Debian DSA-5096-1 : linux - security update

2022-03-09T00:00:00

Description

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities - An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The (CVE-2020-29374) - An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka - A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the (CVE-2021-20317) - A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users (CVE-2021-20321) - A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux - A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to Running PV backends in driver domains has one primary security advantage: if a driver domain gets - Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur - A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the (CVE-2021-3640) - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744) - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to - A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP - arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when This occurs because conditional branches can exceed the 128 KB limit of the MIPS architecture. (CVE-2021-38300) - A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083) - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows - The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to - An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in - In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlan - In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows (CVE-2021-43976) - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory - pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak. (CVE-2021-45095) - In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds - An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances. (CVE-2021-45480) - A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c (CVE-2022-0492) - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the - An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in - An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB (CVE-2022-25258) - An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The Note that Nessus has not tested for this issue but has instead relied only on the application's as referenced in the dsa-5096 advisory. get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58. CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950. (CVE-2020-36322) timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while running OSP. do rename in specific way with OverlayFS. A local user could use this flaw to crash the system. kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. (CVE-2021-20322) crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (CVE-2021-22600) multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as driver domains. compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713) relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714) (CVE-2021-28714, CVE-2021-28715) because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950) way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system. drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3752) to confidentiality, integrity, and system availability. (CVE-2021-3760) association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. (CVE-2021-3772) transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context. regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4002) file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. (CVE-2021-41864) drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking. (CVE-2021-42739) the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (CVE-2021-43389) tic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (CVE-2021-43975) an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic). 5.15.11. object. (CVE-2021-44733) memory access when an inode has an invalid last xattr entry. (CVE-2021-45469) in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. (CVE-2022-0487) function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617) O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448) drivers/net/hamradio/yam.c. (CVE-2022-24959) Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur. RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory. (CVE-2022-25375) self-reported version number.

{"id": "DEBIAN_DSA-5096.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-5096-1 : linux - security update", "description": "The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5096 advisory.\n\n - An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.\n (CVE-2020-29374)\n\n - An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950. (CVE-2020-36322)\n\n - A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while running OSP.\n (CVE-2021-20317)\n\n - A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.\n (CVE-2021-20321)\n\n - A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. (CVE-2021-20322)\n\n - A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (CVE-2021-22600)\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as driver domains.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default).\n Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time.