-14390\", \"CVE-2020-15393\", \"CVE-2020-16166\", \"CVE-2020-24490\", \"CVE-2020-25211\", \"CVE-2020-25212\", \"CVE-2020-25220\", \"CVE-2020-25284\", \"CVE-2020-25285\", \"CVE-2020-25641\", \"CVE-2020-25643\", \"CVE-2020-26088\");\n\n script_name(english:\"Debian DLA-2420-2 : linux regression update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update corrects a regression in some Xen virtual machine\nenvironments. For reference the original advisory text follows.\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service or information leaks.\n\nCVE-2019-9445\n\nA potential out-of-bounds read was discovered in the F2FS\nimplementation. A user permitted to mount and access arbitrary\nfilesystems could potentially use this to cause a denial of service\n(crash) or to read sensitive information.\n\nCVE-2019-19073, CVE-2019-19074\n\nNavid Emamdoost discovered potential memory leaks in the ath9k and\nath9k_htc drivers. The security impact of these is unclear.\n\nCVE-2019-19448\n\n'Team bobfuzzer' reported a bug in Btrfs that could lead to a\nuse-after-free, and could be triggered by crafted filesystem images. A\nuser permitted to mount and access arbitrary filesystems could use\nthis to cause a denial of service (crash or memory corruption) or\npossibly for privilege escalation.\n\nCVE-2020-12351\n\nAndy Nguyen discovered a flaw in the Bluetooth implementation in the\nway L2CAP packets with A2MP CID are handled. A remote attacker within\na short distance, knowing the victim's Bluetooth device address, can\nsend a malicious l2cap packet and cause a denial of service or\npossibly arbitrary code execution with kernel privileges.\n\nCVE-2020-12352\n\nAndy Nguyen discovered a flaw in the Bluetooth implementation. Stack\nmemory is not properly initialised when handling certain AMP packets.\nA remote attacker within a short distance, knowing the victim's\nBluetooth device address address, can retrieve kernel stack\ninformation.\n\nCVE-2020-12655\n\nZheng Bin reported that crafted XFS volumes could trigger a system\nhang. An attacker able to mount such a volume could use this to cause\na denial of service.\n\nCVE-2020-12771\n\nZhiqiang Liu reported a bug in the bcache block driver that could lead\nto a system hang. The security impact of this is unclear.\n\nCVE-2020-12888\n\nIt was discovered that the PCIe Virtual Function I/O (vfio-pci) driver\nallowed users to disable a device's memory space while it was still\nmapped into a process. On some hardware platforms, local users or\nguest virtual machines permitted to access PCIe Virtual Functions\ncould use this to cause a denial of service (hardware error and\ncrash).\n\nCVE-2020-14305\n\nVasily Averin of Virtuozzo discovered a potential heap buffer overflow\nin the netfilter nf_contrack_h323 module. When this module is used to\nperform connection tracking for TCP/IPv6, a remote attacker could use\nthis to cause a denial of service (crash or memory corruption) or\npossibly for remote code execution with kernel privilege.\n\nCVE-2020-14314\n\nA bug was discovered in the ext4 filesystem that could lead to an\nout-of-bound read. A local user permitted to mount and access\narbitrary filesystem images could use this to cause a denial of\nservice (crash).\n\nCVE-2020-14331\n\nA bug was discovered in the VGA console driver's soft-scrollback\nfeature that could lead to a heap buffer overflow. On a system with a\ncustom kernel that has CONFIG_VGACON_SOFT_SCROLLBACK enabled, a local\nuser with access to a console could use this to cause a denial of\nservice (crash or memory corruption) or possibly for privilege\nescalation.\n\nCVE-2020-14356, CVE-2020-25220\n\nA bug was discovered in the cgroup subsystem's handling of socket\nreferences to cgroups. In some cgroup configurations, this could lead\nto a use-after-free. A local user might be able to use this to cause a\ndenial of service (crash or memory corruption) or possibly for\nprivilege escalation.\n\nThe original fix for this bug introudced a new security\nissue, which is also addressed in this update.\n\nCVE-2020-14386\n\nOr Cohen discovered a bug in the packet socket (AF_PACKET)\nimplementation which could lead to a heap buffer overflow. A local\nuser with the CAP_NET_RAW capability (in any user namespace) could use\nthis to cause a denial of service (crash or memory corruption) or\npossibly for privilege escalation.\n\nCVE-2020-14390\n\nMinh Yuan discovered a bug in the framebuffer console driver's\nscrollback feature that could lead to a heap buffer overflow. On a\nsystem using framebuffer consoles, a local user with access to a\nconsole could use this to cause a denial of service (crash or memory\ncorruption) or possibly for privilege escalation.\n\nThe scrollback feature has been disabled for now, as no\nother fix was available for this issue.\n\nCVE-2020-15393\n\nKyungtae Kim reported a memory leak in the usbtest driver. The\nsecurity impact of this is unclear.\n\nCVE-2020-16166\n\nAmit Klein reported that the random number generator used by the\nnetwork stack might not be re-seeded for long periods of time, making\ne.g. client port number allocations more predictable. This made it\neasier for remote attackers to carry out some network- based attacks\nsuch as DNS cache poisoning or device tracking.\n\nCVE-2020-24490\n\nAndy Nguyen discovered a flaw in the Bluetooth implementation that can\nlead to a heap buffer overflow. On systems with a Bluetooth 5 hardware\ninterface, a remote attacker within a short distance can use this to\ncause a denial of service (crash or memory corruption) or possibly for\nremote code execution with kernel privilege.\n\nCVE-2020-25211\n\nA flaw was discovered in netfilter subsystem. A local attacker able to\ninject conntrack Netlink configuration can cause a denial of service.\n\nCVE-2020-25212\n\nA bug was discovered in the NFSv4 client implementation that could\nlead to a heap buffer overflow. A malicious NFS server could use this\nto cause a denial of service (crash or memory corruption) or possibly\nto execute arbitrary code on the client.\n\nCVE-2020-25284\n\nIt was discovered that the Rados block device (rbd) driver allowed\ntasks running as uid 0 to add and remove rbd devices, even if they\ndropped capabilities. On a system with the rbd driver loaded, this\nmight allow privilege escalation from a container with a task running\nas root.\n\nCVE-2020-25285\n\nA race condition was discovered in the hugetlb filesystem's sysctl\nhandlers, that could lead to stack corruption. A local user permitted\nto write to hugepages sysctls could use this to cause a denial of\nservice (crash or memory corruption) or possibly for privilege\nescalation. By default only the root user can do this.\n\nCVE-2020-25641\n\nThe syzbot tool found a bug in the block layer that could lead to an\ninfinite loop. A local user with access to a raw block device could\nuse this to cause a denial of service (unbounded CPU use and possible\nsystem hang).\n\nCVE-2020-25643\n\nChenNan Of Chaitin Security Research Lab discovered a flaw in the\nhdlc_ppp module. Improper input validation in the ppp_cp_parse_cr()\nfunction may lead to memory corruption and information disclosure.\n\nCVE-2020-26088\n\nIt was discovered that the NFC (Near Field Communication) socket\nimplementation allowed any user to create raw sockets. On a system\nwith an NFC interface, this allowed local users to evade local network\nsecurity policy.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.9.240-1. This update additionally includes many more bug fixes from\nstable updates 4.9.229-4.9.240 inclusive.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security\ntracker page at: https://security-tracker.debian.org/tracker/linux\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14305\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:hyperv-daemons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libusbip-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-cpupower\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips64el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mipsel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-ppc64el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-manual-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.9.0-9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usbip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"hyperv-daemons\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower-dev\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower1\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libusbip-dev\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-arm\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-s390\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-x86\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-cpupower\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.9\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-4kc-malta\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-5kc-malta\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686-pae\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-amd64\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-arm64\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armel\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armhf\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-i386\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips64el\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mipsel\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-ppc64el\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-s390x\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-amd64\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-arm64\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp-lpae\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common-rt\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-loongson-3\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-marvell\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-octeon\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-powerpc64le\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-686-pae\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-amd64\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-s390x\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta-dbg\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta-dbg\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-dbg\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae-dbg\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64-dbg\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64-dbg\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-dbg\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae-dbg\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3-dbg\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell-dbg\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon-dbg\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le-dbg\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae-dbg\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64-dbg\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x-dbg\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.9\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-libc-dev\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-manual-4.9\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.9\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.9\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.9.0-9\", reference:\"4.9.240-2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"usbip\", reference:\"4.9.240-2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:45", "description": "The v4.16.8 update contains important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-01-03T00:00:00", "type": "nessus", "title": "Fedora 28 : kernel (2018-ac3b4c7605)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10322", "CVE-2018-10323"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-AC3B4C7605.NASL", "href": "https://www.tenable.com/plugins/nessus/120700", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-ac3b4c7605.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120700);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-10322\", \"CVE-2018-10323\");\n script_xref(name:\"FEDORA\", value:\"2018-ac3b4c7605\");\n\n script_name(english:\"Fedora 28 : kernel (2018-ac3b4c7605)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The v4.16.8 update contains important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-ac3b4c7605\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-10322\", \"CVE-2018-10323\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2018-ac3b4c7605\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"kernel-4.16.8-300.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T16:39:58", "description": "The 4.15.9 update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-03-19T00:00:00", "type": "nessus", "title": "Fedora 27 : kernel (2018-cf76003e1f)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-7995", "CVE-2018-8043"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2018-CF76003E1F.NASL", "href": "https://www.tenable.com/plugins/nessus/108428", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-cf76003e1f.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108428);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-7995\", \"CVE-2018-8043\");\n script_xref(name:\"FEDORA\", value:\"2018-cf76003e1f\");\n\n script_name(english:\"Fedora 27 : kernel (2018-cf76003e1f)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.15.9 update contains a number of important fixes across the\ntree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-cf76003e1f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-7995\", \"CVE-2018-8043\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2018-cf76003e1f\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"kernel-4.15.9-300.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T16:39:57", "description": "The 4.15.9 update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-03-19T00:00:00", "type": "nessus", "title": "Fedora 26 : kernel (2018-bf60ec1389)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-7995", "CVE-2018-8043"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2018-BF60EC1389.NASL", "href": "https://www.tenable.com/plugins/nessus/108427", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-bf60ec1389.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108427);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-7995\", \"CVE-2018-8043\");\n script_xref(name:\"FEDORA\", value:\"2018-bf60ec1389\");\n\n script_name(english:\"Fedora 26 : kernel (2018-bf60ec1389)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.15.9 update contains a number of important fixes across the\ntree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-bf60ec1389\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-7995\", \"CVE-2018-8043\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2018-bf60ec1389\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"kernel-4.15.9-200.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:06:19", "description": "The 5.6.13 stable kernel update contains a number of important fixes across the tree\n\n----\n\nThe 5.6.12 stable update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-05-20T00:00:00", "type": "nessus", "title": "Fedora 30 : kernel (2020-5a69decc0c)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10711", "CVE-2020-12655", "CVE-2020-12770"], "modified": "2020-05-28T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2020-5A69DECC0C.NASL", "href": "https://www.tenable.com/plugins/nessus/136722", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-5a69decc0c.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136722);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/28\");\n\n script_cve_id(\"CVE-2020-10711\", \"CVE-2020-12655\", \"CVE-2020-12770\");\n script_xref(name:\"FEDORA\", value:\"2020-5a69decc0c\");\n\n script_name(english:\"Fedora 30 : kernel (2020-5a69decc0c)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The 5.6.13 stable kernel update contains a number of important fixes\nacross the tree\n\n----\n\nThe 5.6.12 stable update contains a number of important fixes across\nthe tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-5a69decc0c\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12770\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2020-10711\", \"CVE-2020-12655\", \"CVE-2020-12770\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2020-5a69decc0c\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"kernel-5.6.13-100.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:06:00", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - uek-rpm: Add OL6 shim conflict for new signing key (Eric Snowberg) [Orabug: 31688239] - Revert 'certs: Add Oracle's new X509 cert into the kernel keyring' (Eric Snowberg) [Orabug: 31688223] - blk-mq: don't overwrite rq->mq_ctx (Jens Axboe) [Orabug: 31457304] - blk-mq:\n mark ctx as pending at batch in flush plug path (Ming Lei) [Orabug: 31457304]\n\n - scsi: qla2xxx: Fix stuck session in GNL (Quinn Tran) [Orabug: 31561461] - scsi: qla2xxx: Serialize session free in qlt_free_session_done (Quinn Tran) [Orabug:\n 31561461] - scsi: qla2xxx: v2: Change abort wait_loop from msleep to wait_event_timeout (Giridhar Malavali) [Orabug: 26932683] - scsi: qla2xxx: v2: Move ABTS code behind qpair (Quinn Tran) [Orabug: 31517449] - ocfs2:\n change slot number type s16 to u16 (Junxiao Bi) [Orabug:\n 31027042] - ocfs2: fix value of OCFS2_INVALID_SLOT (Junxiao Bi) [Orabug: 31027042] - ocfs2: fix panic on nfs server over ocfs2 (Junxiao Bi) [Orabug: 31027042] - ocfs2: load global_inode_alloc (Junxiao Bi) [Orabug:\n 31027042] - ocfs2: avoid inode removal while nfsd is accessing it (Junxiao Bi) [Orabug: 31027042] - block_dev: don't test bdev->bd_contains when it is not stable (NeilBrown) [Orabug: 31554143] - KVM: x86: Remove spurious semicolon (Joao Martins) [Orabug: 31584727]\n\n - media: rc: prevent memory leak in cx23888_ir_probe (Navid Emamdoost) [Orabug: 31351672] (CVE-2019-19054)\n\n - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (Alex Williamson) [Orabug: 31439671] (CVE-2020-12888)\n\n - vfio/pci: Mask buggy SR-IOV VF INTx support (Alex Williamson) [Orabug: 31439671] (CVE-2020-12888)\n\n - vfio-pci: Invalidate mmaps and block MMIO access on disabled memory (Alex Williamson) [Orabug: 31439671] (CVE-2020-12888) (CVE-2020-12888)\n\n - vfio/pci: Pull BAR mapping setup from read-write path (Alex Williamson) [Orabug: 31439671] (CVE-2020-12888)\n\n - vfio_pci: Enable memory accesses before calling pci_map_rom (Eric Auger) [Orabug: 31439671] (CVE-2020-12888)\n\n - vfio-pci: Fault mmaps to enable vma tracking (Alex Williamson) [Orabug: 31439671] (CVE-2020-12888)\n\n - vfio/type1: Support faulting PFNMAP vmas (Alex Williamson) [Orabug: 31439671] (CVE-2020-12888)\n\n - mm: bring in additional flag for fixup_user_fault to signal unlock (Dominik Dingel) [Orabug: 31439671] (CVE-2020-12888)\n\n - vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn (Sean Christopherson) [Orabug: 31439671] (CVE-2020-12888)\n\n - x86/mitigations: reset default value for srbds_mitigation (Mihai Carabas) [Orabug: 31514993] - x86/cpu: clear X86_BUG_SRBDS before late loading (Mihai Carabas) [Orabug: 31514993] - x86/mitigations: update MSRs on all CPUs for SRBDS (Mihai Carabas) [Orabug:\n 31514993] - Revert 'x86/efi: Request desired alignment via the PE/COFF headers' (Matt Fleming) [Orabug:\n 31602576]\n\n - can, slip: Protect tty->disc_data in write_wakeup and close with RCU (Richard Palethorpe) [Orabug: 31516085] (CVE-2020-14416)\n\n - scsi: qla2xxx: Fix warning in qla2x00_async_iocb_timeout [Orabug: 31530589] - scsi: qla2xxx: Fix NULL pointer access for fcport structure (Quinn Tran) [Orabug:\n 31530589]", "cvss3": {}, "published": "2020-08-10T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0032)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19054", "CVE-2020-12888", "CVE-2020-14416"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2020-0032.NASL", "href": "https://www.tenable.com/plugins/nessus/139442", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2020-0032.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139442);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2019-19054\", \"CVE-2020-12888\", \"CVE-2020-14416\");\n\n script_name(english:\"OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0032)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - uek-rpm: Add OL6 shim conflict for new signing key (Eric\n Snowberg) [Orabug: 31688239] - Revert 'certs: Add\n Oracle's new X509 cert into the kernel keyring' (Eric\n Snowberg) [Orabug: 31688223] - blk-mq: don't overwrite\n rq->mq_ctx (Jens Axboe) [Orabug: 31457304] - blk-mq:\n mark ctx as pending at batch in flush plug path (Ming\n Lei) [Orabug: 31457304]\n\n - scsi: qla2xxx: Fix stuck session in GNL (Quinn Tran)\n [Orabug: 31561461] - scsi: qla2xxx: Serialize session\n free in qlt_free_session_done (Quinn Tran) [Orabug:\n 31561461] - scsi: qla2xxx: v2: Change abort wait_loop\n from msleep to wait_event_timeout (Giridhar Malavali)\n [Orabug: 26932683] - scsi: qla2xxx: v2: Move ABTS code\n behind qpair (Quinn Tran) [Orabug: 31517449] - ocfs2:\n change slot number type s16 to u16 (Junxiao Bi) [Orabug:\n 31027042] - ocfs2: fix value of OCFS2_INVALID_SLOT\n (Junxiao Bi) [Orabug: 31027042] - ocfs2: fix panic on\n nfs server over ocfs2 (Junxiao Bi) [Orabug: 31027042] -\n ocfs2: load global_inode_alloc (Junxiao Bi) [Orabug:\n 31027042] - ocfs2: avoid inode removal while nfsd is\n accessing it (Junxiao Bi) [Orabug: 31027042] -\n block_dev: don't test bdev->bd_contains when it is not\n stable (NeilBrown) [Orabug: 31554143] - KVM: x86: Remove\n spurious semicolon (Joao Martins) [Orabug: 31584727]\n\n - media: rc: prevent memory leak in cx23888_ir_probe\n (Navid Emamdoost) [Orabug: 31351672] (CVE-2019-19054)\n\n - vfio/pci: Fix SR-IOV VF handling with MMIO blocking\n (Alex Williamson) [Orabug: 31439671] (CVE-2020-12888)\n\n - vfio/pci: Mask buggy SR-IOV VF INTx support (Alex\n Williamson) [Orabug: 31439671] (CVE-2020-12888)\n\n - vfio-pci: Invalidate mmaps and block MMIO access on\n disabled memory (Alex Williamson) [Orabug: 31439671]\n (CVE-2020-12888) (CVE-2020-12888)\n\n - vfio/pci: Pull BAR mapping setup from read-write path\n (Alex Williamson) [Orabug: 31439671] (CVE-2020-12888)\n\n - vfio_pci: Enable memory accesses before calling\n pci_map_rom (Eric Auger) [Orabug: 31439671]\n (CVE-2020-12888)\n\n - vfio-pci: Fault mmaps to enable vma tracking (Alex\n Williamson) [Orabug: 31439671] (CVE-2020-12888)\n\n - vfio/type1: Support faulting PFNMAP vmas (Alex\n Williamson) [Orabug: 31439671] (CVE-2020-12888)\n\n - mm: bring in additional flag for fixup_user_fault to\n signal unlock (Dominik Dingel) [Orabug: 31439671]\n (CVE-2020-12888)\n\n - vfio/type1: Fix VA->PA translation for PFNMAP VMAs in\n vaddr_get_pfn (Sean Christopherson) [Orabug: 31439671]\n (CVE-2020-12888)\n\n - x86/mitigations: reset default value for\n srbds_mitigation (Mihai Carabas) [Orabug: 31514993] -\n x86/cpu: clear X86_BUG_SRBDS before late loading (Mihai\n Carabas) [Orabug: 31514993] - x86/mitigations: update\n MSRs on all CPUs for SRBDS (Mihai Carabas) [Orabug:\n 31514993] - Revert 'x86/efi: Request desired alignment\n via the PE/COFF headers' (Matt Fleming) [Orabug:\n 31602576]\n\n - can, slip: Protect tty->disc_data in write_wakeup and\n close with RCU (Richard Palethorpe) [Orabug: 31516085]\n (CVE-2020-14416)\n\n - scsi: qla2xxx: Fix warning in qla2x00_async_iocb_timeout\n [Orabug: 31530589] - scsi: qla2xxx: Fix NULL pointer\n access for fcport structure (Quinn Tran) [Orabug:\n 31530589]\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2020-August/000992.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ccf50329\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14416\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-4.1.12-124.41.4.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-firmware-4.1.12-124.41.4.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:32", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.(CVE-2020-16166)\n\n - The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.(CVE-2020-12888)\n\n - In the Linux kernel through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.(CVE-2020-15393)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-10-30T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-2250)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12888", "CVE-2020-15393", "CVE-2020-16166"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2250.NASL", "href": "https://www.tenable.com/plugins/nessus/142073", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142073);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-12888\",\n \"CVE-2020-15393\",\n \"CVE-2020-16166\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-2250)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The Linux kernel through 5.7.11 allows remote attackers\n to make observations that help to obtain sensitive\n information about the internal state of the network\n RNG, aka CID-f227e3ec3b5c. This is related to\n drivers/char/random.c and\n kernel/time/timer.c.(CVE-2020-16166)\n\n - The VFIO PCI driver in the Linux kernel through 5.6.13\n mishandles attempts to access disabled memory\n space.(CVE-2020-12888)\n\n - In the Linux kernel through 5.7.6, usbtest_disconnect\n in drivers/usb/misc/usbtest.c has a memory leak, aka\n CID-28ebeb8db770.(CVE-2020-15393)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2250\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dc35e9ce\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16166\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.5.h470.eulerosv2r7\",\n \"kernel-devel-3.10.0-862.14.1.5.h470.eulerosv2r7\",\n \"kernel-headers-3.10.0-862.14.1.5.h470.eulerosv2r7\",\n \"kernel-tools-3.10.0-862.14.1.5.h470.eulerosv2r7\",\n \"kernel-tools-libs-3.10.0-862.14.1.5.h470.eulerosv2r7\",\n \"perf-3.10.0-862.14.1.5.h470.eulerosv2r7\",\n \"python-perf-3.10.0-862.14.1.5.h470.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:22:19", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3545 advisory.\n\n - kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c (CVE-2019-19046)\n\n - kernel: Buffer over-read in crypto_authenc_extractkeys() when a payload longer than 4 bytes is not aligned. (CVE-2020-10769)\n\n - kernel: sync of excessive duration via an XFS v5 image with crafted metadata (CVE-2020-12655)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-08-26T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-alt (RHSA-2020:3545)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19046", "CVE-2020-10769", "CVE-2020-12655"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2020-3545.NASL", "href": "https://www.tenable.com/plugins/nessus/139809", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3545. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139809);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\"CVE-2019-19046\", \"CVE-2020-10769\", \"CVE-2020-12655\");\n script_xref(name:\"RHSA\", value:\"2020:3545\");\n\n script_name(english:\"RHEL 7 : kernel-alt (RHSA-2020:3545)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:3545 advisory.\n\n - kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c\n (CVE-2019-19046)\n\n - kernel: Buffer over-read in crypto_authenc_extractkeys() when a payload longer than 4 bytes is not\n aligned. (CVE-2020-10769)\n\n - kernel: sync of excessive duration via an XFS v5 image with crafted metadata (CVE-2020-12655)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1708775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1774988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1832543\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19046\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 400, 401, 835);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-19046', 'CVE-2020-10769', 'CVE-2020-12655');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:3545');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/os',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/os',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/os',\n 'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/os',\n 'content/fastrack/rhel/power/7/ppc64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-4.14.0-115.29.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.14.0-115.29.1.el7a', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-4.14.0-115.29.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.14.0-115.29.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.14.0-115.29.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.0-115.29.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.0-115.29.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.0-115.29.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.14.0-115.29.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.14.0-115.29.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.0-115.29.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.0-115.29.1.el7a', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-bootwrapper / kernel-debug / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:06:34", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5801 advisory.\n\n - The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. (CVE-2020-12888)\n\n - A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b. (CVE-2019-19054)\n\n - In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c. (CVE-2020-14416)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-08-07T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5801)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19054", "CVE-2020-12888", "CVE-2020-14416"], "modified": "2022-05-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2020-5801.NASL", "href": "https://www.tenable.com/plugins/nessus/139398", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5801.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139398);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2019-19054\", \"CVE-2020-12888\", \"CVE-2020-14416\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5801)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2020-5801 advisory.\n\n - The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory\n space. (CVE-2020-12888)\n\n - A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux\n kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering\n kfifo_alloc() failures, aka CID-a7b2df76b42b. (CVE-2019-19054)\n\n - In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line\n discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and\n drivers/net/can/slcan.c. (CVE-2020-14416)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5801.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14416\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-12888\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.41.4.el6uek', '4.1.12-124.41.4.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-5801');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.41.4.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.41.4.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.41.4.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.41.4.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.41.4.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.41.4.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.41.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.41.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.41.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.41.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.41.4.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.41.4.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-30T16:11:23", "description": "The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-79cbbefebe advisory.\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. (CVE-2021-41864)\n\n - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).\n This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-14T00:00:00", "type": "nessus", "title": "Fedora 35 : kernel (2021-79cbbefebe)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18808", "CVE-2021-3744", "CVE-2021-41864"], "modified": "2023-11-28T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:35", "p-cpe:/a:fedoraproject:fedora:kernel"], "id": "FEDORA_2021-79CBBEFEBE.NASL", "href": "https://www.tenable.com/plugins/nessus/154140", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2021-79cbbefebe\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154140);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/28\");\n\n script_cve_id(\"CVE-2021-3744\", \"CVE-2021-41864\");\n script_xref(name:\"FEDORA\", value:\"2021-79cbbefebe\");\n\n script_name(english:\"Fedora 35 : kernel (2021-79cbbefebe)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2021-79cbbefebe advisory.\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows\n unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds\n write. (CVE-2021-41864)\n\n - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in\n drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).\n This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2021-79cbbefebe\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41864\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:35\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Fedora' >!< release) audit(AUDIT_OS_NOT, 'Fedora');\nvar os_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^35([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 35', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2021-3744', 'CVE-2021-41864');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for FEDORA-2021-79cbbefebe');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'reference':'kernel-5.14.10-300.fc35', 'release':'FC35', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T16:43:44", "description": "Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service :\n\nAn error in the '_sctp_make_chunk()' function (net/sctp/sm_make_chunk.c) when handling SCTP, packet length can be exploited by a malicious local user to cause a kernel crash and a DoS.\n(CVE-2018-5803)\n\nMishandling mutex within libsas allowing local Denial of Service\n\nThe Serial Attached SCSI (SAS) implementation in the Linux kernel mishandles a mutex within libsas. This allows local users to cause a denial of service (deadlock) by triggering certain error-handling code. (CVE-2017-18232)\n\nA flaw was found in the Linux kernel's client-side implementation of the cifs protocol. This flaw allows an attacker controlling the server to kernel panic a client which has the CIFS server mounted.(CVE-2018-1066)", "cvss3": {}, "published": "2018-04-20T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2018-993)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18232", "CVE-2018-1066", "CVE-2018-5803"], "modified": "2018-05-11T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-doc", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2018-993.NASL", "href": "https://www.tenable.com/plugins/nessus/109183", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2018-993.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109183);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/05/11 12:23:25\");\n\n script_cve_id(\"CVE-2017-18232\", \"CVE-2018-1066\", \"CVE-2018-5803\");\n script_xref(name:\"ALAS\", value:\"2018-993\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2018-993)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Missing length check of payload in\nnet/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of\nservice :\n\nAn error in the '_sctp_make_chunk()' function\n(net/sctp/sm_make_chunk.c) when handling SCTP, packet length can be\nexploited by a malicious local user to cause a kernel crash and a DoS.\n(CVE-2018-5803)\n\nMishandling mutex within libsas allowing local Denial of Service\n\nThe Serial Attached SCSI (SAS) implementation in the Linux kernel\nmishandles a mutex within libsas. This allows local users to cause a\ndenial of service (deadlock) by triggering certain error-handling\ncode. (CVE-2017-18232)\n\nA flaw was found in the Linux kernel's client-side implementation of\nthe cifs protocol. This flaw allows an attacker controlling the server\nto kernel panic a client which has the CIFS server\nmounted.(CVE-2018-1066)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2018-993.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update kernel' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-4.9.93-41.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-4.9.93-41.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-4.9.93-41.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.9.93-41.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-4.9.93-41.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-doc-4.9.93-41.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-4.9.93-41.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-4.9.93-41.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-4.9.93-41.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-devel-4.9.93-41.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-4.9.93-41.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-debuginfo-4.9.93-41.60.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:06:19", "description": "The 5.6.13 stable kernel update contains a number of important fixes across the tree\n\n----\n\nThe 5.6.12 stable update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-05-20T00:00:00", "type": "nessus", "title": "Fedora 31 : kernel (2020-c6b9fff7f8)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10711", "CVE-2020-12655", "CVE-2020-12770"], "modified": "2020-05-28T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-C6B9FFF7F8.NASL", "href": "https://www.tenable.com/plugins/nessus/136725", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-c6b9fff7f8.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136725);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/28\");\n\n script_cve_id(\"CVE-2020-10711\", \"CVE-2020-12655\", \"CVE-2020-12770\");\n script_xref(name:\"FEDORA\", value:\"2020-c6b9fff7f8\");\n\n script_name(english:\"Fedora 31 : kernel (2020-c6b9fff7f8)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The 5.6.13 stable kernel update contains a number of important fixes\nacross the tree\n\n----\n\nThe 5.6.12 stable update contains a number of important fixes across\nthe tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-c6b9fff7f8\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12770\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2020-10711\", \"CVE-2020-12655\", \"CVE-2020-12770\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2020-c6b9fff7f8\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"kernel-5.6.13-200.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:07:04", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-142938932(CVE-2020-0009)\n\n - A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.(CVE-2020-10757)\n\n - go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586.(CVE-2019-20810)\n\n - In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.(CVE-2019-9445)\n\n - A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.(CVE-2020-10751)\n\n - An issue was discovered in the Linux kernel before 5.4.7. The prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3, aka CID-b43d1f9f7067.(CVE-2019-20812)\n\n - ** DISPUTED ** An issue was discovered in the Linux kernel through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case.(CVE-2020-13974)\n\n - An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.(CVE-2019-20811)\n\n - A flaw was found in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality.(CVE-2020-10768)\n\n - A flaw was found in the Linux kernel's implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality.(CVE-2020-10767)\n\n - A logic bug flaw was found in the Linux kernel's implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per task/process conditional STIPB switching was added on top of the existing SSBD switching. The highest threat from this vulnerability is to confidentiality.(CVE-2020-10766)\n\n - A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both.(CVE-2020-0543)\n\n - In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c.(CVE-2020-14416)\n\n - The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code.(CVE-2019-18282)\n\n - The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.(CVE-2020-12888)\n\n - In the Linux kernel through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.(CVE-2020-15393)\n\n - A flaw was found in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable.(CVE-2020-10781)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-08-28T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.6.0 : kernel (EulerOS-SA-2020-1892)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18282", "CVE-2019-20810", "CVE-2019-20811", "CVE-2019-20812", "CVE-2019-9445", "CVE-2020-0009", "CVE-2020-0543", "CVE-2020-10751", "CVE-2020-10757", "CVE-2020-10766", "CVE-2020-10767", "CVE-2020-10768", "CVE-2020-10781", "CVE-2020-12888", "CVE-2020-13974", "CVE-2020-14416", "CVE-2020-15393"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2020-1892.NASL", "href": "https://www.tenable.com/plugins/nessus/139995", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139995);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-18282\",\n \"CVE-2019-20810\",\n \"CVE-2019-20811\",\n \"CVE-2019-20812\",\n \"CVE-2019-9445\",\n \"CVE-2020-0009\",\n \"CVE-2020-0543\",\n \"CVE-2020-10751\",\n \"CVE-2020-10757\",\n \"CVE-2020-10766\",\n \"CVE-2020-10767\",\n \"CVE-2020-10768\",\n \"CVE-2020-10781\",\n \"CVE-2020-12888\",\n \"CVE-2020-13974\",\n \"CVE-2020-14416\",\n \"CVE-2020-15393\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.6.0 : kernel (EulerOS-SA-2020-1892)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - In calc_vm_may_flags of ashmem.c, there is a possible\n arbitrary write to shared memory due to a permissions\n bypass. This could lead to local escalation of\n privilege by corrupting memory shared between\n processes, with no additional execution privileges\n needed. User interaction is not needed for\n exploitation. Product: Android Versions: Android kernel\n Android ID: A-142938932(CVE-2020-0009)\n\n - A flaw was found in the Linux Kernel in versions after\n 4.5-rc1 in the way mremap handled DAX Huge Pages. This\n flaw allows a local attacker with access to a DAX\n enabled storage to escalate their privileges on the\n system.(CVE-2020-10757)\n\n - go7007_snd_init in\n drivers/media/usb/go7007/snd-go7007.c in the Linux\n kernel before 5.6 does not call snd_card_free for a\n failure path, which causes a memory leak, aka\n CID-9453264ef586.(CVE-2019-20810)\n\n - In the Android kernel in F2FS driver there is a\n possible out of bounds read due to a missing bounds\n check. This could lead to local information disclosure\n with system execution privileges needed. User\n interaction is not needed for\n exploitation.(CVE-2019-9445)\n\n - A flaw was found in the Linux kernels SELinux LSM hook\n implementation before version 5.7, where it incorrectly\n assumed that an skb would only contain a single netlink\n message. The hook would incorrectly only validate the\n first netlink message in the skb and allow or deny the\n rest of the messages within the skb with the granted\n permission without further processing.(CVE-2020-10751)\n\n - An issue was discovered in the Linux kernel before\n 5.4.7. The prb_calc_retire_blk_tmo() function in\n net/packet/af_packet.c can result in a denial of\n service (CPU consumption and soft lockup) in a certain\n failure case involving TPACKET_V3, aka\n CID-b43d1f9f7067.(CVE-2019-20812)\n\n - ** DISPUTED ** An issue was discovered in the Linux\n kernel through 5.7.1. drivers/tty/vt/keyboard.c has an\n integer overflow if k_ascii is called several times in\n a row, aka CID-b86dab054059. NOTE: Members in the\n community argue that the integer overflow does not lead\n to a security issue in this case.(CVE-2020-13974)\n\n - An issue was discovered in the Linux kernel before\n 5.0.6. In rx_queue_add_kobject() and\n netdev_queue_add_kobject() in net/core/net-sysfs.c, a\n reference count is mishandled, aka\n CID-a3e23f719f5c.(CVE-2019-20811)\n\n - A flaw was found in the prctl() function, where it can\n be used to enable indirect branch speculation after it\n has been disabled. This call incorrectly reports it as\n being 'force disabled' when it is not and opens the\n system to Spectre v2 attacks. The highest threat from\n this vulnerability is to\n confidentiality.(CVE-2020-10768)\n\n - A flaw was found in the Linux kernel's implementation\n of the Enhanced IBPB (Indirect Branch Prediction\n Barrier). The IBPB mitigation will be disabled when\n STIBP is not available or when the Enhanced Indirect\n Branch Restricted Speculation (IBRS) is available. This\n flaw allows a local attacker to perform a Spectre V2\n style attack when this configuration is active. The\n highest threat from this vulnerability is to\n confidentiality.(CVE-2020-10767)\n\n - A logic bug flaw was found in the Linux kernel's\n implementation of SSBD. A bug in the logic handling\n allows an attacker with a local account to disable SSBD\n protection during a context switch when additional\n speculative execution mitigations are in place. This\n issue was introduced when the per task/process\n conditional STIPB switching was added on top of the\n existing SSBD switching. The highest threat from this\n vulnerability is to confidentiality.(CVE-2020-10766)\n\n - A new domain bypass transient execution attack known as\n Special Register Buffer Data Sampling (SRBDS) has been\n found. This flaw allows data values from special\n internal registers to be leaked by an attacker able to\n execute code on any core of the CPU. An unprivileged,\n local attacker can use this flaw to infer values\n returned by affected instructions known to be commonly\n used during cryptographic operations that rely on\n uniqueness, secrecy, or both.(CVE-2020-0543)\n\n - In the Linux kernel before 5.4.16, a race condition in\n tty->disc_data handling in the slip and slcan line\n discipline could lead to a use-after-free, aka\n CID-0ace17d56824. This affects drivers/net/slip/slip.c\n and drivers/net/can/slcan.c.