\n (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714) (CVE-2021-28714, CVE-2021-28715)\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)\n\n - A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.\n (CVE-2021-3640)\n\n - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).\n This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)\n\n - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3752)\n\n - A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability. (CVE-2021-3760)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context.\n This occurs because conditional branches can exceed the 128 KB limit of the MIPS architecture.\n (CVE-2021-38300)\n\n - A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4002)\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. (CVE-2021-41864)\n\n - The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking. (CVE-2021-42739)\n\n - An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (CVE-2021-43389)\n\n - In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (CVE-2021-43975)\n\n - In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).\n (CVE-2021-43976)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. (CVE-2021-44733)\n\n - pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.\n (CVE-2021-45095)\n\n - In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry. (CVE-2021-45469)\n\n - An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the\n __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances.\n (CVE-2021-45480)\n\n - A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. (CVE-2022-0487)\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\n - An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c. (CVE-2022-24959)\n\n - An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur.\n (CVE-2022-25258)\n\n - An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory. (CVE-2022-25375)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2022-03-09T00:00:00", "modified": "2023-11-06T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/158761", "reporter": "This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://security-tracker.debian.org/tracker/CVE-2022-25375", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39685", "https://security-tracker.debian.org/tracker/CVE-2020-29374", "https://security-tracker.debian.org/tracker/CVE-2021-3752", "https://security-tracker.debian.org/tracker/CVE-2022-24448", "https://security-tracker.debian.org/tracker/CVE-2022-0002", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25258", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42739", "https://security-tracker.debian.org/tracker/CVE-2020-36322", "https://security-tracker.debian.org/tracker/CVE-2021-39686", "https://security-tracker.debian.org/tracker/CVE-2021-44733", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28715", "https://security-tracker.debian.org/tracker/CVE-2021-38300", "https://security-tracker.debian.org/tracker/CVE-2021-45469", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43975", "https://security-tracker.debian.org/tracker/CVE-2021-43976", "https://security-tracker.debian.org/tracker/CVE-2021-20322", "https://security-tracker.debian.org/tracker/CVE-2021-3764", "https://security-tracker.debian.org/tracker/CVE-2021-4002", "https://security-tracker.debian.org/tracker/CVE-2021-4083", "https://security-tracker.debian.org/tracker/CVE-2021-3760", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45095", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44733", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29374", "https://security-tracker.debian.org/tracker/CVE-2022-0617", "https://security-tracker.debian.org/tracker/CVE-2022-0322", "https://security-tracker.debian.org/tracker/CVE-2021-20321", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0002", "https://security-tracker.debian.org/tracker/CVE-2021-28950", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4083", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22600", "https://security-tracker.debian.org/tracker/CVE-2021-39698", "https://security-tracker.debian.org/tracker/CVE-2022-0492", "https://security-tracker.debian.org/tracker/CVE-2022-0487", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3744", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20321", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4002", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28713", "https://security-tracker.debian.org/tracker/CVE-2021-22600", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4202", "https://security-tracker.debian.org/tracker/CVE-2021-39685", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988044", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28714", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3752", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39686", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36322", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0322", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22942", "https://security-tracker.debian.org/tracker/CVE-2021-4155", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38300", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3640", "https://security-tracker.debian.org/tracker/CVE-2021-3772", "https://security-tracker.debian.org/tracker/CVE-2021-39713", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0492", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45469", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0644", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20317", "https://security-tracker.debian.org/tracker/CVE-2021-28712", "https://security-tracker.debian.org/tracker/CVE-2022-25258", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28711", "https://security-tracker.debian.org/tracker/CVE-2021-45480", "https://security-tracker.debian.org/tracker/CVE-2022-0001", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4203", "https://security-tracker.debian.org/tracker/source-package/linux", "https://security-tracker.debian.org/tracker/CVE-2021-20317", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43976", "https://security-tracker.debian.org/tracker/CVE-2021-42739", "https://security-tracker.debian.org/tracker/CVE-2022-0330", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3772", "https://security-tracker.debian.org/tracker/CVE-2021-45095", "https://security-tracker.debian.org/tracker/CVE-2021-28711", "https://security-tracker.debian.org/tracker/CVE-2021-4135", "https://www.debian.org/security/2022/dsa-5096", "https://security-tracker.debian.org/tracker/CVE-2021-3744", "https://security-tracker.debian.org/tracker/CVE-2021-4202", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0330", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43389", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0001", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20322", "https://security-tracker.debian.org/tracker/CVE-2022-22942", "https://security-tracker.debian.org/tracker/CVE-2021-28714", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28950", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39713", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28712", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24959", "https://security-tracker.debian.org/tracker/CVE-2022-0435", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0435", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45480", "https://security-tracker.debian.org/tracker/CVE-2021-28713", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25375", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0617", "https://security-tracker.debian.org/tracker/CVE-2021-3640", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3764", "https://security-tracker.debian.org/tracker/CVE-2021-43389", "https://security-tracker.debian.org/tracker/CVE-2022-0644", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3760", "https://security-tracker.debian.org/tracker/CVE-2021-4203", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39698", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0487", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24448", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41864", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4155", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4135", "https://security-tracker.debian.org/tracker/CVE-2021-28715", "https://security-tracker.debian.org/tracker/CVE-2022-24959", "https://security-tracker.debian.org/tracker/CVE-2021-43975", "https://security-tracker.debian.org/tracker/CVE-2021-41864", "https://packages.debian.org/source/buster/linux"], "cvelist": ["CVE-2019-18808", "CVE-2020-29374", "CVE-2020-36322", "CVE-2021-20317", "CVE-2021-20321", "CVE-2021-20322", "CVE-2021-22600", "CVE-2021-28711", "CVE-2021-28712", "CVE-2021-28713", "CVE-2021-28714", "CVE-2021-28715", "CVE-2021-28950", "CVE-2021-3640", "CVE-2021-3744", "CVE-2021-3752", "CVE-2021-3760", "CVE-2021-3764", "CVE-2021-3772", "CVE-2021-38300", "CVE-2021-39685", "CVE-2021-39686", "CVE-2021-39698", "CVE-2021-39713", "CVE-2021-4002", "CVE-2021-4083", "CVE-2021-4135", "CVE-2021-4155", "CVE-2021-41864", "CVE-2021-4202", "CVE-2021-4203", "CVE-2021-42739", "CVE-2021-43389", "CVE-2021-43975", "CVE-2021-43976", "CVE-2021-44733", "CVE-2021-45095", "CVE-2021-45469", "CVE-2021-45480", "CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0322", "CVE-2022-0330", "CVE-2022-0435", "CVE-2022-0487", "CVE-2022-0492", "CVE-2022-0617", "CVE-2022-0644", "CVE-2022-22942", "CVE-2022-24448", "CVE-2022-24959", "CVE-2022-25258", "CVE-2022-25375"], "immutableFields": [], "lastseen": "2023-11-08T16:21:55", "viewCount": 