(CVE-2020-14416)\n\n - The flow_dissector feature in the Linux kernel 4.3\n through 5.x before 5.3.10 has a device tracking\n vulnerability, aka CID-55667441c84f. This occurs\n because the auto flowlabel of a UDP IPv6 packet relies\n on a 32-bit hashrnd value as a secret, and because\n jhash (instead of siphash) is used. The hashrnd value\n remains the same starting from boot time, and can be\n inferred by an attacker. This affects\n net/core/flow_dissector.c and related\n code.(CVE-2019-18282)\n\n - The VFIO PCI driver in the Linux kernel through 5.6.13\n mishandles attempts to access disabled memory\n space.(CVE-2020-12888)\n\n - In the Linux kernel through 5.7.6, usbtest_disconnect\n in drivers/usb/misc/usbtest.c has a memory leak, aka\n CID-28ebeb8db770.(CVE-2020-15393)\n\n - A flaw was found in the ZRAM kernel module, where a\n user with a local account and the ability to read the\n /sys/class/zram-control/hot_add file can create ZRAM\n device nodes in the /dev/ directory. This read\n allocates kernel memory and is not accounted for a user\n that triggers the creation of that ZRAM device. With\n this vulnerability, continually reading the device may\n consume a large amount of system memory and cause the\n Out-of-Memory (OOM) killer to activate and terminate\n random userspace processes, possibly making the system\n inoperable.(CVE-2020-10781)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1892\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?210b9b25\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.36-vhulk1907.1.0.h799.eulerosv2r8\",\n \"kernel-devel-4.19.36-vhulk1907.1.0.h799.eulerosv2r8\",\n \"kernel-headers-4.19.36-vhulk1907.1.0.h799.eulerosv2r8\",\n \"kernel-tools-4.19.36-vhulk1907.1.0.h799.eulerosv2r8\",\n \"kernel-tools-libs-4.19.36-vhulk1907.1.0.h799.eulerosv2r8\",\n \"kernel-tools-libs-devel-4.19.36-vhulk1907.1.0.h799.eulerosv2r8\",\n \"perf-4.19.36-vhulk1907.1.0.h799.eulerosv2r8\",\n \"python-perf-4.19.36-vhulk1907.1.0.h799.eulerosv2r8\",\n \"python3-perf-4.19.36-vhulk1907.1.0.h799.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:54:59", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5528 advisory.\n\n - An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c. (CVE-2019-15917)\n\n - An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service. (CVE-2019-19332)\n\n - In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out. (CVE-2019-3016)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-01-31T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5528)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-15917", "CVE-2019-19332", "CVE-2019-3016"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2020-5528.NASL", "href": "https://www.tenable.com/plugins/nessus/133382", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5528.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133382);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2019-19332\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5528)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-5528 advisory.\n\n - An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when\n hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c. (CVE-2019-15917)\n\n - An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way\n the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID\n features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use\n this flaw to crash the system, resulting in a denial of service. (CVE-2019-19332)\n\n - In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory\n locations from another process in the same guest. This problem is limit to the host running linux kernel\n 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel\n CPUs cannot be ruled out. (CVE-2019-3016)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5528.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15917\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.14.35-1902.10.4.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-5528');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.14.35-1902.10.4.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-4.14.35-1902.10.4.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-1902.10.4.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-1902.10.4.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-1902.10.4.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-1902.10.4.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-1902.10.4.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-1902.10.4.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-doc-4.14.35-1902.10.4.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.14.35'},\n {'reference':'kernel-uek-headers-4.14.35-1902.10.4.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-1902.10.4.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-1902.10.4.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-libs-4.14.35-1902.10.4.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-4.14.35'},\n {'reference':'kernel-uek-tools-libs-devel-4.14.35-1902.10.4.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-devel-4.14.35'},\n {'reference':'perf-4.14.35-1902.10.4.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.35-1902.10.4.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:42:50", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4307 advisory.\n\n - In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition. (CVE-2018-1000004)\n\n - The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference). (CVE-2018-8043)\n\n - drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ. (CVE-2018-18386)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2018-12-13T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4307)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000004", "CVE-2018-18386", "CVE-2018-8043"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2018-4307.NASL", "href": "https://www.tenable.com/plugins/nessus/119639", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2018-4307.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119639);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2018-8043\", \"CVE-2018-18386\", \"CVE-2018-1000004\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4307)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2018-4307 advisory.\n\n - In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in\n the sound system, this can lead to a deadlock and denial of service condition. (CVE-2018-1000004)\n\n - The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8\n does not validate certain resource availability, which allows local users to cause a denial of service\n (NULL pointer dereference). (CVE-2018-8043)\n\n - drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access\n pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus\n ICANON confusion in TIOCINQ. (CVE-2018-18386)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2018-4307.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-1000004\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.23.2.el6uek', '4.1.12-124.23.2.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2018-4307');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.23.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.23.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.23.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.23.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.23.2.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.23.2.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.23.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.23.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.23.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.23.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.23.2.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.23.2.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T16:42:42", "description": "The openSUSE Leap 42.3 kernel was updated to 4.4.126 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2018-1091: In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service (bnc#1087231).\n\n - CVE-2018-8043: The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c did not validate certain resource availability, which allowed local users to cause a denial of service (NULL pointer dereference) (bnc#1084829).\n\n - CVE-2018-7740: The resv_map_release function in mm/hugetlb.c allowed local users to cause a denial of service (BUG) via a crafted application that made mmap system calls and has a large pgoff argument to the remap_file_pages system call (bnc#1084353).\n\nThe following non-security bugs were fixed :\n\n - acpica: Add header support for TPM2 table changes (bsc#1084452).\n\n - acpica: Add support for new SRAT subtable (bsc#1085981).\n\n - acpica: iasl: Update to IORT SMMUv3 disassembling (bsc#1085981).\n\n - acpi/IORT: numa: Add numa node mapping for smmuv3 devices (bsc#1085981).\n\n - acpi, numa: fix pxm to online numa node associations (bnc#1012382).\n\n - acpi / PMIC: xpower: Fix power_table addresses (bnc#1012382).\n\n - acpi/processor: Fix error handling in\n __acpi_processor_start() (bnc#1012382).\n\n - acpi/processor: Replace racy task affinity logic (bnc#1012382).\n\n - agp/intel: Flush all chipset writes after updating the GGTT (bnc#1012382).\n\n - ahci: Add pci-id for the Highpoint Rocketraid 644L card (bnc#1012382).\n\n - alsa: aloop: Fix access to not-yet-ready substream via cable (bnc#1012382).\n\n - alsa: aloop: Sync stale timer before release (bnc#1012382).\n\n - alsa: firewire-digi00x: handle all MIDI messages on streaming packets (bnc#1012382).\n\n - alsa: hda: Add a power_save blacklist (bnc#1012382).\n\n - alsa: hda: add dock and led support for HP EliteBook 820 G3 (bnc#1012382).\n\n - alsa: hda: add dock and led support for HP ProBook 640 G2 (bnc#1012382).\n\n - alsa: hda/realtek - Always immediately update mute LED with pin VREF (bnc#1012382).\n\n - alsa: hda/realtek - Fix dock line-out volume on Dell Precision 7520 (bnc#1012382).\n\n - alsa: hda/realtek - Fix speaker no sound after system resume (bsc#1031717).\n\n - alsa: hda - Revert power_save option default value (git-fixes).\n\n - alsa: pcm: Fix UAF in snd_pcm_oss_get_formats() (bnc#1012382).\n\n - alsa: usb-audio: Add a quirck for B&W PX headphones (bnc#1012382).\n\n - alsa: usb-audio: Fix parsing descriptor of UAC2 processing unit (bnc#1012382).\n\n - apparmor: Make path_max parameter readonly (bnc#1012382).\n\n - arm64: Add missing Falkor part number for branch predictor hardening (bsc#1068032).\n\n - arm64 / cpuidle: Use new cpuidle macro for entering retention state (bsc#1084328).\n\n - arm64: mm: do not write garbage into TTBR1_EL1 register (bsc#1085487).\n\n - arm: 8668/1: ftrace: Fix dynamic ftrace with DEBUG_RODATA and !FRAME_POINTER (bnc#1012382).\n\n - arm: DRA7: clockdomain: Change the CLKTRCTRL of CM_PCIE_CLKSTCTRL to SW_WKUP (bnc#1012382).\n\n - arm: dts: Adjust moxart IRQ controller and flags (bnc#1012382).\n\n - arm: dts: am335x-pepper: Fix the audio CODEC's reset pin (bnc#1012382).\n\n - arm: dts: exynos: Correct Trats2 panel reset line (bnc#1012382).\n\n - arm: dts: koelsch: Correct clock frequency of X2 DU clock input (bnc#1012382).\n\n - arm: dts: LogicPD Torpedo: Fix I2C1 pinmux (bnc#1012382).\n\n - arm: dts: omap3-n900: Fix the audio CODEC's reset pin (bnc#1012382).\n\n - arm: dts: r8a7790: Correct parent of SSI[0-9] clocks (bnc#1012382).\n\n - arm: dts: r8a7791: Correct parent of SSI[0-9] clocks (bnc#1012382).\n\n - arm: mvebu: Fix broken PL310_ERRATA_753970 selects (bnc#1012382).\n\n - asoc: rcar: ssi: do not set SSICR.CKDV = 000 with SSIWSR.CONT (bnc#1012382).\n\n - ath10k: disallow DFS simulation if DFS channel is not enabled (bnc#1012382).\n\n - ath10k: fix invalid STS_CAP_OFFSET_MASK (bnc#1012382).\n\n - ath10k: update tdls teardown state to target (bnc#1012382).\n\n - ath: Fix updating radar flags for coutry code India (bnc#1012382).\n\n - batman-adv: handle race condition for claims between gateways (bnc#1012382).\n\n - bcache: do not attach backing with duplicate UUID (bnc#1012382).\n\n - blkcg: fix double free of new_blkg in blkcg_init_queue (bnc#1012382).\n\n - blk-throttle: make sure expire time isn't too big (bnc#1012382).\n\n - block: do not assign cmd_flags in __blk_rq_prep_clone (bsc#1088087).\n\n - block-mq: stop workqueue items in blk_mq_stop_hw_queue() (bsc#1084967).\n\n - bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174 (bnc#1012382).\n\n - bluetooth: hci_qca: Avoid setup failure on missing rampatch (bnc#1012382).\n\n - bnx2x: Align RX buffers (bnc#1012382).\n\n - bonding: refine bond_fold_stats() wrap detection (bnc#1012382).\n\n - bpf: fix incorrect sign extension in check_alu_op() (bnc#1012382).\n\n - bpf: skip unnecessary capability check (bnc#1012382).\n\n - bpf, x64: implement retpoline for tail call (bnc#1012382).\n\n - bpf, x64: increase number of passes (bnc#1012382).\n\n - braille-console: Fix value returned by\n _braille_console_setup (bnc#1012382).\n\n - brcmfmac: fix P2P_DEVICE ethernet address generation (bnc#1012382).\n\n - bridge: check brport attr show in brport_show (bnc#1012382).\n\n - btrfs: alloc_chunk: fix DUP stripe size handling (bnc#1012382).\n\n - btrfs: Fix use-after-free when cleaning up fs_devs with a single stale device (bnc#1012382).\n\n - btrfs: improve delayed refs iterations (bsc#1076033).\n\n - btrfs: incremental send, fix invalid memory access (git-fixes).\n\n - btrfs: preserve i_mode if __btrfs_set_acl() fails (bnc#1012382).\n\n - btrfs: send, fix file hole not being preserved due to inline extent (bnc#1012382).\n\n - can: cc770: Fix queue stall & dropped RTR reply (bnc#1012382).\n\n - can: cc770: Fix stalls on rt-linux, remove redundant IRQ ack (bnc#1012382).\n\n - can: cc770: Fix use after free in cc770_tx_interrupt() (bnc#1012382).\n\n - ceph: only dirty ITER_IOVEC pages for direct read (bsc#1084898).\n\n - clk: bcm2835: Protect sections updating shared registers (bnc#1012382).\n\n - clk: ns2: Correct SDIO bits (bnc#1012382).\n\n - clk: qcom: msm8916: fix mnd_width for codec_digcodec (bnc#1012382).\n\n - clk: si5351: Rename internal plls to avoid name collisions (bnc#1012382).\n\n - coresight: Fix disabling of CoreSight TPIU (bnc#1012382).\n\n - coresight: Fixes coresight DT parse to get correct output port ID (bnc#1012382).\n\n - cpufreq: Fix governor module removal race (bnc#1012382).\n\n - cpufreq: s3c24xx: Fix broken s3c_cpufreq_init() (bnc#1012382).\n\n - cpufreq/sh: Replace racy task affinity logic (bnc#1012382).\n\n - cpuidle: Add new macro to enter a retention idle state (bsc#1084328).\n\n - cros_ec: fix nul-termination for firmware build info (bnc#1012382).\n\n - crypto: cavium - fix memory leak on info (bsc#1086518).\n\n - dcache: Add cond_resched in shrink_dentry_list (bsc#1086194).\n\n - dccp: check sk for closed state in dccp_sendmsg() (bnc#1012382).\n\n - dmaengine: imx-sdma: add 1ms delay to ensure SDMA channel is stopped (bnc#1012382).\n\n - dmaengine: ti-dma-crossbar: Fix event mapping for TPCC_EVT_MUX_60_63 (bnc#1012382).\n\n - dm: Always copy cmd_flags when cloning a request (bsc#1088087).\n\n - driver: (adm1275) set the m,b and R coefficients correctly for power (bnc#1012382).\n\n - drm: Allow determining if current task is output poll worker (bnc#1012382).\n\n - drm/amdgpu/dce: Do not turn off DP sink when disconnected (bnc#1012382).\n\n - drm/amdgpu: Fail fb creation from imported dma-bufs.\n (v2) (bnc#1012382).\n\n - drm/amdgpu: Fix deadlock on runtime suspend (bnc#1012382).\n\n - drm/amdgpu: fix KV harvesting (bnc#1012382).\n\n - drm/amdgpu: Notify sbios device ready before send request (bnc#1012382).\n\n - drm/amdkfd: Fix memory leaks in kfd topology (bnc#1012382).\n\n - drm: Defer disabling the vblank IRQ until the next interrupt (for instant-off) (bnc#1012382).\n\n - drm/edid: set ELD connector type in drm_edid_to_eld() (bnc#1012382).\n\n - drm/i915/cmdparser: Do not check past the cmd length (bsc#1031717).\n\n - drm/i915/psr: Check for the specific AUX_FRAME_SYNC cap bit (bsc#1031717).\n\n - drm/msm: fix leak in failed get_pages (bnc#1012382).\n\n - drm/nouveau: Fix deadlock on runtime suspend (bnc#1012382).\n\n - drm/nouveau/kms: Increase max retries in scanout position queries (bnc#1012382).\n\n - drm/omap: DMM: Check for DMM readiness after successful transaction commit (bnc#1012382).\n\n - drm: qxl: Do not alloc fbdev if emulation is not supported (bnc#1012382).\n\n - drm/radeon: Do not turn off DP sink when disconnected (bnc#1012382).\n\n - drm/radeon: Fail fb creation from imported dma-bufs (bnc#1012382).\n\n - drm/radeon: Fix deadlock on runtime suspend (bnc#1012382).\n\n - drm/radeon: fix KV harvesting (bnc#1012382).\n\n - drm: udl: Properly check framebuffer mmap offsets (bnc#1012382).\n\n - drm/vmwgfx: Fix a destoy-while-held mutex problem (bnc#1012382).\n\n - drm/vmwgfx: Fixes to vmwgfx_fb (bnc#1012382).\n\n - e1000e: Avoid missed interrupts following ICR read (bsc#1075428).\n\n - e1000e: Avoid receiver overrun interrupt bursts (bsc#1075428).\n\n - e1000e: Fix check_for_link return value with autoneg off (bsc#1075428).\n\n - e1000e: Fix link check race condition (bsc#1075428).\n\n - e1000e: Fix queue interrupt re-raising in Other interrupt (bsc#1075428).\n\n - e1000e: fix timing for 82579 Gigabit Ethernet controller (bnc#1012382).\n\n - e1000e: Remove Other from EIAC (bsc#1075428).\n\n - EDAC, sb_edac: Fix out of bound writes during DIMM configuration on KNL (git-fixes 3286d3eb906c).\n\n - ext4: inplace xattr block update fails to deduplicate blocks (bnc#1012382).\n\n - f2fs: relax node version check for victim data in gc (bnc#1012382).\n\n - fib_semantics: Do not match route with mismatching tclassid (bnc#1012382).\n\n - fixup: sctp: verify size of a new chunk in\n _sctp_make_chunk() (bnc#1012382).\n\n - fs/aio: Add explicit RCU grace period when freeing kioctx (bnc#1012382).\n\n - fs/aio: Use RCU accessors for kioctx_table->table[] (bnc#1012382).\n\n - fs/hugetlbfs/inode.c: change put_page/unlock_page order in hugetlbfs_fallocate() (git-fixes, bsc#1083745).\n\n - fs: Teach path_connected to handle nfs filesystems with multiple roots (bnc#1012382).\n\n - genirq: Track whether the trigger type has been set (git-fixes).\n\n - genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs (bnc#1012382).\n\n - hdlc_ppp: carrier detect ok, do not turn off negotiation (bnc#1012382).\n\n - hid: clamp input to logical range if no null state (bnc#1012382).\n\n - hid: reject input outside logical range only if null state is set (bnc#1012382).\n\n - hugetlbfs: fix offset overflow in hugetlbfs mmap (bnc#1084353).\n\n - hv_balloon: fix bugs in num_pages_onlined accounting (fate#323887).\n\n - hv_balloon: fix printk loglevel (fate#323887).\n\n - hv_balloon: simplify hv_online_page()/hv_page_online_one() (fate#323887).\n\n - i2c: i2c-scmi: add a MS HID (bnc#1012382).\n\n - i2c: xlp9xx: Check for Bus state before every transfer (bsc#1084310).\n\n - i2c: xlp9xx: Handle NACK on DATA properly (bsc#1084310).\n\n - i2c: xlp9xx: Handle transactions with I2C_M_RECV_LEN properly (bsc#1060799).\n\n - i2c: xlp9xx: return ENXIO on slave address NACK (bsc#1060799).\n\n - i40e: Acquire NVM lock before reads on all devices (bnc#1012382).\n\n - ia64: fix module loading for gcc-5.4 (bnc#1012382).\n\n - IB/ipoib: Avoid memory leak if the SA returns a different DGID (bnc#1012382).\n\n - IB/ipoib: Update broadcast object if PKey value was changed in index 0 (bnc#1012382).\n\n - IB/mlx4: Change vma from shared to private (bnc#1012382).\n\n - IB/mlx4: Take write semaphore when changing the vma struct (bnc#1012382).\n\n - ibmvfc: Avoid unnecessary port relogin (bsc#1085404).\n\n - ibmvnic: Fix reset return from closed state (bsc#1084610).\n\n - ibmvnic: Potential NULL dereference in clean_one_tx_pool() (bsc#1085224, git-fixes).\n\n - ibmvnic: Remove unused TSO resources in TX pool structure (bsc#1085224).\n\n - ibmvnic: Update TX pool cleaning routine (bsc#1085224).\n\n - IB/umem: Fix use of npages/nmap fields (bnc#1012382).\n\n - ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event() (bnc#1012382).\n\n - iio: st_pressure: st_accel: Initialise sensor platform data properly (bnc#1012382).\n\n - iio: st_pressure: st_accel: pass correct platform data to init (git-fixes).\n\n - ima: relax requiring a file signature for new files with zero length (bnc#1012382).\n\n - infiniband/uverbs: Fix integer overflows (bnc#1012382).\n\n - input: matrix_keypad - fix race when disabling interrupts (bnc#1012382).\n\n - input: qt1070 - add OF device ID table (bnc#1012382).\n\n - input: tsc2007 - check for presence and power down tsc2007 during probe (bnc#1012382).\n\n - iommu/omap: Register driver before setting IOMMU ops (bnc#1012382).\n\n - iommu/vt-d: clean up pr_irq if request_threaded_irq fails (bnc#1012382).\n\n - ip6_vti: adjust vti mtu according to mtu of lower device (bnc#1012382).\n\n - ipmi: do not probe ACPI devices if si_tryacpi is unset (bsc#1060799).\n\n - ipmi: Fix the I2C address extraction from SPMI tables (bsc#1060799).\n\n - ipmi_ssif: Fix logic around alert handling (bsc#1060799).\n\n - ipmi_ssif: remove redundant null check on array client->adapter->name (bsc#1060799).\n\n - ipmi_ssif: unlock on allocation failure (bsc#1060799).\n\n - ipmi:ssif: Use i2c_adapter_id instead of adapter->nr (bsc#1060799).\n\n - ipmi: Use the proper default value for register size in ACPI (bsc#1060799).\n\n - ipmi/watchdog: fix wdog hang on panic waiting for ipmi response (bnc#1012382).\n\n - ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() (bnc#1012382).\n\n - ipv6 sit: work around bogus gcc-8 -Wrestrict warning (bnc#1012382).\n\n - ipvlan: add L2 check for packets arriving via virtual devices (bnc#1012382).\n\n - irqchip/gic-v3-its: Add ACPI NUMA node mapping (bsc#1085981).\n\n - irqchip/gic-v3-its: Allow GIC ITS number more than MAX_NUMNODES (bsc#1085981).\n\n - irqchip/gic-v3-its: Ensure nr_ites >= nr_lpis (bnc#1012382).\n\n - irqchip/gic-v3-its: Remove ACPICA version check for ACPI NUMA (bsc#1085981).\n\n - kbuild: disable clang's default use of\n -fmerge-all-constants (bnc#1012382).\n\n - kbuild: Handle builtin dtb file names containing hyphens (bnc#1012382).\n\n - kprobes/x86: Fix kprobe-booster not to boost far call instructions (bnc#1012382).\n\n - kprobes/x86: Fix to set RWX bits correctly before releasing trampoline (git-fixes).\n\n - kprobes/x86: Set kprobes pages read-only (bnc#1012382).\n\n - kvm: arm/arm64: Handle CPU_PM_ENTER_FAILED (bsc#1086499).\n\n - kvm: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending (bsc#1086499).\n\n - kvm: arm/arm64: vgic: Do not populate multiple LRs with the same vintid (bsc#1086499).\n\n - kvm: arm/arm64: vgic-its: Check result of allocation before use (bsc#).\n\n - kvm: arm/arm64: vgic-its: Preserve the revious read from the pending table (bsc#1086499).\n\n - kvm: arm/arm64: vgic-v3: Tighten synchronization for guests using v2 on v3 (bsc#1086499).\n\n - kvm: mmu: Fix overlap between public and private memslots (bnc#1012382).\n\n - kvm: nVMX: fix nested tsc scaling (bsc1087999).\n\n - kvm: PPC: Book3S PR: Exit KVM on failed mapping (bnc#1012382).\n\n - kvm/x86: fix icebp instruction handling (bnc#1012382).\n\n - l2tp: do not accept arbitrary sockets (bnc#1012382).\n\n - libata: Apply NOLPM quirk to Crucial M500 480 and 960GB SSDs (bnc#1012382).\n\n - libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs (bnc#1012382).\n\n - libata: disable LPM for Crucial BX100 SSD 500GB drive (bnc#1012382).\n\n - libata: Enable queued TRIM for Samsung SSD 860 (bnc#1012382).\n\n - libata: fix length validation of ATAPI-relayed SCSI commands (bnc#1012382).\n\n - libata: Make Crucial BX100 500GB LPM quirk apply to all firmware versions (bnc#1012382).\n\n - libata: Modify quirks for MX100 to limit NCQ_TRIM quirk to MU01 version (bnc#1012382).\n\n - libata: remove WARN() for DMA or PIO command without data (bnc#1012382).\n\n - lock_parent() needs to recheck if dentry got\n __dentry_kill'ed under it (bnc#1012382).\n\n - loop: Fix lost writes caused by missing flag (bnc#1012382).\n\n - lpfc: update version to 11.4.0.7-1 (bsc#1085383).\n\n - mac80211: do not parse encrypted management frames in ieee80211_frame_acked (bnc#1012382).\n\n - mac80211: do not WARN on bad WMM parameters from buggy APs (bsc#1031717).\n\n - mac80211_hwsim: enforce PS_MANUAL_POLL to be set after PS_ENABLED (bnc#1012382).\n\n - mac80211: remove BUG() when interface type is invalid (bnc#1012382).\n\n - md-cluster: fix wrong condition check in raid1_write_request (bsc#1085402).\n\n - md/raid10: skip spare disk as 'first' disk (bnc#1012382).\n\n - md/raid10: wait up frozen array in handle_write_completed (bnc#1012382).\n\n - md/raid6: Fix anomily when recovering a single device in RAID6 (bnc#1012382).\n\n - media: au0828: fix VIDEO_V4L2 dependency (bsc#1031717).\n\n - media: bt8xx: Fix err 'bt878_probe()' (bnc#1012382).\n\n - media: c8sectpfe: fix potential NULL pointer dereference in c8sectpfe_timer_interrupt (bnc#1012382).\n\n - media: cpia2: Fix a couple off by one bugs (bnc#1012382).\n\n - media: cx25821: prevent out-of-bounds read on array card (bsc#1031717).\n\n - media/dvb-core: Race condition when writing to CAM (bnc#1012382).\n\n - media: i2c/soc_camera: fix ov6650 sensor getting wrong clock (bnc#1012382).\n\n - media: m88ds3103: do not call a non-initalized function (bnc#1012382).\n\n - media: [RESEND] media: dvb-frontends: Add delay to Si2168 restart (bnc#1012382).\n\n - media: s3c-camif: fix out-of-bounds array access (bsc#1031717).\n\n - mfd: palmas: Reset the POWERHOLD mux during power off (bnc#1012382).\n\n - mmc: avoid removing non-removable hosts during suspend (bnc#1012382).\n\n - mmc: dw_mmc: fix falling from idmac to PIO mode when dw_mci_reset occurs (bnc#1012382).\n\n - mmc: sdhci-of-esdhc: limit SD clock for ls1012a/ls1046a (bnc#1012382).\n\n - mm: Fix false-positive VM_BUG_ON() in page_cache_(get,add)_speculative() (bnc#1012382).\n\n - mm/hugetlb.c: do not call region_abort if region_chg fails (bnc#1084353).\n\n - mm/vmalloc: add interfaces to free unmapped page table (bnc#1012382).\n\n - mpls, nospec: Sanitize array index in mpls_label_ok() (bnc#1012382).\n\n - mt7601u: check return value of alloc_skb (bnc#1012382).\n\n - mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]() (bnc#1012382).\n\n - mtd: nand: fsl_ifc: Fix nand waitfunc return value (bnc#1012382).\n\n - mtip32xx: use runtime tag to initialize command header (bnc#1012382).\n\n - net/8021q: create device with all possible features in wanted_features (bnc#1012382).\n\n - net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred (bnc#1012382).\n\n - net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface (bnc#1012382).\n\n - net/faraday: Add missing include of of.h (bnc#1012382).\n\n - net: fec: Fix unbalanced PM runtime calls (bnc#1012382).\n\n - netfilter: add back stackpointer size checks (bnc#1012382).\n\n - netfilter: bridge: ebt_among: add missing match size checks (bnc#1012382).\n\n - netfilter: IDLETIMER: be syzkaller friendly (bnc#1012382).\n\n - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt (bnc#1012382).\n\n - netfilter: nat: cope with negative port range (bnc#1012382).\n\n - netfilter: use skb_to_full_sk in ip_route_me_harder (bnc#1012382).\n\n - netfilter: x_tables: fix missing timer initialization in xt_LED (bnc#1012382).\n\n - netfilter: xt_CT: fix refcnt leak on error path (bnc#1012382).\n\n - net: Fix hlist corruptions in inet_evict_bucket() (bnc#1012382).\n\n - net: fix race on decreasing number of TX queues (bnc#1012382).\n\n - net: ipv4: avoid unused variable warning for sysctl (git-fixes).\n\n - net: ipv4: do not allow setting net.ipv4.route.min_pmtu below 68 (bnc#1012382).\n\n - net: ipv6: send unsolicited NA after DAD (git-fixes).\n\n - net: ipv6: send unsolicited NA on admin up (bnc#1012382).\n\n - net/iucv: Free memory obtained by kzalloc (bnc#1012382).\n\n - netlink: avoid a double skb free in genlmsg_mcast() (bnc#1012382).\n\n - netlink: ensure to loop over all netns in genlmsg_multicast_allns() (bnc#1012382).\n\n - net: mpls: Pull common label check into helper (bnc#1012382).\n\n - net: Only honor ifindex in IP_PKTINFO if non-0 (bnc#1012382).\n\n - net: systemport: Rewrite __bcm_sysport_tx_reclaim() (bnc#1012382).\n\n - net: xfrm: allow clearing socket xfrm policies (bnc#1012382).\n\n - nfc: nfcmrvl: double free on error path (bnc#1012382).\n\n - nfc: nfcmrvl: Include unaligned.h instead of access_ok.h (bnc#1012382).\n\n - nfsd4: permit layoutget of executable-only files (bnc#1012382).\n\n - nfs: Fix an incorrect type in struct nfs_direct_req (bnc#1012382).\n\n - nospec: Allow index argument to have const-qualified type (bnc#1012382).\n\n - nospec: Include <asm/barrier.h> dependency (bnc#1012382).\n\n - nvme: do not send keep-alive frames during reset (bsc#1084223).\n\n - nvme: do not send keep-alives to the discovery controller (bsc#1086607).\n\n - nvme: expand nvmf_check_if_ready checks (bsc#1085058).\n\n - nvme/rdma: do no start error recovery twice (bsc#1084967).\n\n - nvmet_fc: prevent new io rqsts in possible isr completions (bsc#1083574).\n\n - of: fix of_device_get_modalias returned length when truncating buffers (bnc#1012382).\n\n - openvswitch: Delete conntrack entry clashing with an expectation (bnc#1012382).\n\n - Partial revert 'e1000e: Avoid receiver overrun interrupt bursts' (bsc#1075428).\n\n - pci: Add function 1 DMA alias quirk for Highpoint RocketRAID 644L (bnc#1012382).\n\n - pci: Add pci_reset_function_locked() (bsc#1084889).\n\n - pci: Apply Cavium ACS quirk only to CN81xx/CN83xx/CN88xx devices (bsc#1084914).\n\n - pci: Avoid FLR for Intel 82579 NICs (bsc#1084889).\n\n - pci: Avoid slot reset if bridge itself is broken (bsc#1084918).\n\n - pci: Export pcie_flr() (bsc#1084889).\n\n - pci: hv: Fix 2 hang issues in hv_compose_msi_msg() (fate#323887, bsc#1087659, bsc#1087906).\n\n - pci: hv: Fix a comment typo in\n _hv_pcifront_read_config() (fate#323887, bsc#1087659).\n\n - pci: hv: Only queue new work items in hv_pci_devices_present() if necessary (fate#323887, bsc#1087659).\n\n - pci: hv: Remove the bogus test in hv_eject_device_work() (fate#323887, bsc#1087659).\n\n - pci: hv: Serialize the present and eject work items (fate#323887, bsc#1087659).\n\n - pci: Mark Haswell Power Control Unit as having non-compliant BARs (bsc#1086015).\n\n - pci/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown() (bnc#1012382).\n\n - pci: Probe for device reset support during enumeration (bsc#1084889).\n\n - pci: Protect pci_error_handlers->reset_notify() usage with device_lock() (bsc#1084889).\n\n - pci: Protect restore with device lock to be consistent (bsc#1084889).\n\n - pci: Remove __pci_dev_reset() and pci_dev_reset() (bsc#1084889).\n\n - pci: Remove redundant probes for device reset support (bsc#1084889).\n\n - pci: Wait for up to 1000ms after FLR reset (bsc#1084889).\n\n - perf inject: Copy events when reordering events in pipe mode (bnc#1012382).\n\n - perf probe: Return errno when not hitting any event (bnc#1012382).\n\n - perf session: Do not rely on evlist in pipe mode (bnc#1012382).\n\n - perf sort: Fix segfault with basic block 'cycles' sort dimension (bnc#1012382).\n\n - perf tests kmod-path: Do not fail if compressed modules are not supported (bnc#1012382).\n\n - perf tools: Make perf_event__synthesize_mmap_events() scale (bnc#1012382).\n\n - perf/x86/intel: Do not accidentally clear high bits in bdw_limit_period() (bnc#1012382).\n\n - perf/x86/intel/uncore: Fix multi-domain pci CHA enumeration bug on Skylake servers (bsc#1086357).\n\n - pinctrl: Really force states during suspend/resume (bnc#1012382).\n\n - platform/chrome: Use proper protocol transfer function (bnc#1012382).\n\n - platform/x86: asus-nb-wmi: Add wapf4 quirk for the X302UA (bnc#1012382).\n\n - posix-timers: Protect posix clock array access against speculation (bnc#1081358).\n\n - power: supply: pda_power: move from timer to delayed_work (bnc#1012382).\n\n - ppp: prevent unregistered channels from connecting to PPP units (bnc#1012382).\n\n - pty: cancel pty slave port buf's work in tty_release (bnc#1012382).\n\n - pwm: tegra: Increase precision in PWM rate calculation (bnc#1012382).\n\n - qed: Free RoCE ILT Memory on rmmod qedr (bsc#1019695 FATE#321703 bsc#1019699 FATE#321702 bsc#1022604 FATE#321747).\n\n - qed: Use after free in qed_rdma_free() (bsc#1019695 FATE#321703 bsc#1019699 FATE#321702 bsc#1022604 FATE#321747).\n\n - qeth: repair SBAL elements calculation (bnc#1085507, LTC#165484).\n\n - qlcnic: fix unchecked return value (bnc#1012382).\n\n - rcutorture/configinit: Fix build directory error message (bnc#1012382).\n\n - rdma/cma: Use correct size when writing netlink stats (bnc#1012382).\n\n - rdma/core: do not use invalid destination in determining port reuse (fate#321231 fate#321473 fate#322153 fate#322149).\n\n - rdma/iwpm: Fix uninitialized error code in iwpm_send_mapinfo() (bnc#1012382).\n\n - rdma/mlx5: Fix integer overflow while resizing CQ (bnc#1012382).\n\n - rdma/ocrdma: Fix permissions for OCRDMA_RESET_STATS (bnc#1012382).\n\n - rdma/ucma: Check that user does not overflow QP state (bnc#1012382).\n\n - rdma/ucma: Fix access to non-initialized CM_ID object (bnc#1012382).\n\n - rdma/ucma: Limit possible option size (bnc#1012382).\n\n - regmap: Do not use format_val in regmap_bulk_read (bsc#1031717).\n\n - regmap: Fix reversed bounds check in regmap_raw_write() (bsc#1031717).\n\n - regmap: Format data for raw write in regmap_bulk_write (bsc#1031717).\n\n - regmap-i2c: Off by one in regmap_i2c_smbus_i2c_read/write() (bsc#1031717).\n\n - regulator: anatop: set default voltage selector for pcie (bnc#1012382).\n\n - reiserfs: Make cancel_old_flush() reliable (bnc#1012382).\n\n - Revert 'ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux' (bnc#1012382).\n\n - Revert 'e1000e: Separate signaling for link check/link up' (bsc#1075428).\n\n - Revert 'genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs' (bnc#1012382).\n\n - Revert 'ipvlan: add L2 check for packets arriving via virtual devices' (reverted in upstream).\n\n - Revert 'led: core: Fix brightness setting when setting delay_off=0' (bnc#1012382).\n\n - rndis_wlan: add return value validation (bnc#1012382).\n\n - rtc: cmos: Do not assume irq 8 for rtc when there are no legacy irqs (bnc#1012382).\n\n - rtlwifi: rtl8723be: Fix loss of signal (bnc#1012382).\n\n - rtlwifi: rtl_pci: Fix the bug when inactiveps is enabled (bnc#1012382).\n\n - s390/mm: fix local TLB flushing vs. detach of an mm address space (bnc#1088324, LTC#166470).\n\n - s390/mm: fix race on mm->context.flush_mm (bnc#1088324, LTC#166470).\n\n - s390/mm: no local TLB flush for clearing-by-ASCE IDTE (bnc#1088324, LTC#166470).\n\n - s390/qeth: apply takeover changes when mode is toggled (bnc#1085507, LTC#165490).\n\n - s390/qeth: do not apply takeover changes to RXIP (bnc#1085507, LTC#165490).\n\n - s390/qeth: fix double-free on IP add/remove race (bnc#1085507, LTC#165491).\n\n - s390/qeth: fix IPA command submission race (bnc#1012382).\n\n - s390/qeth: fix IP address lookup for L3 devices (bnc#1085507, LTC#165491).\n\n - s390/qeth: fix IP removal on offline cards (bnc#1085507, LTC#165491).\n\n - s390/qeth: fix SETIP command handling (bnc#1012382).\n\n - s390/qeth: free netdevice when removing a card (bnc#1012382).\n\n - s390/qeth: improve error reporting on IP add/removal (bnc#1085507, LTC#165491).\n\n - s390/qeth: lock IP table while applying takeover changes (bnc#1085507, LTC#165490).\n\n - s390/qeth: lock read device while queueing next buffer (bnc#1012382).\n\n - s390/qeth: on channel error, reject further cmd requests (bnc#1012382).\n\n - s390/qeth: update takeover IPs after configuration change (bnc#1085507, LTC#165490).\n\n - s390/qeth: when thread completes, wake up all waiters (bnc#1012382).\n\n - sched: act_csum: do not mangle TCP and UDP GSO packets (bnc#1012382).\n\n - sched: Stop resched_cpu() from sending IPIs to offline CPUs (bnc#1012382).\n\n - sched: Stop switched_to_rt() from sending IPIs to offline CPUs (bnc#1012382).\n\n - scsi: core: scsi_get_device_flags_keyed(): Always return device flags (bnc#1012382).\n\n - scsi: devinfo: apply to HP XP the same flags as Hitachi VSP (bnc#1012382).\n\n - scsi: dh: add new rdac devices (bnc#1012382).\n\n - scsi: lpfc: Add missing unlock in WQ full logic (bsc#1085383).\n\n - scsi: lpfc: Code cleanup for 128byte wqe data type (bsc#1085383).\n\n - scsi: lpfc: Fix mailbox wait for POST_SGL mbox command (bsc#1085383).\n\n - scsi: lpfc: Fix NVME Initiator FirstBurst (bsc#1085383).\n\n - scsi: lpfc: Fix SCSI lun discovery when port configured for both SCSI and NVME (bsc#1085383).\n\n - scsi: lpfc: Memory allocation error during driver start-up on power8 (bsc#1085383).\n\n - scsi: mac_esp: Replace bogus memory barrier with spinlock (bnc#1012382).\n\n - scsi: sg: check for valid direction before starting the request (bnc#1012382).\n\n - scsi: sg: fix SG_DXFER_FROM_DEV transfers (bnc#1012382).\n\n - scsi: sg: fix static checker warning in sg_is_valid_dxfer (bnc#1012382).\n\n - scsi: sg: only check for dxfer_len greater than 256M (bnc#1012382 bsc#1064206).\n\n - scsi: virtio_scsi: always read VPD pages for multiqueue too (git-fixes).\n\n - scsi: virtio_scsi: Always try to read VPD pages (bnc#1012382).\n\n - sctp: fix dst refcnt leak in sctp_v4_get_dst (bnc#1012382).\n\n - sctp: fix dst refcnt leak in sctp_v6_get_dst() (bnc#1012382).\n\n - sctp: verify size of a new chunk in _sctp_make_chunk() (bnc#1012382).\n\n - selftests/x86: Add tests for the STR and SLDT instructions (bnc#1012382).\n\n - selftests/x86: Add tests for User-Mode Instruction Prevention (bnc#1012382).\n\n - selftests/x86/entry_from_vm86: Add test cases for POPF (bnc#1012382).\n\n - selftests/x86/entry_from_vm86: Exit with 1 if we fail (bnc#1012382).\n\n - selinux: check for address length in selinux_socket_bind() (bnc#1012382).\n\n - serial: 8250_pci: Add Brainboxes UC-260 4 port serial device (bnc#1012382).\n\n - serial: sh-sci: prevent lockup on full TTY buffers (bnc#1012382).\n\n - skbuff: Fix not waking applications when errors are enqueued (bnc#1012382).\n\n - sm501fb: do not return zero on failure path in sm501fb_start() (bnc#1012382).\n\n - solo6x10: release vb2 buffers in solo_stop_streaming() (bnc#1012382).\n\n - spi: dw: Disable clock after unregistering the host (bnc#1012382).\n\n - spi: omap2-mcspi: poll OMAP2_MCSPI_CHSTAT_RXS for PIO transfer (bnc#1012382).\n\n - spi: sun6i: disable/unprepare clocks on remove (bnc#1012382).\n\n - staging: android: ashmem: Fix lockdep issue during llseek (bnc#1012382).\n\n - staging: android: ashmem: Fix possible deadlock in ashmem_ioctl (bnc#1012382).\n\n - staging: comedi: fix comedi_nsamples_left (bnc#1012382).\n\n - staging: lustre: ptlrpc: kfree used instead of kvfree (bnc#1012382).\n\n - staging: ncpfs: memory corruption in ncp_read_kernel() (bnc#1012382).\n\n - staging: speakup: Replace BUG_ON() with WARN_ON() (bnc#1012382).\n\n - staging: unisys: visorhba: fix s-Par to boot with option CONFIG_VMAP_STACK set to y (bnc#1012382).\n\n - staging: wilc1000: add check for kmalloc allocation failure (bnc#1012382).\n\n - staging: wilc1000: fix unchecked return value (bnc#1012382).\n\n - Subject: af_iucv: enable control sends in case of SEND_SHUTDOWN (bnc#1085507, LTC#165135).\n\n - sysrq: Reset the watchdog timers while displaying high-resolution timers (bnc#1012382).\n\n - tcm_fileio: Prevent information leak for short reads (bnc#1012382).\n\n - tcp: remove poll() flakes with FastOpen (bnc#1012382).\n\n - tcp: sysctl: Fix a race to avoid unexpected 0 window from space (bnc#1012382).\n\n - team: Fix double free in error path (bnc#1012382).\n\n - test_firmware: fix setting old custom fw path back on exit (bnc#1012382).\n\n - time: Change posix clocks ops interfaces to use timespec64 (bnc#1012382).\n\n - timers, sched_clock: Update timeout for clock wrap (bnc#1012382).\n\n - tools/usbip: fixes build with musl libc toolchain (bnc#1012382).\n\n - tpm_i2c_infineon: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382).\n\n - tpm_i2c_nuvoton: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382).\n\n - tpm: st33zp24: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382).\n\n - tpm/tpm_crb: Use start method value from ACPI table directly (bsc#1084452).\n\n - tracing: probeevent: Fix to support minus offset from symbol (bnc#1012382).\n\n - tty/serial: atmel: add new version check for usart (bnc#1012382).\n\n - tty: vt: fix up tabstops properly (bnc#1012382).\n\n - uas: fix comparison for error code (bnc#1012382).\n\n - ubi: Fix race condition between ubi volume creation and udev (bnc#1012382).\n\n - udplite: fix partial checksum initialization (bnc#1012382).\n\n - usb: Do not print a warning if interface driver rebind is deferred at resume (bsc#1087211).\n\n - usb: dwc2: Make sure we disconnect the gadget state (bnc#1012382).\n\n - usb: gadget: bdc: 64-bit pointer capability check (bnc#1012382).\n\n - usb: gadget: dummy_hcd: Fix wrong power status bit clear/reset in dummy_hub_control() (bnc#1012382).\n\n - usb: gadget: f_fs: Fix use-after-free in ffs_fs_kill_sb() (bnc#1012382).\n\n - usb: gadget: udc: Add missing platform_device_put() on error in bdc_pci_probe() (bnc#1012382).\n\n - usb: quirks: add control message delay for 1b1c:1b20 (bnc#1012382).\n\n - usb: storage: Add JMicron bridge 152d:2567 to unusual_devs.h (bnc#1012382).\n\n - usb: usbmon: Read text within supplied buffer size (bnc#1012382).\n\n - usb: usbmon: remove assignment from IS_ERR argument (bnc#1012382).\n\n - veth: set peer GSO values (bnc#1012382).\n\n - vgacon: Set VGA struct resource types (bnc#1012382).\n\n - video: ARM CLCD: fix dma allocation size (bnc#1012382).\n\n - video: fbdev: udlfb: Fix buffer on stack (bnc#1012382).\n\n - video/hdmi: Allow 'empty' HDMI infoframes (bnc#1012382).\n\n - vxlan: vxlan dev should inherit lowerdev's gso_max_size (bnc#1012382).\n\n - wan: pc300too: abort path on failure (bnc#1012382).\n\n - watchdog: hpwdt: Check source of NMI (bnc#1012382).\n\n - watchdog: hpwdt: fix unused variable warning (bnc#1012382).\n\n - watchdog: hpwdt: SMBIOS check (bnc#1012382).\n\n - wil6210: fix memory access violation in wil_memcpy_from/toio_32 (bnc#1012382).\n\n - workqueue: Allow retrieval of current task's work struct (bnc#1012382).\n\n - x86/apic/vector: Handle legacy irq data correctly (bnc#1012382).\n\n - x86/boot/64: Verify alignment of the LOAD segment (bnc#1012382).\n\n - x86/build/64: Force the linker to use 2MB page size (bnc#1012382).\n\n - x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088).\n\n - x86: i8259: export legacy_pic symbol (bnc#1012382).\n\n - x86/kaiser: Duplicate cpu_tss for an entry trampoline usage (bsc#1077560 bsc#1083836).\n\n - x86/kaiser: enforce trampoline stack alignment (bsc#1087260).\n\n - x86/kaiser: Remove a user mapping of cpu_tss structure (bsc#1077560 bsc#1083836).\n\n - x86/kaiser: Use a per-CPU trampoline stack for kernel entry (bsc#1077560).\n\n - x86/MCE: Serialize sysfs changes (bnc#1012382).\n\n - x86/mm: Fix vmalloc_fault to use pXd_large (bnc#1012382).\n\n - x86/mm: implement free pmd/pte page interfaces (bnc#1012382).\n\n - x86/module: Detect and skip invalid relocations (bnc#1012382).\n\n - x86/speculation: Remove Skylake C2 from Speculation Control microcode blacklist (bsc#1087845).\n\n - x86: Treat R_X86_64_PLT32 as R_X86_64_PC32 (bnc#1012382).\n\n - x86/vm86/32: Fix POPF emulation (bnc#1012382).\n\n - xen-blkfront: fix mq start/stop race (bsc#1085042).\n\n - xen-netback: use skb to determine number of required guest Rx requests (bsc#1046610).", "cvss3": {}, "published": "2018-04-18T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2018-377)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1091", "CVE-2018-7740", "CVE-2018-8043"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-docs-pdf", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kselftests-kmp-debug", "p-cpe:/a:novell:opensuse:kselftests-kmp-debug-debuginfo", "p-cpe:/a:novell:opensuse:kselftests-kmp-default", "p-cpe:/a:novell:opensuse:kselftests-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:kselftests-kmp-vanilla", "p-cpe:/a:novell:opensuse:kselftests-kmp-vanilla-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-377.NASL", "href": "https://www.tenable.com/plugins/nessus/109103", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-377.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(109103);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-1091\", \"CVE-2018-7740\", \"CVE-2018-8043\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2018-377)\");\n script_summary(english:\"Check for the openSUSE-2018-377 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 42.3 kernel was updated to 4.4.126 to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2018-1091: In the flush_tmregs_to_thread function in\n arch/powerpc/kernel/ptrace.c, a guest kernel crash can\n be triggered from unprivileged userspace during a core\n dump on a POWER host due to a missing processor feature\n check and an erroneous use of transactional memory (TM)\n instructions in the core dump path, leading to a denial\n of service (bnc#1087231).\n\n - CVE-2018-8043: The unimac_mdio_probe function in\n drivers/net/phy/mdio-bcm-unimac.c did not validate\n certain resource availability, which allowed local users\n to cause a denial of service (NULL pointer dereference)\n (bnc#1084829).\n\n - CVE-2018-7740: The resv_map_release function in\n mm/hugetlb.c allowed local users to cause a denial of\n service (BUG) via a crafted application that made mmap\n system calls and has a large pgoff argument to the\n remap_file_pages system call (bnc#1084353).\n\nThe following non-security bugs were fixed :\n\n - acpica: Add header support for TPM2 table changes\n (bsc#1084452).\n\n - acpica: Add support for new SRAT subtable (bsc#1085981).\n\n - acpica: iasl: Update to IORT SMMUv3 disassembling\n (bsc#1085981).\n\n - acpi/IORT: numa: Add numa node mapping for smmuv3\n devices (bsc#1085981).\n\n - acpi, numa: fix pxm to online numa node associations\n (bnc#1012382).\n\n - acpi / PMIC: xpower: Fix power_table addresses\n (bnc#1012382).\n\n - acpi/processor: Fix error handling in\n __acpi_processor_start() (bnc#1012382).\n\n - acpi/processor: Replace racy task affinity logic\n (bnc#1012382).\n\n - agp/intel: Flush all chipset writes after updating the\n GGTT (bnc#1012382).\n\n - ahci: Add pci-id for the Highpoint Rocketraid 644L card\n (bnc#1012382).\n\n - alsa: aloop: Fix access to not-yet-ready substream via\n cable (bnc#1012382).\n\n - alsa: aloop: Sync stale timer before release\n (bnc#1012382).\n\n - alsa: firewire-digi00x: handle all MIDI messages on\n streaming packets (bnc#1012382).\n\n - alsa: hda: Add a power_save blacklist (bnc#1012382).\n\n - alsa: hda: add dock and led support for HP EliteBook 820\n G3 (bnc#1012382).\n\n - alsa: hda: add dock and led support for HP ProBook 640\n G2 (bnc#1012382).\n\n - alsa: hda/realtek - Always immediately update mute LED\n with pin VREF (bnc#1012382).\n\n - alsa: hda/realtek - Fix dock line-out volume on Dell\n Precision 7520 (bnc#1012382).\n\n - alsa: hda/realtek - Fix speaker no sound after system\n resume (bsc#1031717).\n\n - alsa: hda - Revert power_save option default value\n (git-fixes).\n\n - alsa: pcm: Fix UAF in snd_pcm_oss_get_formats()\n (bnc#1012382).\n\n - alsa: usb-audio: Add a quirck for B&W PX headphones\n (bnc#1012382).\n\n - alsa: usb-audio: Fix parsing descriptor of UAC2\n processing unit (bnc#1012382).\n\n - apparmor: Make path_max parameter readonly\n (bnc#1012382).\n\n - arm64: Add missing Falkor part number for branch\n predictor hardening (bsc#1068032).\n\n - arm64 / cpuidle: Use new cpuidle macro for entering\n retention state (bsc#1084328).\n\n - arm64: mm: do not write garbage into TTBR1_EL1 register\n (bsc#1085487).\n\n - arm: 8668/1: ftrace: Fix dynamic ftrace with\n DEBUG_RODATA and !FRAME_POINTER (bnc#1012382).\n\n - arm: DRA7: clockdomain: Change the CLKTRCTRL of\n CM_PCIE_CLKSTCTRL to SW_WKUP (bnc#1012382).\n\n - arm: dts: Adjust moxart IRQ controller and flags\n (bnc#1012382).\n\n - arm: dts: am335x-pepper: Fix the audio CODEC's reset pin\n (bnc#1012382).\n\n - arm: dts: exynos: Correct Trats2 panel reset line\n (bnc#1012382).\n\n - arm: dts: koelsch: Correct clock frequency of X2 DU\n clock input (bnc#1012382).\n\n - arm: dts: LogicPD Torpedo: Fix I2C1 pinmux\n (bnc#1012382).\n\n - arm: dts: omap3-n900: Fix the audio CODEC's reset pin\n (bnc#1012382).\n\n - arm: dts: r8a7790: Correct parent of SSI[0-9] clocks\n (bnc#1012382).\n\n - arm: dts: r8a7791: Correct parent of SSI[0-9] clocks\n (bnc#1012382).\n\n - arm: mvebu: Fix broken PL310_ERRATA_753970 selects\n (bnc#1012382).\n\n - asoc: rcar: ssi: do not set SSICR.CKDV = 000 with\n SSIWSR.CONT (bnc#1012382).\n\n - ath10k: disallow DFS simulation if DFS channel is not\n enabled (bnc#1012382).\n\n - ath10k: fix invalid STS_CAP_OFFSET_MASK (bnc#1012382).\n\n - ath10k: update tdls teardown state to target\n (bnc#1012382).\n\n - ath: Fix updating radar flags for coutry code India\n (bnc#1012382).\n\n - batman-adv: handle race condition for claims between\n gateways (bnc#1012382).\n\n - bcache: do not attach backing with duplicate UUID\n (bnc#1012382).\n\n - blkcg: fix double free of new_blkg in blkcg_init_queue\n (bnc#1012382).\n\n - blk-throttle: make sure expire time isn't too big\n (bnc#1012382).\n\n - block: do not assign cmd_flags in __blk_rq_prep_clone\n (bsc#1088087).\n\n - block-mq: stop workqueue items in blk_mq_stop_hw_queue()\n (bsc#1084967).\n\n - bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174\n (bnc#1012382).\n\n - bluetooth: hci_qca: Avoid setup failure on missing\n rampatch (bnc#1012382).\n\n - bnx2x: Align RX buffers (bnc#1012382).\n\n - bonding: refine bond_fold_stats() wrap detection\n (bnc#1012382).\n\n - bpf: fix incorrect sign extension in check_alu_op()\n (bnc#1012382).\n\n - bpf: skip unnecessary capability check (bnc#1012382).\n\n - bpf, x64: implement retpoline for tail call\n (bnc#1012382).\n\n - bpf, x64: increase number of passes (bnc#1012382).\n\n - braille-console: Fix value returned by\n _braille_console_setup (bnc#1012382).\n\n - brcmfmac: fix P2P_DEVICE ethernet address generation\n (bnc#1012382).\n\n - bridge: check brport attr show in brport_show\n (bnc#1012382).\n\n - btrfs: alloc_chunk: fix DUP stripe size handling\n (bnc#1012382).\n\n - btrfs: Fix use-after-free when cleaning up fs_devs with\n a single stale device (bnc#1012382).\n\n - btrfs: improve delayed refs iterations (bsc#1076033).\n\n - btrfs: incremental send, fix invalid memory access\n (git-fixes).\n\n - btrfs: preserve i_mode if __btrfs_set_acl() fails\n (bnc#1012382).\n\n - btrfs: send, fix file hole not being preserved due to\n inline extent (bnc#1012382).\n\n - can: cc770: Fix queue stall & dropped RTR reply\n (bnc#1012382).\n\n - can: cc770: Fix stalls on rt-linux, remove redundant IRQ\n ack (bnc#1012382).\n\n - can: cc770: Fix use after free in cc770_tx_interrupt()\n (bnc#1012382).\n\n - ceph: only dirty ITER_IOVEC pages for direct read\n (bsc#1084898).\n\n - clk: bcm2835: Protect sections updating shared registers\n (bnc#1012382).\n\n - clk: ns2: Correct SDIO bits (bnc#1012382).\n\n - clk: qcom: msm8916: fix mnd_width for codec_digcodec\n (bnc#1012382).\n\n - clk: si5351: Rename internal plls to avoid name\n collisions (bnc#1012382).\n\n - coresight: Fix disabling of CoreSight TPIU\n (bnc#1012382).\n\n - coresight: Fixes coresight DT parse to get correct\n output port ID (bnc#1012382).\n\n - cpufreq: Fix governor module removal race (bnc#1012382).\n\n - cpufreq: s3c24xx: Fix broken s3c_cpufreq_init()\n (bnc#1012382).\n\n - cpufreq/sh: Replace racy task affinity logic\n (bnc#1012382).\n\n - cpuidle: Add new macro to enter a retention idle state\n (bsc#1084328).\n\n - cros_ec: fix nul-termination for firmware build info\n (bnc#1012382).\n\n - crypto: cavium - fix memory leak on info (bsc#1086518).\n\n - dcache: Add cond_resched in shrink_dentry_list\n (bsc#1086194).\n\n - dccp: check sk for closed state in dccp_sendmsg()\n (bnc#1012382).\n\n - dmaengine: imx-sdma: add 1ms delay to ensure SDMA\n channel is stopped (bnc#1012382).\n\n - dmaengine: ti-dma-crossbar: Fix event mapping for\n TPCC_EVT_MUX_60_63 (bnc#1012382).\n\n - dm: Always copy cmd_flags when cloning a request\n (bsc#1088087).\n\n - driver: (adm1275) set the m,b and R coefficients\n correctly for power (bnc#1012382).\n\n - drm: Allow determining if current task is output poll\n worker (bnc#1012382).\n\n - drm/amdgpu/dce: Do not turn off DP sink when\n disconnected (bnc#1012382).\n\n - drm/amdgpu: Fail fb creation from imported dma-bufs.\n (v2) (bnc#1012382).\n\n - drm/amdgpu: Fix deadlock on runtime suspend\n (bnc#1012382).\n\n - drm/amdgpu: fix KV harvesting (bnc#1012382).\n\n - drm/amdgpu: Notify sbios device ready before send\n request (bnc#1012382).\n\n - drm/amdkfd: Fix memory leaks in kfd topology\n (bnc#1012382).\n\n - drm: Defer disabling the vblank IRQ until the next\n interrupt (for instant-off) (bnc#1012382).\n\n - drm/edid: set ELD connector type in drm_edid_to_eld()\n (bnc#1012382).\n\n - drm/i915/cmdparser: Do not check past the cmd length\n (bsc#1031717).\n\n - drm/i915/psr: Check for the specific AUX_FRAME_SYNC cap\n bit (bsc#1031717).\n\n - drm/msm: fix leak in failed get_pages (bnc#1012382).\n\n - drm/nouveau: Fix deadlock on runtime suspend\n (bnc#1012382).\n\n - drm/nouveau/kms: Increase max retries in scanout\n position queries (bnc#1012382).\n\n - drm/omap: DMM: Check for DMM readiness after successful\n transaction commit (bnc#1012382).\n\n - drm: qxl: Do not alloc fbdev if emulation is not\n supported (bnc#1012382).\n\n - drm/radeon: Do not turn off DP sink when disconnected\n (bnc#1012382).\n\n - drm/radeon: Fail fb creation from imported dma-bufs\n (bnc#1012382).\n\n - drm/radeon: Fix deadlock on runtime suspend\n (bnc#1012382).\n\n - drm/radeon: fix KV harvesting (bnc#1012382).\n\n - drm: udl: Properly check framebuffer mmap offsets\n (bnc#1012382).\n\n - drm/vmwgfx: Fix a destoy-while-held mutex problem\n (bnc#1012382).\n\n - drm/vmwgfx: Fixes to vmwgfx_fb (bnc#1012382).\n\n - e1000e: Avoid missed interrupts following ICR read\n (bsc#1075428).\n\n - e1000e: Avoid receiver overrun interrupt bursts\n (bsc#1075428).\n\n - e1000e: Fix check_for_link return value with autoneg off\n (bsc#1075428).\n\n - e1000e: Fix link check race condition (bsc#1075428).\n\n - e1000e: Fix queue interrupt re-raising in Other\n interrupt (bsc#1075428).\n\n - e1000e: fix timing for 82579 Gigabit Ethernet controller\n (bnc#1012382).\n\n - e1000e: Remove Other from EIAC (bsc#1075428).\n\n - EDAC, sb_edac: Fix out of bound writes during DIMM\n configuration on KNL (git-fixes 3286d3eb906c).\n\n - ext4: inplace xattr block update fails to deduplicate\n blocks (bnc#1012382).\n\n - f2fs: relax node version check for victim data in gc\n (bnc#1012382).\n\n - fib_semantics: Do not match route with mismatching\n tclassid (bnc#1012382).\n\n - fixup: sctp: verify size of a new chunk in\n _sctp_make_chunk() (bnc#1012382).\n\n - fs/aio: Add explicit RCU grace period when freeing\n kioctx (bnc#1012382).\n\n - fs/aio: Use RCU accessors for kioctx_table->table[]\n (bnc#1012382).\n\n - fs/hugetlbfs/inode.c: change put_page/unlock_page order\n in hugetlbfs_fallocate() (git-fixes, bsc#1083745).\n\n - fs: Teach path_connected to handle nfs filesystems with\n multiple roots (bnc#1012382).\n\n - genirq: Track whether the trigger type has been set\n (git-fixes).\n\n - genirq: Use irqd_get_trigger_type to compare the trigger\n type for shared IRQs (bnc#1012382).\n\n - hdlc_ppp: carrier detect ok, do not turn off negotiation\n (bnc#1012382).\n\n - hid: clamp input to logical range if no null state\n (bnc#1012382).\n\n - hid: reject input outside logical range only if null\n state is set (bnc#1012382).\n\n - hugetlbfs: fix offset overflow in hugetlbfs mmap\n (bnc#1084353).\n\n - hv_balloon: fix bugs in num_pages_onlined accounting\n (fate#323887).\n\n - hv_balloon: fix printk loglevel (fate#323887).\n\n - hv_balloon: simplify\n hv_online_page()/hv_page_online_one() (fate#323887).\n\n - i2c: i2c-scmi: add a MS HID (bnc#1012382).\n\n - i2c: xlp9xx: Check for Bus state before every transfer\n (bsc#1084310).\n\n - i2c: xlp9xx: Handle NACK on DATA properly (bsc#1084310).\n\n - i2c: xlp9xx: Handle transactions with I2C_M_RECV_LEN\n properly (bsc#1060799).\n\n - i2c: xlp9xx: return ENXIO on slave address NACK\n (bsc#1060799).\n\n - i40e: Acquire NVM lock before reads on all devices\n (bnc#1012382).\n\n - ia64: fix module loading for gcc-5.4 (bnc#1012382).\n\n - IB/ipoib: Avoid memory leak if the SA returns a\n different DGID (bnc#1012382).\n\n - IB/ipoib: Update broadcast object if PKey value was\n changed in index 0 (bnc#1012382).\n\n - IB/mlx4: Change vma from shared to private\n (bnc#1012382).\n\n - IB/mlx4: Take write semaphore when changing the vma\n struct (bnc#1012382).\n\n - ibmvfc: Avoid unnecessary port relogin (bsc#1085404).\n\n - ibmvnic: Fix reset return from closed state\n (bsc#1084610).\n\n - ibmvnic: Potential NULL dereference in\n clean_one_tx_pool() (bsc#1085224, git-fixes).\n\n - ibmvnic: Remove unused TSO resources in TX pool\n structure (bsc#1085224).\n\n - ibmvnic: Update TX pool cleaning routine (bsc#1085224).\n\n - IB/umem: Fix use of npages/nmap fields (bnc#1012382).\n\n - ieee802154: 6lowpan: fix possible NULL deref in\n lowpan_device_event() (bnc#1012382).\n\n - iio: st_pressure: st_accel: Initialise sensor platform\n data properly (bnc#1012382).\n\n - iio: st_pressure: st_accel: pass correct platform data\n to init (git-fixes).\n\n - ima: relax requiring a file signature for new files with\n zero length (bnc#1012382).\n\n - infiniband/uverbs: Fix integer overflows (bnc#1012382).\n\n - input: matrix_keypad - fix race when disabling\n interrupts (bnc#1012382).\n\n - input: qt1070 - add OF device ID table (bnc#1012382).\n\n - input: tsc2007 - check for presence and power down\n tsc2007 during probe (bnc#1012382).\n\n - iommu/omap: Register driver before setting IOMMU ops\n (bnc#1012382).\n\n - iommu/vt-d: clean up pr_irq if request_threaded_irq\n fails (bnc#1012382).\n\n - ip6_vti: adjust vti mtu according to mtu of lower device\n (bnc#1012382).\n\n - ipmi: do not probe ACPI devices if si_tryacpi is unset\n (bsc#1060799).\n\n - ipmi: Fix the I2C address extraction from SPMI tables\n (bsc#1060799).\n\n - ipmi_ssif: Fix logic around alert handling\n (bsc#1060799).\n\n - ipmi_ssif: remove redundant null check on array\n client->adapter->name (bsc#1060799).\n\n - ipmi_ssif: unlock on allocation failure (bsc#1060799).\n\n - ipmi:ssif: Use i2c_adapter_id instead of adapter->nr\n (bsc#1060799).\n\n - ipmi: Use the proper default value for register size in\n ACPI (bsc#1060799).\n\n - ipmi/watchdog: fix wdog hang on panic waiting for ipmi\n response (bnc#1012382).\n\n - ipv6: fix access to non-linear packet in\n ndisc_fill_redirect_hdr_option() (bnc#1012382).\n\n - ipv6 sit: work around bogus gcc-8 -Wrestrict warning\n (bnc#1012382).\n\n - ipvlan: add L2 check for packets arriving via virtual\n devices (bnc#1012382).\n\n - irqchip/gic-v3-its: Add ACPI NUMA node mapping\n (bsc#1085981).\n\n - irqchip/gic-v3-its: Allow GIC ITS number more than\n MAX_NUMNODES (bsc#1085981).\n\n - irqchip/gic-v3-its: Ensure nr_ites >= nr_lpis\n (bnc#1012382).\n\n - irqchip/gic-v3-its: Remove ACPICA version check for ACPI\n NUMA (bsc#1085981).\n\n - kbuild: disable clang's default use of\n -fmerge-all-constants (bnc#1012382).\n\n - kbuild: Handle builtin dtb file names containing hyphens\n (bnc#1012382).\n\n - kprobes/x86: Fix kprobe-booster not to boost far call\n instructions (bnc#1012382).\n\n - kprobes/x86: Fix to set RWX bits correctly before\n releasing trampoline (git-fixes).\n\n - kprobes/x86: Set kprobes pages read-only (bnc#1012382).\n\n - kvm: arm/arm64: Handle CPU_PM_ENTER_FAILED\n (bsc#1086499).\n\n - kvm: arm/arm64: vgic: Add missing irq_lock to\n vgic_mmio_read_pending (bsc#1086499).\n\n - kvm: arm/arm64: vgic: Do not populate multiple LRs with\n the same vintid (bsc#1086499).\n\n - kvm: arm/arm64: vgic-its: Check result of allocation\n before use (bsc#).\n\n - kvm: arm/arm64: vgic-its: Preserve the revious read from\n the pending table (bsc#1086499).\n\n - kvm: arm/arm64: vgic-v3: Tighten synchronization for\n guests using v2 on v3 (bsc#1086499).\n\n - kvm: mmu: Fix overlap between public and private\n memslots (bnc#1012382).\n\n - kvm: nVMX: fix nested tsc scaling (bsc1087999).\n\n - kvm: PPC: Book3S PR: Exit KVM on failed mapping\n (bnc#1012382).\n\n - kvm/x86: fix icebp instruction handling (bnc#1012382).\n\n - l2tp: do not accept arbitrary sockets (bnc#1012382).\n\n - libata: Apply NOLPM quirk to Crucial M500 480 and 960GB\n SSDs (bnc#1012382).\n\n - libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs\n (bnc#1012382).\n\n - libata: disable LPM for Crucial BX100 SSD 500GB drive\n (bnc#1012382).\n\n - libata: Enable queued TRIM for Samsung SSD 860\n (bnc#1012382).\n\n - libata: fix length validation of ATAPI-relayed SCSI\n commands (bnc#1012382).\n\n - libata: Make Crucial BX100 500GB LPM quirk apply to all\n firmware versions (bnc#1012382).\n\n - libata: Modify quirks for MX100 to limit NCQ_TRIM quirk\n to MU01 version (bnc#1012382).\n\n - libata: remove WARN() for DMA or PIO command without\n data (bnc#1012382).\n\n - lock_parent() needs to recheck if dentry got\n __dentry_kill'ed under it (bnc#1012382).\n\n - loop: Fix lost writes caused by missing flag\n (bnc#1012382).\n\n - lpfc: update version to 11.4.0.7-1 (bsc#1085383).\n\n - mac80211: do not parse encrypted management frames in\n ieee80211_frame_acked (bnc#1012382).\n\n - mac80211: do not WARN on bad WMM parameters from buggy\n APs (bsc#1031717).\n\n - mac80211_hwsim: enforce PS_MANUAL_POLL to be set after\n PS_ENABLED (bnc#1012382).\n\n - mac80211: remove BUG() when interface type is invalid\n (bnc#1012382).\n\n - md-cluster: fix wrong condition check in\n raid1_write_request (bsc#1085402).\n\n - md/raid10: skip spare disk as 'first' disk\n (bnc#1012382).\n\n - md/raid10: wait up frozen array in\n handle_write_completed (bnc#1012382).\n\n - md/raid6: Fix anomily when recovering a single device in\n RAID6 (bnc#1012382).\n\n - media: au0828: fix VIDEO_V4L2 dependency (bsc#1031717).\n\n - media: bt8xx: Fix err 'bt878_probe()' (bnc#1012382).\n\n - media: c8sectpfe: fix potential NULL pointer dereference\n in c8sectpfe_timer_interrupt (bnc#1012382).\n\n - media: cpia2: Fix a couple off by one bugs\n (bnc#1012382).\n\n - media: cx25821: prevent out-of-bounds read on array card\n (bsc#1031717).\n\n - media/dvb-core: Race condition when writing to CAM\n (bnc#1012382).\n\n - media: i2c/soc_camera: fix ov6650 sensor getting wrong\n clock (bnc#1012382).\n\n - media: m88ds3103: do not call a non-initalized function\n (bnc#1012382).\n\n - media: [RESEND] media: dvb-frontends: Add delay to\n Si2168 restart (bnc#1012382).\n\n - media: s3c-camif: fix out-of-bounds array access\n (bsc#1031717).\n\n - mfd: palmas: Reset the POWERHOLD mux during power off\n (bnc#1012382).\n\n - mmc: avoid removing non-removable hosts during suspend\n (bnc#1012382).\n\n - mmc: dw_mmc: fix falling from idmac to PIO mode when\n dw_mci_reset occurs (bnc#1012382).\n\n - mmc: sdhci-of-esdhc: limit SD clock for ls1012a/ls1046a\n (bnc#1012382).\n\n - mm: Fix false-positive VM_BUG_ON() in\n page_cache_(get,add)_speculative() (bnc#1012382).\n\n - mm/hugetlb.c: do not call region_abort if region_chg\n fails (bnc#1084353).\n\n - mm/vmalloc: add interfaces to free unmapped page table\n (bnc#1012382).\n\n - mpls, nospec: Sanitize array index in mpls_label_ok()\n (bnc#1012382).\n\n - mt7601u: check return value of alloc_skb (bnc#1012382).\n\n - mtd: nand: fix interpretation of NAND_CMD_NONE in\n nand_command[_lp]() (bnc#1012382).\n\n - mtd: nand: fsl_ifc: Fix nand waitfunc return value\n (bnc#1012382).\n\n - mtip32xx: use runtime tag to initialize command header\n (bnc#1012382).\n\n - net/8021q: create device with all possible features in\n wanted_features (bnc#1012382).\n\n - net: ethernet: arc: Fix a potential memory leak if an\n optional regulator is deferred (bnc#1012382).\n\n - net: ethernet: ti: cpsw: add check for in-band mode\n setting with RGMII PHY interface (bnc#1012382).\n\n - net/faraday: Add missing include of of.h (bnc#1012382).\n\n - net: fec: Fix unbalanced PM runtime calls (bnc#1012382).\n\n - netfilter: add back stackpointer size checks\n (bnc#1012382).\n\n - netfilter: bridge: ebt_among: add missing match size\n checks (bnc#1012382).\n\n - netfilter: IDLETIMER: be syzkaller friendly\n (bnc#1012382).\n\n - netfilter: ipv6: fix use-after-free Write in\n nf_nat_ipv6_manip_pkt (bnc#1012382).\n\n - netfilter: nat: cope with negative port range\n (bnc#1012382).\n\n - netfilter: use skb_to_full_sk in ip_route_me_harder\n (bnc#1012382).\n\n - netfilter: x_tables: fix missing timer initialization in\n xt_LED (bnc#1012382).\n\n - netfilter: xt_CT: fix refcnt leak on error path\n (bnc#1012382).\n\n - net: Fix hlist corruptions in inet_evict_bucket()\n (bnc#1012382).\n\n - net: fix race on decreasing number of TX queues\n (bnc#1012382).\n\n - net: ipv4: avoid unused variable warning for sysctl\n (git-fixes).\n\n - net: ipv4: do not allow setting net.ipv4.route.min_pmtu\n below 68 (bnc#1012382).\n\n - net: ipv6: send unsolicited NA after DAD (git-fixes).\n\n - net: ipv6: send unsolicited NA on admin up\n (bnc#1012382).\n\n - net/iucv: Free memory obtained by kzalloc (bnc#1012382).\n\n - netlink: avoid a double skb free in genlmsg_mcast()\n (bnc#1012382).\n\n - netlink: ensure to loop over all netns in\n genlmsg_multicast_allns() (bnc#1012382).\n\n - net: mpls: Pull common label check into helper\n (bnc#1012382).\n\n - net: Only honor ifindex in IP_PKTINFO if non-0\n (bnc#1012382).\n\n - net: systemport: Rewrite __bcm_sysport_tx_reclaim()\n (bnc#1012382).\n\n - net: xfrm: allow clearing socket xfrm policies\n (bnc#1012382).\n\n - nfc: nfcmrvl: double free on error path (bnc#1012382).\n\n - nfc: nfcmrvl: Include unaligned.h instead of access_ok.h\n (bnc#1012382).\n\n - nfsd4: permit layoutget of executable-only files\n (bnc#1012382).\n\n - nfs: Fix an incorrect type in struct nfs_direct_req\n (bnc#1012382).\n\n - nospec: Allow index argument to have const-qualified\n type (bnc#1012382).\n\n - nospec: Include <asm/barrier.h> dependency\n (bnc#1012382).\n\n - nvme: do not send keep-alive frames during reset\n (bsc#1084223).\n\n - nvme: do not send keep-alives to the discovery\n controller (bsc#1086607).\n\n - nvme: expand nvmf_check_if_ready checks (bsc#1085058).\n\n - nvme/rdma: do no start error recovery twice\n (bsc#1084967).\n\n - nvmet_fc: prevent new io rqsts in possible isr\n completions (bsc#1083574).\n\n - of: fix of_device_get_modalias returned length when\n truncating buffers (bnc#1012382).\n\n - openvswitch: Delete conntrack entry clashing with an\n expectation (bnc#1012382).\n\n - Partial revert 'e1000e: Avoid receiver overrun interrupt\n bursts' (bsc#1075428).\n\n - pci: Add function 1 DMA alias quirk for Highpoint\n RocketRAID 644L (bnc#1012382).\n\n - pci: Add pci_reset_function_locked() (bsc#1084889).\n\n - pci: Apply Cavium ACS quirk only to CN81xx/CN83xx/CN88xx\n devices (bsc#1084914).\n\n - pci: Avoid FLR for Intel 82579 NICs (bsc#1084889).\n\n - pci: Avoid slot reset if bridge itself is broken\n (bsc#1084918).\n\n - pci: Export pcie_flr() (bsc#1084889).\n\n - pci: hv: Fix 2 hang issues in hv_compose_msi_msg()\n (fate#323887, bsc#1087659, bsc#1087906).\n\n - pci: hv: Fix a comment typo in\n _hv_pcifront_read_config() (fate#323887, bsc#1087659).\n\n - pci: hv: Only queue new work items in\n hv_pci_devices_present() if necessary (fate#323887,\n bsc#1087659).\n\n - pci: hv: Remove the bogus test in hv_eject_device_work()\n (fate#323887, bsc#1087659).\n\n - pci: hv: Serialize the present and eject work items\n (fate#323887, bsc#1087659).\n\n - pci: Mark Haswell Power Control Unit as having\n non-compliant BARs (bsc#1086015).\n\n - pci/MSI: Stop disabling MSI/MSI-X in\n pci_device_shutdown() (bnc#1012382).\n\n - pci: Probe for device reset support during enumeration\n (bsc#1084889).\n\n - pci: Protect pci_error_handlers->reset_notify() usage\n with device_lock() (bsc#1084889).\n\n - pci: Protect restore with device lock to be consistent\n (bsc#1084889).\n\n - pci: Remove __pci_dev_reset() and pci_dev_reset()\n (bsc#1084889).\n\n - pci: Remove redundant probes for device reset support\n (bsc#1084889).\n\n - pci: Wait for up to 1000ms after FLR reset\n (bsc#1084889).\n\n - perf inject: Copy events when reordering events in pipe\n mode (bnc#1012382).\n\n - perf probe: Return errno when not hitting any event\n (bnc#1012382).\n\n - perf session: Do not rely on evlist in pipe mode\n (bnc#1012382).\n\n - perf sort: Fix segfault with basic block 'cycles' sort\n dimension (bnc#1012382).\n\n - perf tests kmod-path: Do not fail if compressed modules\n are not supported (bnc#1012382).\n\n - perf tools: Make perf_event__synthesize_mmap_events()\n scale (bnc#1012382).\n\n - perf/x86/intel: Do not accidentally clear high bits in\n bdw_limit_period() (bnc#1012382).\n\n - perf/x86/intel/uncore: Fix multi-domain pci CHA\n enumeration bug on Skylake servers (bsc#1086357).\n\n - pinctrl: Really force states during suspend/resume\n (bnc#1012382).\n\n - platform/chrome: Use proper protocol transfer function\n (bnc#1012382).\n\n - platform/x86: asus-nb-wmi: Add wapf4 quirk for the\n X302UA (bnc#1012382).\n\n - posix-timers: Protect posix clock array access against\n speculation (bnc#1081358).\n\n - power: supply: pda_power: move from timer to\n delayed_work (bnc#1012382).\n\n - ppp: prevent unregistered channels from connecting to\n PPP units (bnc#1012382).\n\n - pty: cancel pty slave port buf's work in tty_release\n (bnc#1012382).\n\n - pwm: tegra: Increase precision in PWM rate calculation\n (bnc#1012382).\n\n - qed: Free RoCE ILT Memory on rmmod qedr (bsc#1019695\n FATE#321703 bsc#1019699 FATE#321702 bsc#1022604\n FATE#321747).\n\n - qed: Use after free in qed_rdma_free() (bsc#1019695\n FATE#321703 bsc#1019699 FATE#321702 bsc#1022604\n FATE#321747).\n\n - qeth: repair SBAL elements calculation (bnc#1085507,\n LTC#165484).\n\n - qlcnic: fix unchecked return value (bnc#1012382).\n\n - rcutorture/configinit: Fix build directory error message\n (bnc#1012382).\n\n - rdma/cma: Use correct size when writing netlink stats\n (bnc#1012382).\n\n - rdma/core: do not use invalid destination in determining\n port reuse (fate#321231 fate#321473 fate#322153\n fate#322149).\n\n - rdma/iwpm: Fix uninitialized error code in\n iwpm_send_mapinfo() (bnc#1012382).\n\n - rdma/mlx5: Fix integer overflow while resizing CQ\n (bnc#1012382).\n\n - rdma/ocrdma: Fix permissions for OCRDMA_RESET_STATS\n (bnc#1012382).\n\n - rdma/ucma: Check that user does not overflow QP state\n (bnc#1012382).\n\n - rdma/ucma: Fix access to non-initialized CM_ID object\n (bnc#1012382).\n\n - rdma/ucma: Limit possible option size (bnc#1012382).\n\n - regmap: Do not use format_val in regmap_bulk_read\n (bsc#1031717).\n\n - regmap: Fix reversed bounds check in regmap_raw_write()\n (bsc#1031717).\n\n - regmap: Format data for raw write in regmap_bulk_write\n (bsc#1031717).\n\n - regmap-i2c: Off by one in\n regmap_i2c_smbus_i2c_read/write() (bsc#1031717).\n\n - regulator: anatop: set default voltage selector for pcie\n (bnc#1012382).\n\n - reiserfs: Make cancel_old_flush() reliable\n (bnc#1012382).\n\n - Revert 'ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux'\n (bnc#1012382).\n\n - Revert 'e1000e: Separate signaling for link check/link\n up' (bsc#1075428).\n\n - Revert 'genirq: Use irqd_get_trigger_type to compare the\n trigger type for shared IRQs' (bnc#1012382).\n\n - Revert 'ipvlan: add L2 check for packets arriving via\n virtual devices' (reverted in upstream).\n\n - Revert 'led: core: Fix brightness setting when setting\n delay_off=0' (bnc#1012382).\n\n - rndis_wlan: add return value validation (bnc#1012382).\n\n - rtc: cmos: Do not assume irq 8 for rtc when there are no\n legacy irqs (bnc#1012382).\n\n - rtlwifi: rtl8723be: Fix loss of signal (bnc#1012382).\n\n - rtlwifi: rtl_pci: Fix the bug when inactiveps is enabled\n (bnc#1012382).\n\n - s390/mm: fix local TLB flushing vs. detach of an mm\n address space (bnc#1088324, LTC#166470).\n\n - s390/mm: fix race on mm->context.flush_mm (bnc#1088324,\n LTC#166470).\n\n - s390/mm: no local TLB flush for clearing-by-ASCE IDTE\n (bnc#1088324, LTC#166470).\n\n - s390/qeth: apply takeover changes when mode is toggled\n (bnc#1085507, LTC#165490).\n\n - s390/qeth: do not apply takeover changes to RXIP\n (bnc#1085507, LTC#165490).\n\n - s390/qeth: fix double-free on IP add/remove race\n (bnc#1085507, LTC#165491).\n\n - s390/qeth: fix IPA command submission race\n (bnc#1012382).\n\n - s390/qeth: fix IP address lookup for L3 devices\n (bnc#1085507, LTC#165491).\n\n - s390/qeth: fix IP removal on offline cards (bnc#1085507,\n LTC#165491).\n\n - s390/qeth: fix SETIP command handling (bnc#1012382).\n\n - s390/qeth: free netdevice when removing a card\n (bnc#1012382).\n\n - s390/qeth: improve error reporting on IP add/removal\n (bnc#1085507, LTC#165491).\n\n - s390/qeth: lock IP table while applying takeover changes\n (bnc#1085507, LTC#165490).\n\n - s390/qeth: lock read device while queueing next buffer\n (bnc#1012382).\n\n - s390/qeth: on channel error, reject further cmd requests\n (bnc#1012382).\n\n - s390/qeth: update takeover IPs after configuration\n change (bnc#1085507, LTC#165490).\n\n - s390/qeth: when thread completes, wake up all waiters\n (bnc#1012382).\n\n - sched: act_csum: do not mangle TCP and UDP GSO packets\n (bnc#1012382).\n\n - sched: Stop resched_cpu() from sending IPIs to offline\n CPUs (bnc#1012382).\n\n - sched: Stop switched_to_rt() from sending IPIs to\n offline CPUs (bnc#1012382).\n\n - scsi: core: scsi_get_device_flags_keyed(): Always return\n device flags (bnc#1012382).\n\n - scsi: devinfo: apply to HP XP the same flags as Hitachi\n VSP (bnc#1012382).\n\n - scsi: dh: add new rdac devices (bnc#1012382).\n\n - scsi: lpfc: Add missing unlock in WQ full logic\n (bsc#1085383).\n\n - scsi: lpfc: Code cleanup for 128byte wqe data type\n (bsc#1085383).\n\n - scsi: lpfc: Fix mailbox wait for POST_SGL mbox command\n (bsc#1085383).\n\n - scsi: lpfc: Fix NVME Initiator FirstBurst (bsc#1085383).\n\n - scsi: lpfc: Fix SCSI lun discovery when port configured\n for both SCSI and NVME (bsc#1085383).\n\n - scsi: lpfc: Memory allocation error during driver\n start-up on power8 (bsc#1085383).\n\n - scsi: mac_esp: Replace bogus memory barrier with\n spinlock (bnc#1012382).\n\n - scsi: sg: check for valid direction before starting the\n request (bnc#1012382).\n\n - scsi: sg: fix SG_DXFER_FROM_DEV transfers (bnc#1012382).\n\n - scsi: sg: fix static checker warning in\n sg_is_valid_dxfer (bnc#1012382).\n\n - scsi: sg: only check for dxfer_len greater than 256M\n (bnc#1012382 bsc#1064206).\n\n - scsi: virtio_scsi: always read VPD pages for multiqueue\n too (git-fixes).\n\n - scsi: virtio_scsi: Always try to read VPD pages\n (bnc#1012382).\n\n - sctp: fix dst refcnt leak in sctp_v4_get_dst\n (bnc#1012382).\n\n - sctp: fix dst refcnt leak in sctp_v6_get_dst()\n (bnc#1012382).\n\n - sctp: verify size of a new chunk in _sctp_make_chunk()\n (bnc#1012382).\n\n - selftests/x86: Add tests for the STR and SLDT\n instructions (bnc#1012382).\n\n - selftests/x86: Add tests for User-Mode Instruction\n Prevention (bnc#1012382).\n\n - selftests/x86/entry_from_vm86: Add test cases for POPF\n (bnc#1012382).\n\n - selftests/x86/entry_from_vm86: Exit with 1 if we fail\n (bnc#1012382).\n\n - selinux: check for address length in\n selinux_socket_bind() (bnc#1012382).\n\n - serial: 8250_pci: Add Brainboxes UC-260 4 port serial\n device (bnc#1012382).\n\n - serial: sh-sci: prevent lockup on full TTY buffers\n (bnc#1012382).\n\n - skbuff: Fix not waking applications when errors are\n enqueued (bnc#1012382).\n\n - sm501fb: do not return zero on failure path in\n sm501fb_start() (bnc#1012382).\n\n - solo6x10: release vb2 buffers in solo_stop_streaming()\n (bnc#1012382).\n\n - spi: dw: Disable clock after unregistering the host\n (bnc#1012382).\n\n - spi: omap2-mcspi: poll OMAP2_MCSPI_CHSTAT_RXS for PIO\n transfer (bnc#1012382).\n\n - spi: sun6i: disable/unprepare clocks on remove\n (bnc#1012382).\n\n - staging: android: ashmem: Fix lockdep issue during\n llseek (bnc#1012382).\n\n - staging: android: ashmem: Fix possible deadlock in\n ashmem_ioctl (bnc#1012382).\n\n - staging: comedi: fix comedi_nsamples_left (bnc#1012382).\n\n - staging: lustre: ptlrpc: kfree used instead of kvfree\n (bnc#1012382).\n\n - staging: ncpfs: memory corruption in ncp_read_kernel()\n (bnc#1012382).\n\n - staging: speakup: Replace BUG_ON() with WARN_ON()\n (bnc#1012382).\n\n - staging: unisys: visorhba: fix s-Par to boot with option\n CONFIG_VMAP_STACK set to y (bnc#1012382).\n\n - staging: wilc1000: add check for kmalloc allocation\n failure (bnc#1012382).\n\n - staging: wilc1000: fix unchecked return value\n (bnc#1012382).\n\n - Subject: af_iucv: enable control sends in case of\n SEND_SHUTDOWN (bnc#1085507, LTC#165135).\n\n - sysrq: Reset the watchdog timers while displaying\n high-resolution timers (bnc#1012382).\n\n - tcm_fileio: Prevent information leak for short reads\n (bnc#1012382).\n\n - tcp: remove poll() flakes with FastOpen (bnc#1012382).\n\n - tcp: sysctl: Fix a race to avoid unexpected 0 window\n from space (bnc#1012382).\n\n - team: Fix double free in error path (bnc#1012382).\n\n - test_firmware: fix setting old custom fw path back on\n exit (bnc#1012382).\n\n - time: Change posix clocks ops interfaces to use\n timespec64 (bnc#1012382).\n\n - timers, sched_clock: Update timeout for clock wrap\n (bnc#1012382).\n\n - tools/usbip: fixes build with musl libc toolchain\n (bnc#1012382).\n\n - tpm_i2c_infineon: fix potential buffer overruns caused\n by bit glitches on the bus (bnc#1012382).\n\n - tpm_i2c_nuvoton: fix potential buffer overruns caused by\n bit glitches on the bus (bnc#1012382).\n\n - tpm: st33zp24: fix potential buffer overruns caused by\n bit glitches on the bus (bnc#1012382).\n\n - tpm/tpm_crb: Use start method value from ACPI table\n directly (bsc#1084452).\n\n - tracing: probeevent: Fix to support minus offset from\n symbol (bnc#1012382).\n\n - tty/serial: atmel: add new version check for usart\n (bnc#1012382).\n\n - tty: vt: fix up tabstops properly (bnc#1012382).\n\n - uas: fix comparison for error code (bnc#1012382).\n\n - ubi: Fix race condition between ubi volume creation and\n udev (bnc#1012382).\n\n - udplite: fix partial checksum initialization\n (bnc#1012382).\n\n - usb: Do not print a warning if interface driver rebind\n is deferred at resume (bsc#1087211).\n\n - usb: dwc2: Make sure we disconnect the gadget state\n (bnc#1012382).\n\n - usb: gadget: bdc: 64-bit pointer capability check\n (bnc#1012382).\n\n - usb: gadget: dummy_hcd: Fix wrong power status bit\n clear/reset in dummy_hub_control() (bnc#1012382).\n\n - usb: gadget: f_fs: Fix use-after-free in\n ffs_fs_kill_sb() (bnc#1012382).\n\n - usb: gadget: udc: Add missing platform_device_put() on\n error in bdc_pci_probe() (bnc#1012382).\n\n - usb: quirks: add control message delay for 1b1c:1b20\n (bnc#1012382).\n\n - usb: storage: Add JMicron bridge 152d:2567 to\n unusual_devs.h (bnc#1012382).\n\n - usb: usbmon: Read text within supplied buffer size\n (bnc#1012382).\n\n - usb: usbmon: remove assignment from IS_ERR argument\n (bnc#1012382).\n\n - veth: set peer GSO values (bnc#1012382).\n\n - vgacon: Set VGA struct resource types (bnc#1012382).\n\n - video: ARM CLCD: fix dma allocation size (bnc#1012382).\n\n - video: fbdev: udlfb: Fix buffer on stack (bnc#1012382).\n\n - video/hdmi: Allow 'empty' HDMI infoframes (bnc#1012382).\n\n - vxlan: vxlan dev should inherit lowerdev's gso_max_size\n (bnc#1012382).\n\n - wan: pc300too: abort path on failure (bnc#1012382).\n\n - watchdog: hpwdt: Check source of NMI (bnc#1012382).\n\n - watchdog: hpwdt: fix unused variable warning\n (bnc#1012382).\n\n - watchdog: hpwdt: SMBIOS check (bnc#1012382).\n\n - wil6210: fix memory access violation in\n wil_memcpy_from/toio_32 (bnc#1012382).\n\n - workqueue: Allow retrieval of current task's work struct\n (bnc#1012382).\n\n - x86/apic/vector: Handle legacy irq data correctly\n (bnc#1012382).\n\n - x86/boot/64: Verify alignment of the LOAD segment\n (bnc#1012382).\n\n - x86/build/64: Force the linker to use 2MB page size\n (bnc#1012382).\n\n - x86/entry/64: Do not use IST entry for #BP stack\n (bsc#1087088).\n\n - x86: i8259: export legacy_pic symbol (bnc#1012382).\n\n - x86/kaiser: Duplicate cpu_tss for an entry trampoline\n usage (bsc#1077560 bsc#1083836).\n\n - x86/kaiser: enforce trampoline stack alignment\n (bsc#1087260).\n\n - x86/kaiser: Remove a user mapping of cpu_tss structure\n (bsc#1077560 bsc#1083836).\n\n - x86/kaiser: Use a per-CPU trampoline stack for kernel\n entry (bsc#1077560).\n\n - x86/MCE: Serialize sysfs changes (bnc#1012382).\n\n - x86/mm: Fix vmalloc_fault to use pXd_large\n (bnc#1012382).\n\n - x86/mm: implement free pmd/pte page interfaces\n (bnc#1012382).\n\n - x86/module: Detect and skip invalid relocations\n (bnc#1012382).\n\n - x86/speculation: Remove Skylake C2 from Speculation\n Control microcode blacklist (bsc#1087845).\n\n - x86: Treat R_X86_64_PLT32 as R_X86_64_PC32\n (bnc#1012382).\n\n - x86/vm86/32: Fix POPF emulation (bnc#1012382).\n\n - xen-blkfront: fix mq start/stop race (bsc#1085042).\n\n - xen-netback: use skb to determine number of required\n guest Rx requests (bsc#1046610).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1019695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1019699\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1046610\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1060799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1064206\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1068032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1073059\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1073069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1075428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1076033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1077560\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1081358\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1083574\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1083745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1083836\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1084223\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1084310\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1084328\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1084353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1084452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1084610\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1084829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1084889\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1084898\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1084914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1084918\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1084967\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1085042\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1085058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1085224\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1085383\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1085402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1085404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1085487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1085507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1085981\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086015\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086357\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086499\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086607\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1087088\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1087211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1087231\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1087260\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1087659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1087845\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1087906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1087999\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1088087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1088324\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-4.4.126-48.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-base-4.4.126-48.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-base-debuginfo-4.4.126-48.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-debuginfo-4.4.126-48.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-debugsource-4.4.126-48.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-devel-4.4.126-48.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-devel-debuginfo-4.4.126-48.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-4.4.126-48.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-base-4.4.126-48.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-base-debuginfo-4.4.126-48.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-debuginfo-4.4.126-48.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-debugsource-4.4.126-48.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-devel-4.4.126-48.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-devel-4.4.126-48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-docs-html-4.4.126-48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-docs-pdf-4.4.126-48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-macros-4.4.126-48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-build-4.4.126-48.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-build-debugsource-4.4.126-48.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-qa-4.4.126-48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-source-4.4.126-48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-source-vanilla-4.4.126-48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-syms-4.4.126-48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-4.4.126-48.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-base-4.4.126-48.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-base-debuginfo-4.4.126-48.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-debuginfo-4.4.126-48.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-debugsource-4.4.126-48.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-devel-4.4.126-48.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kselftests-kmp-debug-4.4.126-48.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kselftests-kmp-debug-debuginfo-4.4.126-48.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kselftests-kmp-default-4.4.126-48.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kselftests-kmp-default-debuginfo-4.4.126-48.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kselftests-kmp-vanilla-4.4.126-48.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kselftests-kmp-vanilla-debuginfo-4.4.126-48.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-devel / kernel-macros / kernel-source / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T16:24:34", "description": "The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5881 advisory.\n\n - Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function, aka CID-853acf7caf10. (CVE-2019-19073)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow. (CVE-2017-8924)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. (CVE-2020-25285)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-10T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2020-5881)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8924", "CVE-2019-19073", "CVE-2020-14314", "CVE-2020-25285"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2020-5881.NASL", "href": "https://www.tenable.com/plugins/nessus/141365", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5881.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141365);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2017-8924\",\n \"CVE-2019-19073\",\n \"CVE-2020-14314\",\n \"CVE-2020-25285\"\n );\n script_bugtraq_id(98451);\n\n script_name(english:\"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2020-5881)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-5881 advisory.\n\n - Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow\n attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout()\n failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the\n htc_connect_service() function, aka CID-853acf7caf10. (CVE-2019-19073)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file\n system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash\n the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows\n local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel\n memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer\n underflow. (CVE-2017-8924)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be\n used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified\n other impact, aka CID-17743798d812. (CVE-2020-25285)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5881.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25285\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.39-400.326.1.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-5881');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.39-400.326.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-2.6.39-400.326.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.326.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-2.6.39-400.326.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.326.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-debug-devel-2.6.39-400.326.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.326.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-devel-2.6.39-400.326.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},\n {'reference':'kernel-uek-doc-2.6.39-400.326.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.39'},\n {'reference':'kernel-uek-firmware-2.6.39-400.326.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.39'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-23T15:33:37", "description": "The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5140-1 advisory.\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. (CVE-2021-41864)\n\n - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).\n This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)\n\n - A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. (CVE-2021-3764)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : Linux kernel (OEM 5.14) vulnerabilities (USN-5140-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18808", "CVE-2021-3744", "CVE-2021-3764", "CVE-2021-41864"], "modified": "2023-10-23T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.14.0-1007-oem"], "id": "UBUNTU_USN-5140-1.NASL", "href": "https://www.tenable.com/plugins/nessus/155232", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5140-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155232);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/23\");\n\n script_cve_id(\"CVE-2021-3744\", \"CVE-2021-3764\", \"CVE-2021-41864\");\n script_xref(name:\"USN\", value:\"5140-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : Linux kernel (OEM 5.14) vulnerabilities (USN-5140-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-5140-1 advisory.\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows\n unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds\n write. (CVE-2021-41864)\n\n - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in\n drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).\n This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)\n\n - A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker\n to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat\n from this vulnerability is to system availability. (CVE-2021-3764)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5140-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41864\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.14.0-1007-oem\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '20.04': {\n '5.14.0': {\n 'oem': '5.14.0-1007'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5140-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2021-3744', 'CVE-2021-3764', 'CVE-2021-41864');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5140-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-09T15:15:33", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5164-1 advisory.\n\n - hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.\n (CVE-2021-37159)\n\n - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).\n This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)\n\n - A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. (CVE-2021-3764)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-01T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 ESM / 18.04 LTS : Linux kernel vulnerabilities (USN-5164-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18808", "CVE-2021-37159", "CVE-2021-3744", "CVE-2021-3764"], "modified": "2023-10-16T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:esm", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1031-dell300x", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1084-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1099-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1103-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1112-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1116-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1116-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1127-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-163-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-163-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-163-lowlatency"], "id": "UBUNTU_USN-5164-1.NASL", "href": "https://www.tenable.com/plugins/nessus/155747", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5164-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155747);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/16\");\n\n script_cve_id(\"CVE-2021-3744\", \"CVE-2021-3764\", \"CVE-2021-37159\");\n script_xref(name:\"USN\", value:\"5164-1\");\n\n script_name(english:\"Ubuntu 16.04 ESM / 18.04 LTS : Linux kernel vulnerabilities (USN-5164-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-5164-1 advisory.\n\n - hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev\n without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.\n (CVE-2021-37159)\n\n - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in\n drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).\n This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)\n\n - A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker\n to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat\n from this vulnerability is to system availability. (CVE-2021-3764)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5164-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37159\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:esm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1031-dell300x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1084-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1099-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1103-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1112-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1116-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1116-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1127-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-163-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-163-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-163-lowlatency\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release || '18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '16.04': {\n '4.15.0': {\n 'generic': '4.15.0-163',\n 'lowlatency': '4.15.0-163',\n 'oracle': '4.15.0-1084',\n 'gcp': '4.15.0-1112',\n 'aws': '4.15.0-1116',\n 'azure': '4.15.0-1127'\n }\n },\n '18.04': {\n '4.15.0': {\n 'generic': '4.15.0-163',\n 'generic-lpae': '4.15.0-163',\n 'lowlatency': '4.15.0-163',\n 'dell300x': '4.15.0-1031',\n 'oracle': '4.15.0-1084',\n 'raspi2': '4.15.0-1099',\n 'kvm': '4.15.0-1103',\n 'gcp': '4.15.0-1112',\n 'snapdragon': '4.15.0-1116',\n 'azure': '4.15.0-1127'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5164-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2021-3744', 'CVE-2021-3764', 'CVE-2021-37159');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5164-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:31:55", "description": "The 5.3.12 update contains a number of important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-11-27T00:00:00", "type": "nessus", "title": "Fedora 31 : kernel (2019-34a75d7e61)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19043", "CVE-2019-19046", "CVE-2019-19050", "CVE-2019-19053", "CVE-2019-19054", "CVE-2019-19055", "CVE-2019-19056", "CVE-2019-19057", "CVE-2019-19058", "CVE-2019-19059", "CVE-2019-19062", "CVE-2019-19063", "CVE-2019-19064", "CVE-2019-19066", "CVE-2019-19068", "CVE-2019-19070", "CVE-2019-19071", "CVE-2019-19072", "CVE-2019-19073", "CVE-2019-19074"], "modified": "2019-12-09T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2019-34A75D7E61.NASL", "href": "https://www.tenable.com/plugins/nessus/131334", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-34a75d7e61.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131334);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/09\");\n\n script_cve_id(\"CVE-2019-19043\", \"CVE-2019-19046\", \"CVE-2019-19050\", \"CVE-2019-19053\", \"CVE-2019-19054\", \"CVE-2019-19055\", \"CVE-2019-19056\", \"CVE-2019-19057\", \"CVE-2019-19058\", \"CVE-2019-19059\", \"CVE-2019-19062\", \"CVE-2019-19063\", \"CVE-2019-19064\", \"CVE-2019-19066\", \"CVE-2019-19068\", \"CVE-2019-19070\", \"CVE-2019-19071\", \"CVE-2019-19072\", \"CVE-2019-19073\", \"CVE-2019-19074\");\n script_xref(name:\"FEDORA\", value:\"2019-34a75d7e61\");\n\n script_name(english:\"Fedora 31 : kernel (2019-34a75d7e61)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 5.3.12 update contains a number of important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-34a75d7e61\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-19043\", \"CVE-2019-19046\", \"CVE-2019-19050\", \"CVE-2019-19053\", \"CVE-2019-19054\", \"CVE-2019-19055\", \"CVE-2019-19056\", \"CVE-2019-19057\", \"CVE-2019-19058\", \"CVE-2019-19059\", \"CVE-2019-19062\", \"CVE-2019-19063\", \"CVE-2019-19064\", \"CVE-2019-19066\", \"CVE-2019-19068\", \"CVE-2019-19070\", \"CVE-2019-19071\", \"CVE-2019-19072\", \"CVE-2019-19073\", \"CVE-2019-19074\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2019-34a75d7e61\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"kernel-5.3.12-300.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:31:24", "description": "The 5.3.12 update contains a number of important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-11-27T00:00:00", "type": "nessus", "title": "Fedora 30 : kernel (2019-021c968423)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19043", "CVE-2019-19046", "CVE-2019-19050", "CVE-2019-19053", "CVE-2019-19054", "CVE-2019-19055", "CVE-2019-19056", "CVE-2019-19057", "CVE-2019-19058", "CVE-2019-19059", "CVE-2019-19062", "CVE-2019-19063", "CVE-2019-19064", "CVE-2019-19066", "CVE-2019-19068", "CVE-2019-19070", "CVE-2019-19071", "CVE-2019-19072", "CVE-2019-19073", "CVE-2019-19074"], "modified": "2019-12-09T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2019-021C968423.NASL", "href": "https://www.tenable.com/plugins/nessus/131332", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-021c968423.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131332);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/09\");\n\n script_cve_id(\"CVE-2019-19043\", \"CVE-2019-19046\", \"CVE-2019-19050\", \"CVE-2019-19053\", \"CVE-2019-19054\", \"CVE-2019-19055\", \"CVE-2019-19056\", \"CVE-2019-19057\", \"CVE-2019-19058\", \"CVE-2019-19059\", \"CVE-2019-19062\", \"CVE-2019-19063\", \"CVE-2019-19064\", \"CVE-2019-19066\", \"CVE-2019-19068\", \"CVE-2019-19070\", \"CVE-2019-19071\", \"CVE-2019-19072\", \"CVE-2019-19073\", \"CVE-2019-19074\");\n script_xref(name:\"FEDORA\", value:\"2019-021c968423\");\n\n script_name(english:\"Fedora 30 : kernel (2019-021c968423)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 5.3.12 update contains a number of important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-021c968423\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-19043\", \"CVE-2019-19046\", \"CVE-2019-19050\", \"CVE-2019-19053\", \"CVE-2019-19054\", \"CVE-2019-19055\", \"CVE-2019-19056\", \"CVE-2019-19057\", \"CVE-2019-19058\", \"CVE-2019-19059\", \"CVE-2019-19062\", \"CVE-2019-19063\", \"CVE-2019-19064\", \"CVE-2019-19066\", \"CVE-2019-19068\", \"CVE-2019-19070\", \"CVE-2019-19071\", \"CVE-2019-19072\", \"CVE-2019-19073\", \"CVE-2019-19074\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2019-021c968423\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"kernel-5.3.12-200.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:05:21", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc.Security Fix(es):An issue was discovered in the Linux kernel before 5.2. There is a NULL pointer dereference in tw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c, which may cause denial of service, aka CID-2e7682ebfc75.(CVE-2019-20806)A flaw was found in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable.(CVE-2020-10781)In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/ net/slip/slip.c and drivers/ net/can/slcan.c.(CVE-2020-14416)The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.(CVE-2020-12888)The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code.(CVE-2019-18282)In the Linux kernel through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.(CVE-2020-15393)An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/ net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.(CVE-2019-20811)A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.(CVE-2020-10751)In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.(CVE-2019-9445)A flaw was found in the Linux kernel's implementation of Userspace core dumps.\n This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.(CVE-2020-10732)go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586.(CVE-2019-20810)Legacy pairing and secure-connections pairing authentication in Bluetooth(r) BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key.(CVE-2020-10135)An issue was discovered in the Linux kernel before 5.4.7. The prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3, aka CID-b43d1f9f7067.(CVE-2019-20812)An issue was discovered in the Linux kernel through 5.7.1.\n drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case.(CVE-2020-13974)In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:\n Android kernel Android ID: A-142938932(CVE-2020-0009)A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.(CVE-2020-10757)gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel through 5.6.13 relies on kstrdup without considering the possibility of an internal '\\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.(CVE-2020-13143)Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2020-0543)A flaw was found in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality.(CVE-2020-10768)A flaw was found in the Linux kernel's implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality.(CVE-2020-10767)A logic bug flaw was found in the Linux kernel's implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per task/process conditional STIPB switching was added on top of the existing SSBD switching. The highest threat from this vulnerability is to confidentiality.(CVE-2020-10766)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-07-30T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1807)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18282", "CVE-2019-20806", "CVE-2019-20810", "CVE-2019-20811", "CVE-2019-20812", "CVE-2019-9445", "CVE-2020-0009", "CVE-2020-0543", "CVE-2020-10135", "CVE-2020-10732", "CVE-2020-10751", "CVE-2020-10757", "CVE-2020-10766", "CVE-2020-10767", "CVE-2020-10768", "CVE-2020-10781", "CVE-2020-12888", "CVE-2020-13143", "CVE-2020-13974", "CVE-2020-14416", "CVE-2020-15393"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bpftool", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-source", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1807.NASL", "href": "https://www.tenable.com/plugins/nessus/139137", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139137);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-18282\",\n \"CVE-2019-20806\",\n \"CVE-2019-20810\",\n \"CVE-2019-20811\",\n \"CVE-2019-20812\",\n \"CVE-2019-9445\",\n \"CVE-2020-0009\",\n \"CVE-2020-0543\",\n \"CVE-2020-10135\",\n \"CVE-2020-10732\",\n \"CVE-2020-10751\",\n \"CVE-2020-10757\",\n \"CVE-2020-10766\",\n \"CVE-2020-10767\",\n \"CVE-2020-10768\",\n \"CVE-2020-10781\",\n \"CVE-2020-12888\",\n \"CVE-2020-13143\",\n \"CVE-2020-13974\",\n \"CVE-2020-14416\",\n \"CVE-2020-15393\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1807)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):An issue was discovered in\n the Linux kernel before 5.2. There is a NULL pointer\n dereference in tw5864_handle_frame() in\n drivers/media/pci/tw5864/tw5864-video.c, which may\n cause denial of service, aka\n CID-2e7682ebfc75.(CVE-2019-20806)A flaw was found in\n the ZRAM kernel module, where a user with a local\n account and the ability to read the\n /sys/class/zram-control/hot_add file can create ZRAM\n device nodes in the /dev/ directory. This read\n allocates kernel memory and is not accounted for a user\n that triggers the creation of that ZRAM device. With\n this vulnerability, continually reading the device may\n consume a large amount of system memory and cause the\n Out-of-Memory (OOM) killer to activate and terminate\n random userspace processes, possibly making the system\n inoperable.(CVE-2020-10781)In the Linux kernel before\n 5.4.16, a race condition in tty->disc_data handling in\n the slip and slcan line discipline could lead to a\n use-after-free, aka CID-0ace17d56824. This affects\n drivers/ net/slip/slip.c and drivers/\n net/can/slcan.c.(CVE-2020-14416)The VFIO PCI driver in\n the Linux kernel through 5.6.13 mishandles attempts to\n access disabled memory space.(CVE-2020-12888)The\n flow_dissector feature in the Linux kernel 4.3 through\n 5.x before 5.3.10 has a device tracking vulnerability,\n aka CID-55667441c84f. This occurs because the auto\n flowlabel of a UDP IPv6 packet relies on a 32-bit\n hashrnd value as a secret, and because jhash (instead\n of siphash) is used. The hashrnd value remains the same\n starting from boot time, and can be inferred by an\n attacker. This affects net/core/flow_dissector.c and\n related code.(CVE-2019-18282)In the Linux kernel\n through 5.7.6, usbtest_disconnect in\n drivers/usb/misc/usbtest.c has a memory leak, aka\n CID-28ebeb8db770.(CVE-2020-15393)An issue was\n discovered in the Linux kernel before 5.0.6. In\n rx_queue_add_kobject() and netdev_queue_add_kobject()\n in net/core/ net-sysfs.c, a reference count is\n mishandled, aka CID-a3e23f719f5c.(CVE-2019-20811)A flaw\n was found in the Linux kernels SELinux LSM hook\n implementation before version 5.7, where it incorrectly\n assumed that an skb would only contain a single netlink\n message. The hook would incorrectly only validate the\n first netlink message in the skb and allow or deny the\n rest of the messages within the skb with the granted\n permission without further\n processing.(CVE-2020-10751)In the Android kernel in\n F2FS driver there is a possible out of bounds read due\n to a missing bounds check. This could lead to local\n information disclosure with system execution privileges\n needed. User interaction is not needed for\n exploitation.(CVE-2019-9445)A flaw was found in the\n Linux kernel's implementation of Userspace core dumps.\n This flaw allows an attacker with a local account to\n crash a trivial program and exfiltrate private kernel\n data.(CVE-2020-10732)go7007_snd_init in\n drivers/media/usb/go7007/snd-go7007.c in the Linux\n kernel before 5.6 does not call snd_card_free for a\n failure path, which causes a memory leak, aka\n CID-9453264ef586.(CVE-2019-20810)Legacy pairing and\n secure-connections pairing authentication in Bluetooth(r)\n BR/EDR Core Specification v5.2 and earlier may allow an\n unauthenticated user to complete authentication without\n pairing credentials via adjacent access. An\n unauthenticated, adjacent attacker could impersonate a\n Bluetooth BR/EDR master or slave to pair with a\n previously paired remote device to successfully\n complete the authentication procedure without knowing\n the link key.(CVE-2020-10135)An issue was discovered in\n the Linux kernel before 5.4.7. The\n prb_calc_retire_blk_tmo() function in\n net/packet/af_packet.c can result in a denial of\n service (CPU consumption and soft lockup) in a certain\n failure case involving TPACKET_V3, aka\n CID-b43d1f9f7067.(CVE-2019-20812)An issue was\n discovered in the Linux kernel through 5.7.1.\n drivers/tty/vt/keyboard.c has an integer overflow if\n k_ascii is called several times in a row, aka\n CID-b86dab054059. NOTE: Members in the community argue\n that the integer overflow does not lead to a security\n issue in this case.(CVE-2020-13974)In calc_vm_may_flags\n of ashmem.c, there is a possible arbitrary write to\n shared memory due to a permissions bypass. This could\n lead to local escalation of privilege by corrupting\n memory shared between processes, with no additional\n execution privileges needed. User interaction is not\n needed for exploitation. Product: Android Versions:\n Android kernel Android ID: A-142938932(CVE-2020-0009)A\n flaw was found in the Linux Kernel in versions after\n 4.5-rc1 in the way mremap handled DAX Huge Pages. This\n flaw allows a local attacker with access to a DAX\n enabled storage to escalate their privileges on the\n system.(CVE-2020-10757)gadget_dev_desc_UDC_store in\n drivers/usb/gadget/configfs.c in the Linux kernel\n through 5.6.13 relies on kstrdup without considering\n the possibility of an internal '\\0' value, which allows\n attackers to trigger an out-of-bounds read, aka\n CID-15753588bcd4.(CVE-2020-13143)Incomplete cleanup\n from specific special register read operations in some\n Intel(R) Processors may allow an authenticated user to\n potentially enable information disclosure via local\n access.(CVE-2020-0543)A flaw was found in the prctl()\n function, where it can be used to enable indirect\n branch speculation after it has been disabled. This\n call incorrectly reports it as being 'force disabled'\n when it is not and opens the system to Spectre v2\n attacks. The highest threat from this vulnerability is\n to confidentiality.(CVE-2020-10768)A flaw was found in\n the Linux kernel's implementation of the Enhanced IBPB\n (Indirect Branch Prediction Barrier). The IBPB\n mitigation will be disabled when STIBP is not available\n or when the Enhanced Indirect Branch Restricted\n Speculation (IBRS) is available. This flaw allows a\n local attacker to perform a Spectre V2 style attack\n when this configuration is active. The highest threat\n from this vulnerability is to\n confidentiality.(CVE-2020-10767)A logic bug flaw was\n found in the Linux kernel's implementation of SSBD. A\n bug in the logic handling allows an attacker with a\n local account to disable SSBD protection during a\n context switch when additional speculative execution\n mitigations are in place. This issue was introduced\n when the per task/process conditional STIPB switching\n was added on top of the existing SSBD switching. The\n highest threat from this vulnerability is to\n confidentiality.(CVE-2020-10766)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1807\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6e94ba4c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"bpftool-4.19.36-vhulk1907.1.0.h794.eulerosv2r8\",\n \"kernel-4.19.36-vhulk1907.1.0.h794.eulerosv2r8\",\n \"kernel-devel-4.19.36-vhulk1907.1.0.h794.eulerosv2r8\",\n \"kernel-headers-4.19.36-vhulk1907.1.0.h794.eulerosv2r8\",\n \"kernel-source-4.19.36-vhulk1907.1.0.h794.eulerosv2r8\",\n \"kernel-tools-4.19.36-vhulk1907.1.0.h794.eulerosv2r8\",\n \"kernel-tools-libs-4.19.36-vhulk1907.1.0.h794.eulerosv2r8\",\n \"perf-4.19.36-vhulk1907.1.0.h794.eulerosv2r8\",\n \"python-perf-4.19.36-vhulk1907.1.0.h794.eulerosv2r8\",\n \"python3-perf-4.19.36-vhulk1907.1.0.h794.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-21T14:16:12", "description": "An update of the linux package has been released.", "cvss3": {}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Linux PHSA-2018-1.0-0135", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18216", "CVE-2017-18241", "CVE-2018-8043", "CVE-2018-8087"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2018-1_0-0135_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/121841", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-1.0-0135. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121841);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/02/07\");\n\n script_cve_id(\n \"CVE-2017-18216\",\n \"CVE-2017-18241\",\n \"CVE-2018-8043\",\n \"CVE-2018-8087\"\n );\n\n script_name(english:\"Photon OS 1.0: Linux PHSA-2018-1.0-0135\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-135.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8087\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-debuginfo-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-debuginfo-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-debuginfo-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-debuginfo-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-dev-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-dev-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-dev-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-dev-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-docs-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-docs-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-docs-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-docs-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-drivers-gpu-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-drivers-gpu-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-drivers-gpu-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-drivers-gpu-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-debuginfo-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-debuginfo-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-debuginfo-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-debuginfo-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-devel-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-devel-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-devel-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-devel-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-docs-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-docs-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-docs-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-docs-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-oprofile-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-oprofile-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-oprofile-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-oprofile-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-sound-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-sound-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-sound-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-sound-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-tools-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-tools-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-tools-4.4.131-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-tools-4.4.131-2.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "ubuntu": [{"lastseen": "2023-10-20T17:31:16", "description": "## Releases\n\n * Ubuntu 18.04 ESM\n * Ubuntu 16.04 ESM\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-aws-hwe \\- Linux kernel for Amazon Web Services (AWS-HWE) systems\n * linux-azure \\- Linux kernel for Microsoft Azure Cloud systems\n * linux-azure-4.15 \\- Linux kernel for Microsoft Azure Cloud systems\n * linux-gcp \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-gcp-4.15 \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-gke-4.15 \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-hwe \\- Linux hardware enablement (HWE) kernel\n * linux-kvm \\- Linux kernel for cloud environments\n * linux-oem \\- Linux kernel for OEM systems\n * linux-oracle \\- Linux kernel for Oracle Cloud systems\n * linux-raspi2 \\- Linux kernel for Raspberry Pi (V8) systems\n * linux-snapdragon \\- Linux kernel for Qualcomm Snapdragon processors\n\nIt was discovered that the AMD Cryptographic Coprocessor device driver in \nthe Linux kernel did not properly deallocate memory in some situations. A \nlocal attacker could use this to cause a denial of service (memory \nexhaustion). (CVE-2019-18808)\n\nIt was discovered that the Conexant 23885 TV card device driver for the \nLinux kernel did not properly deallocate memory in some error conditions. A \nlocal attacker could use this to cause a denial of service (memory \nexhaustion). (CVE-2019-19054)\n\nIt was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel \ndid not properly deallocate memory in certain error conditions. A local \nattacker could use this to cause a denial of service (memory exhaustion). \n(CVE-2019-19061)\n\nIt was discovered that the AMD Audio Coprocessor driver for the Linux \nkernel did not properly deallocate memory in certain error conditions. A \nlocal attacker with the ability to load modules could use this to cause a \ndenial of service (memory exhaustion). (CVE-2019-19067)\n\nIt was discovered that the Atheros HTC based wireless driver in the Linux \nkernel did not properly deallocate in certain error conditions. A local \nattacker could use this to cause a denial of service (memory exhaustion). \n(CVE-2019-19073, CVE-2019-19074)\n\nIt was discovered that the F2FS file system in the Linux kernel did not \nproperly perform bounds checking in some situations, leading to an out-of- \nbounds read. A local attacker could possibly use this to expose sensitive \ninformation (kernel memory). (CVE-2019-9445)\n\nIt was discovered that the VFIO PCI driver in the Linux kernel did not \nproperly handle attempts to access disabled memory spaces. A local attacker \ncould use this to cause a denial of service (system crash). \n(CVE-2020-12888)\n\nIt was discovered that the cgroup v2 subsystem in the Linux kernel did not \nproperly perform reference counting in some situations, leading to a NULL \npointer dereference. A local attacker could use this to cause a denial of \nservice or possibly gain administrative privileges. (CVE-2020-14356)\n\nIt was discovered that the state of network RNG in the Linux kernel was \npotentially observable. A remote attacker could use this to expose \nsensitive information. (CVE-2020-16166)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-09-23T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18808", "CVE-2019-19054", "CVE-2019-19061", "CVE-2019-19067", "CVE-2019-19073", "CVE-2019-19074", "CVE-2019-9445", "CVE-2020-12888", "CVE-2020-14356", "CVE-2020-16166"], "modified": "2020-09-23T00:00:00", "id": "USN-4526-1", "href": "https://ubuntu.com/security/notices/USN-4526-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-10-20T17:31:08", "description": "## Releases\n\n * Ubuntu 16.04 ESM\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-kvm \\- Linux kernel for cloud environments\n * linux-lts-xenial \\- Linux hardware enablement kernel from Xenial for Trusty\n * linux-raspi2 \\- Linux kernel for Raspberry Pi (V8) systems\n * linux-snapdragon \\- Linux kernel for Qualcomm Snapdragon processors\n\nIt was discovered that the Conexant 23885 TV card device driver for the \nLinux kernel did not properly deallocate memory in some error conditions. A \nlocal attacker could use this to cause a denial of service (memory \nexhaustion). (CVE-2019-19054)\n\nIt was discovered that the Atheros HTC based wireless driver in the Linux \nkernel did not properly deallocate in certain error conditions. A local \nattacker could use this to cause a denial of service (memory exhaustion). \n(CVE-2019-19073, CVE-2019-19074)\n\nYue Haibing discovered that the Linux kernel did not properly handle \nreference counting in sysfs for network devices in some situations. A local \nattacker could possibly use this to cause a denial of service. \n(CVE-2019-20811)\n\nIt was discovered that the F2FS file system in the Linux kernel did not \nproperly perform bounds checking in some situations, leading to an out-of- \nbounds read. A local attacker could possibly use this to expose sensitive \ninformation (kernel memory). (CVE-2019-9445)\n\nIt was discovered that the F2FS file system in the Linux kernel did not \nproperly validate xattr meta data in some situations, leading to an out-of- \nbounds read. An attacker could use this to construct a malicious F2FS image \nthat, when mounted, could expose sensitive information (kernel memory). \n(CVE-2019-9453)\n\nIt was discovered that the F2FS file system implementation in the Linux \nkernel did not properly perform bounds checking on xattrs in some \nsituations. A local attacker could possibly use this to expose sensitive \ninformation (kernel memory). (CVE-2020-0067)\n\nIt was discovered that the NFS client implementation in the Linux kernel \ndid not properly perform bounds checking before copying security labels in \nsome situations. A local attacker could use this to cause a denial of \nservice (system crash) or possibly execute arbitrary code. (CVE-2020-25212)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-09-24T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19054", "CVE-2019-19073", "CVE-2019-19074", "CVE-2019-20811", "CVE-2019-9445", "CVE-2019-9453", "CVE-2020-0067", "CVE-2020-25212"], "modified": "2020-09-24T00:00:00", "id": "USN-4527-1", "href": "https://ubuntu.com/security/notices/USN-4527-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-06T19:50:55", "description": "## Releases\n\n * Ubuntu 18.04 ESM\n\n## Packages\n\n * linux-aws-5.3 \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-azure-5.3 \\- Linux kernel for Microsoft Azure cloud systems\n * linux-gke-5.3 \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-hwe \\- Linux hardware enablement (HWE) kernel\n\nIt was discovered that the XFS file system implementation in the Linux \nkernel did not properly validate meta data in some circumstances. An \nattacker could use this to construct a malicious XFS image that, when \nmounted, could cause a denial of service. (CVE-2020-12655)\n\nIt was discovered that the bcache subsystem in the Linux kernel did not \nproperly release a lock in some error conditions. A local attacker could \npossibly use this to cause a denial of service. (CVE-2020-12771)\n\nKyungtae Kim discovered that the USB testing driver in the Linux kernel did \nnot properly deallocate memory on disconnect events. A physically proximate \nattacker could use this to cause a denial of service (memory exhaustion). \n(CVE-2020-15393)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-08-23T00:00:00", "type": "ubuntu", "title": "linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12655", "CVE-2020-12771", "CVE-2020-15393", "CVE-2020-24394"], "modified": "2020-08-23T00:00:00", "id": "USN-4465-1", "href": "https://ubuntu.com/security/notices/USN-4465-1", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-06T19:41:36", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n * Ubuntu 18.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-aws-5.4 \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-azure \\- Linux kernel for Microsoft Azure Cloud systems\n * linux-azure-5.4 \\- Linux kernel for Microsoft Azure cloud systems\n * linux-gcp \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-gcp-5.4 \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-hwe-5.4 \\- Linux hardware enablement (HWE) kernel\n * linux-kvm \\- Linux kernel for cloud environments\n * linux-oracle \\- Linux kernel for Oracle Cloud systems\n * linux-oracle-5.4 \\- Linux kernel for Oracle Cloud systems\n * linux-raspi \\- Linux kernel for Raspberry Pi (V8) systems\n * linux-raspi-5.4 \\- Linux kernel for Raspberry Pi (V8) systems\n\nIt was discovered that the AMD Cryptographic Coprocessor device driver in \nthe Linux kernel did not properly deallocate memory in some situations. A \nlocal attacker could use this to cause a denial of service (memory \nexhaustion). (CVE-2019-18808)\n\nIt was discovered that the Conexant 23885 TV card device driver for the \nLinux kernel did not properly deallocate memory in some error conditions. A \nlocal attacker could use this to cause a denial of service (memory \nexhaustion). (CVE-2019-19054)\n\nIt was discovered that the VFIO PCI driver in the Linux kernel did not \nproperly handle attempts to access disabled memory spaces. A local attacker \ncould use this to cause a denial of service (system crash). \n(CVE-2020-12888)\n\nIt was discovered that the state of network RNG in the Linux kernel was \npotentially observable. A remote attacker could use this to expose \nsensitive information. (CVE-2020-16166)\n\nIt was discovered that the NFS client implementation in the Linux kernel \ndid not properly perform bounds checking before copying security labels in \nsome situations. A local attacker could use this to cause a denial of \nservice (system crash) or possibly execute arbitrary code. (CVE-2020-25212)\n", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-09-24T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18808", "CVE-2019-19054", "CVE-2020-12888", "CVE-2020-16166", "CVE-2020-25212"], "modified": "2020-09-24T00:00:00", "id": "USN-4525-1", "href": "https://ubuntu.com/security/notices/USN-4525-1", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-10-20T17:32:16", "description": "## Releases\n\n * Ubuntu 16.04 ESM\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-kvm \\- Linux kernel for cloud environments\n * linux-lts-xenial \\- Linux hardware enablement kernel from Xenial for Trusty\n * linux-raspi2 \\- Linux kernel for Raspberry Pi (V8) systems\n * linux-snapdragon \\- Linux kernel for Qualcomm Snapdragon processors\n\nWen Xu discovered that the XFS filesystem implementation in the Linux \nkernel did not properly validate meta-data information. An attacker could \nuse this to construct a malicious xfs image that, when mounted, could cause \na denial of service (system crash).\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-09-02T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10323"], "modified": "2020-09-02T00:00:00", "id": "USN-4486-1", "href": "https://ubuntu.com/security/notices/USN-4486-1", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-10-20T17:52:43", "description": "## Releases\n\n * Ubuntu 17.10 \n\n## Packages\n\n * linux \\- Linux kernel\n * linux-raspi2 \\- Linux kernel for Raspberry Pi 2\n\nIt was discovered that the Broadcom UniMAC MDIO bus controller driver in \nthe Linux kernel did not properly validate device resources. A local \nattacker could use this to cause a denial of service (system crash).\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-04-23T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8043"], "modified": "2018-04-23T00:00:00", "id": "USN-3630-1", "href": "https://ubuntu.com/security/notices/USN-3630-1", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-07T06:56:22", "description": "## Releases\n\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * linux-gcp \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-hwe \\- Linux hardware enablement (HWE) kernel\n * linux-oem \\- Linux kernel for OEM processors\n\nUSN-3630-1 fixed a vulnerability in the Linux kernel for Ubuntu 17.10. \nThis update provides the corresponding updates for the Linux Hardware \nEnablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS.\n\nIt was discovered that the Broadcom UniMAC MDIO bus controller driver in \nthe Linux kernel did not properly validate device resources. A local \nattacker could use this to cause a denial of service (system crash).\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-04-24T00:00:00", "type": "ubuntu", "title": "Linux kernel (HWE) vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8043"], "modified": "2018-04-24T00:00:00", "id": "USN-3630-2", "href": "https://ubuntu.com/security/notices/USN-3630-2", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-06T19:46:26", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n * Ubuntu 18.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-aws-5.4 \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-azure \\- Linux kernel for Microsoft Azure Cloud systems\n * linux-azure-5.4 \\- Linux kernel for Microsoft Azure cloud systems\n * linux-gcp \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-gcp-5.4 \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-hwe-5.4 \\- Linux hardware enablement (HWE) kernel\n * linux-kvm \\- Linux kernel for cloud environments\n * linux-oracle \\- Linux kernel for Oracle Cloud systems\n * linux-oracle-5.4 \\- Linux kernel for Oracle Cloud systems\n * linux-raspi \\- Linux kernel for Raspberry Pi (V8) systems\n * linux-raspi-5.4 \\- Linux kernel for Raspberry Pi (V8) systems\n\nChuhong Yuan discovered that go7007 USB audio device driver in the Linux \nkernel did not properly deallocate memory in some failure conditions. A \nphysically proximate attacker could use this to cause a denial of service \n(memory exhaustion). (CVE-2019-20810)\n\nFan Yang discovered that the mremap implementation in the Linux kernel did \nnot properly handle DAX Huge Pages. A local attacker with access to DAX \nstorage could use this to gain administrative privileges. (CVE-2020-10757)\n\nIt was discovered that the Linux kernel did not correctly apply Speculative \nStore Bypass Disable (SSBD) mitigations in certain situations. A local \nattacker could possibly use this to expose sensitive information. \n(CVE-2020-10766)\n\nIt was discovered that the Linux kernel did not correctly apply Indirect \nBranch Predictor Barrier (IBPB) mitigations in certain situations. A local \nattacker could possibly use this to expose sensitive information. \n(CVE-2020-10767)\n\nIt was discovered that the Linux kernel could incorrectly enable Indirect \nBranch Speculation after it has been disabled for a process via a prctl() \ncall. A local attacker could possibly use this to expose sensitive \ninformation. (CVE-2020-10768)\n\nLuca Bruno discovered that the zram module in the Linux kernel did not \nproperly restrict unprivileged users from accessing the hot_add sysfs file. \nA local attacker could use this to cause a denial of service (memory \nexhaustion). (CVE-2020-10781)\n\nIt was discovered that the XFS file system implementation in the Linux \nkernel did not properly validate meta data in some circumstances. An \nattacker could use this to construct a malicious XFS image that, when \nmounted, could cause a denial of service. (CVE-2020-12655)\n\nIt was discovered that the bcache subsystem in the Linux kernel did not \nproperly release a lock in some error conditions. A local attacker could \npossibly use this to cause a denial of service. (CVE-2020-12771)\n\nIt was discovered that the Virtual Terminal keyboard driver in the Linux \nkernel contained an integer overflow. A local attacker could possibly use \nthis to have an unspecified impact. (CVE-2020-13974)\n\nIt was discovered that the cgroup v2 subsystem in the Linux kernel did not \nproperly perform reference counting in some situations, leading to a NULL \npointer dereference. A local attacker could use this to cause a denial of \nservice or possibly gain administrative privileges. (CVE-2020-14356)\n\nKyungtae Kim discovered that the USB testing driver in the Linux kernel did \nnot properly deallocate memory on disconnect events. A physically proximate \nattacker could use this to cause a denial of service (memory exhaustion). \n(CVE-2020-15393)\n\nIt was discovered that the NFS server implementation in the Linux kernel \ndid not properly honor umask settings when setting permissions while \ncreating file system objects if the underlying file system did not support \nACLs. An attacker could possibly use this to expose sensitive information \nor violate system integrity. (CVE-2020-24394)\n\nIt was discovered that the Kerberos SUNRPC GSS implementation in the Linux \nkernel did not properly deallocate memory on module unload. A local \nprivileged attacker could possibly use this to cause a denial of service \n(memory exhaustion). (CVE-2020-12656)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-09-03T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20810", "CVE-2020-10757", "CVE-2020-10766", "CVE-2020-10767", "CVE-2020-10768", "CVE-2020-10781", "CVE-2020-12655", "CVE-2020-12656", "CVE-2020-12771", "CVE-2020-13974", "CVE-2020-14356", "CVE-2020-15393", "CVE-2020-24394"], "modified": "2020-09-03T00:00:00", "id": "USN-4483-1", "href": "https://ubuntu.com/security/notices/USN-4483-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-10-20T17:32:42", "description": "## Releases\n\n * Ubuntu 16.04 ESM\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-kvm \\- Linux kernel for cloud environments\n * linux-lts-xenial \\- Linux hardware enablement kernel from Xenial for Trusty\n * linux-raspi2 \\- Linux kernel for Raspberry Pi (V7) systems\n * linux-snapdragon \\- Linux kernel for Qualcomm Snapdragon processors\n\nIt was discovered that the bcache subsystem in the Linux kernel did not \nproperly release a lock in some error conditions. A local attacker could \npossibly use this to cause a denial of service. (CVE-2020-12771)\n\nKyungtae Kim discovered that the USB testing driver in the Linux kernel did \nnot properly deallocate memory on disconnect events. A physically proximate \nattacker could use this to cause a denial of service (memory exhaustion). \n(CVE-2020-15393)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-08-18T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12771", "CVE-2020-15393"], "modified": "2020-08-18T00:00:00", "id": "USN-4463-1", "href": "https://ubuntu.com/security/notices/USN-4463-1", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-10-20T17:32:08", "description": "## Releases\n\n * Ubuntu 18.04 ESM\n * Ubuntu 16.04 ESM\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-aws-hwe \\- Linux kernel for Amazon Web Services (AWS-HWE) systems\n * linux-azure \\- Linux kernel for Microsoft Azure Cloud systems\n * linux-azure-4.15 \\- Linux kernel for Microsoft Azure Cloud systems\n * linux-gcp \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-gcp-4.15 \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-gke-4.15 \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-hwe \\- Linux hardware enablement (HWE) kernel\n * linux-kvm \\- Linux kernel for cloud environments\n * linux-oem \\- Linux kernel for OEM systems\n * linux-oracle \\- Linux kernel for Oracle Cloud systems\n * linux-raspi2 \\- Linux kernel for Raspberry Pi (V8) systems\n * linux-snapdragon \\- Linux kernel for Qualcomm Snapdragon processors\n\nTimothy Michaud discovered that the i915 graphics driver in the Linux \nkernel did not properly validate user memory locations for the \ni915_gem_execbuffer2_ioctl. A local attacker could possibly use this to \ncause a denial of service or execute arbitrary code. (CVE-2018-20669)\n\nIt was discovered that the Kvaser CAN/USB driver in the Linux kernel did \nnot properly initialize memory in certain situations. A local attacker \ncould possibly use this to expose sensitive information (kernel memory). \n(CVE-2019-19947)\n\nChuhong Yuan discovered that go7007 USB audio device driver in the Linux \nkernel did not properly deallocate memory in some failure conditions. A \nphysically proximate attacker could use this to cause a denial of service \n(memory exhaustion). (CVE-2019-20810)\n\nIt was discovered that the elf handling code in the Linux kernel did not \ninitialize memory before using it in certain situations. A local attacker \ncould use this to possibly expose sensitive information (kernel memory). \n(CVE-2020-10732)\n\nIt was discovered that the Linux kernel did not correctly apply Speculative \nStore Bypass Disable (SSBD) mitigations in certain situations. A local \nattacker could possibly use this to expose sensitive information. \n(CVE-2020-10766)\n\nIt was discovered that the Linux kernel did not correctly apply Indirect \nBranch Predictor Barrier (IBPB) mitigations in certain situations. A local \nattacker could possibly use this to expose sensitive information. \n(CVE-2020-10767)\n\nIt was discovered that the Linux kernel could incorrectly enable Indirect \nBranch Speculation after it has been disabled for a process via a prctl() \ncall. A local attacker could possibly use this to expose sensitive \ninformation. (CVE-2020-10768)\n\nLuca Bruno discovered that the zram module in the Linux kernel did not \nproperly restrict unprivileged users from accessing the hot_add sysfs file. \nA local attacker could use this to cause a denial of service (memory \nexhaustion). (CVE-2020-10781)\n\nIt was discovered that the XFS file system implementation in the Linux \nkernel did not properly validate meta data in some circumstances. An \nattacker could use this to construct a malicious XFS image that, when \nmounted, could cause a denial of service. (CVE-2020-12655)\n\nIt was discovered that the bcache subsystem in the Linux kernel did not \nproperly release a lock in some error conditions. A local attacker could \npossibly use this to cause a denial of service. (CVE-2020-12771)\n\nIt was discovered that the Virtual Terminal keyboard driver in the Linux \nkernel contained an integer overflow. A local attacker could possibly use \nthis to have an unspecified impact. (CVE-2020-13974)\n\nKyungtae Kim discovered that the USB testing driver in the Linux kernel did \nnot properly deallocate memory on disconnect events. A physically proximate \nattacker could use this to cause a denial of service (memory exhaustion). \n(CVE-2020-15393)\n\nIt was discovered that the NFS server implementation in the Linux kernel \ndid not properly honor umask settings when setting permissions while \ncreating file system objects if the underlying file system did not support \nACLs. An attacker could possibly use this to expose sensitive information \nor violate system integrity. (CVE-2020-24394)\n\nIt was discovered that the Kerberos SUNRPC GSS implementation in the Linux \nkernel did not properly deallocate memory on module unload. A local \nprivileged attacker could possibly use this to cause a denial of service \n(memory exhaustion). (CVE-2020-12656)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-09-03T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20669", "CVE-2019-19947", "CVE-2019-20810", "CVE-2020-10732", "CVE-2020-10766", "CVE-2020-10767", "CVE-2020-10768", "CVE-2020-10781", "CVE-2020-12655", "CVE-2020-12656"