13, "enchantments": {"backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2022:0825"]}, {"type": "amazon", "idList": ["ALAS-2022-1571", "ALAS2-2021-1727"]}, {"type": "androidsecurity", "idList": ["ANDROID:2022-03-01"]}, {"type": "canvas", "idList": ["OVERLAYFS"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:BD43D191F1913B0416A737C28EAC643D", "CFOUNDRY:C1D2F4D8A3F0384C89F6C8D93A4DCF97", "CFOUNDRY:DBB07350F947C0F70F7FE502A4A24A35", "CFOUNDRY:E504C95A1FDEC99C8FA5C726FB6DEA76", "CFOUNDRY:FD7245C3742F24986DE3C2791BDAC899"]}, {"type": "cve", "idList": ["CVE-2020-29374", "CVE-2020-36322", "CVE-2021-20317", "CVE-2021-28950", "CVE-2021-3772", "CVE-2021-38300", "CVE-2021-41864", "CVE-2021-42739", "CVE-2021-43389", "CVE-2021-43975", "CVE-2021-43976", "CVE-2022-0001", "CVE-2022-0002"]}, {"type": "debian", "idList": ["DEBIAN:DSA-5092-1:463D4", "DEBIAN:DSA-5095-1:31FF6", "DEBIAN:DSA-5096-1:B47F5"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-3772"]}, {"type": "fedora", "idList": ["FEDORA:2C60130E5BFF", "FEDORA:6CC3030C5A5F"]}, {"type": "githubexploit", "idList": ["564795E6-048F-581C-B600-4CA7B45E1319", "8F8D2F72-BC08-5672-91A1-523A5EF7D1AA", "E15E347F-A26F-5F55-AA97-650439269AD6"]}, {"type": "ibm", "idList": ["41CD314F34CC21D5DF000017FEA2274687041AD7C28B5D88AAAF2CE43C5EF417", "71704339C499506FBD9AD5216F79BE8D641A0F781BEF936B7F7E67FCCE6E79FA"]}, {"type": "nessus", "idList": ["AL2_ALAS-2022-1761.NASL", "ALA_ALAS-2022-1571.NASL", "DEBIAN_DSA-5095.NASL", "EULEROS_SA-2021-1039.NASL", "PHOTONOS_PHSA-2021-4_0-0126_LINUX.NASL", "SLACKWARE_SSA_2022-067-01.NASL", "SUSE_SU-2022-0757-1.NASL", "SUSE_SU-2022-0759-1.NASL", "SUSE_SU-2022-0761-1.NASL", "SUSE_SU-2022-0766-1.NASL", "SUSE_SU-2022-0767-1.NASL", "SUSE_SU-2022-0768-1.NASL", "UBUNTU_USN-5317-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-9564", "ELSA-2021-9565"]}, {"type": "photon", "idList": ["PHSA-2021-0325", "PHSA-2021-0336", "PHSA-2021-0415"]}, {"type": "redhat", "idList": ["RHSA-2022:0819", "RHSA-2022:0820", "RHSA-2022:0821", "RHSA-2022:0823", "RHSA-2022:0825"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-0920", "RH:CVE-2021-3772", "RH:CVE-2021-4083", "RH:CVE-2022-0330", "RH:CVE-2022-0435", "RH:CVE-2022-0492", "RH:CVE-2022-22942"]}, {"type": "rocky", "idList": ["RLSA-2022:819", "RLSA-2022:825"]}, {"type": "slackware", "idList": ["SSA-2022-067-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:0755-1", "OPENSUSE-SU-2022:0760-1"]}, {"type": "ubuntu", "idList": ["USN-5317-1", "USN-5318-1", "USN-5319-1"]}]}, "dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:4431", "ALSA-2021:1578", "ALSA-2021:4356", "ALSA-2021:4647", "ALSA-2021:5227", "ALSA-2022:0188", "ALSA-2022:0825", "ALSA-2022:1988", "ALSA-2022:7444", "ALSA-2022:7683", "ALSA-2022:7933", "ALSA-2022:8267"]}, {"type": "amazon", "idList": ["ALAS-2021-1503", "ALAS-2022-1563", "ALAS-2022-1571", "ALAS-2022-1749", "ALAS-2023-1688", "ALAS2-2020-1480", "ALAS2-2021-1636", "ALAS2-2021-1719", "ALAS2-2021-1727", "ALAS2-2022-1749", "ALAS2-2022-1761"]}, {"type": "attackerkb", "idList": ["AKB:373F5109-8A3F-4E40-8B13-25C90814132D"]}, {"type": "avleonov", "idList": ["AVLEONOV:317FBD7DA93C95993A9FFF38FB04A987"]}, {"type": "broadcom", "idList": ["BSNSA22349", "BSNSA22356"]}, {"type": "centos", "idList": ["CESA-2020:4060", "CESA-2022:0063", "CESA-2022:0620", "CESA-2022:4642"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2021-22600"]}, {"type": "citrix", "idList": ["CTX335432"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:1B101FB251EDFB9515B6EABF00F1012E", "CFOUNDRY:226DA7BC3BC1C7C67D533B698A4FBB23", "CFOUNDRY:4523CAD43FD7AB1B2F9A08A0884F2F56", "CFOUNDRY:53F8A02950D1071788BF2E23EFF823EF", "CFOUNDRY:5C1685BF1F8BCC0EFD4A80083950136F", "CFOUNDRY:6842286EED83D27526CFF6743C20F98E", "CFOUNDRY:73F8C8B872786F9D1C6842EE16AD1519", "CFOUNDRY:812295820B55CAF926A01271C929014A", "CFOUNDRY:82DF14FC7487619119F0BE4E5983B231", "CFOUNDRY:873D4C50CDC37566272A2CA3925ADB7A", "CFOUNDRY:9170AF39C296B9726CD7B93B3A36EC22", "CFOUNDRY:ABBF4BD74406CA92477E7CFB1AD01190", "CFOUNDRY:BD43D191F1913B0416A737C28EAC643D", "CFOUNDRY:C1D2F4D8A3F0384C89F6C8D93A4DCF97", "CFOUNDRY:C7BE92CF45CB8F4FCBCEA8F043427BCF", "CFOUNDRY:DBB07350F947C0F70F7FE502A4A24A35", "CFOUNDRY:E504C95A1FDEC99C8FA5C726FB6DEA76", "CFOUNDRY:EFCCA8E89849350B3F5BDC16FFE250F8", "CFOUNDRY:FD7245C3742F24986DE3C2791BDAC899"]}, {"type": "cloudlinux", "idList": ["CLSA-2022:1650986488", "CLSA-2022:1650986589"]}, {"type": "cnvd", "idList": ["CNVD-2021-102383", "CNVD-2021-102393", "CNVD-2021-92971", "CNVD-2021-93367", "CNVD-2021-94150", "CNVD-2022-00608", "CNVD-2022-05041", "CNVD-2022-05042", "CNVD-2022-06509", "CNVD-2022-06900", "CNVD-2022-07634", "CNVD-2022-12797", "CNVD-2022-13357", "CNVD-2022-20176", "CNVD-2022-20179", "CNVD-2022-21490", "CNVD-2022-21492", "CNVD-2022-68570", "CNVD-2022-68574", "CNVD-2022-68575", "CNVD-2022-68576", "CNVD-2022-68615", "CNVD-2022-68616", "CNVD-2022-69195", "CNVD-2022-69196", "CNVD-2022-69201"]}, {"type": "cve", "idList": ["CVE-2019-18808", "CVE-2020-29374", "CVE-2020-36322", "CVE-2021-20317", "CVE-2021-20321", "CVE-2021-20322", "CVE-2021-22600", "CVE-2021-28711", "CVE-2021-28712", "CVE-2021-28713", "CVE-2021-28714", "CVE-2021-28715", "CVE-2021-28950", "CVE-2021-3542", "CVE-2021-3640", "CVE-2021-3744", "CVE-2021-3752", "CVE-2021-3760", "CVE-2021-3764", "CVE-2021-3772", "CVE-2021-38300", "CVE-2021-3896", "CVE-2021-39685", "CVE-2021-39686", "CVE-2021-39698", "CVE-2021-39713", "CVE-2021-4002", "CVE-2021-4083", "CVE-2021-4135", "CVE-2021-4155", "CVE-2021-41864", "CVE-2021-4202", "CVE-2021-4203", "CVE-2021-42739", "CVE-2021-43389", "CVE-2021-43975", "CVE-2021-43976", "CVE-2021-44733", "CVE-2021-45095", "CVE-2021-45469", "CVE-2021-45480", "CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0322", "CVE-2022-0330", "CVE-2022-0435", "CVE-2022-0487", "CVE-2022-0492", "CVE-2022-0617", "CVE-2022-0644", "CVE-2022-22942", "CVE-2022-24448", "CVE-2022-24959", "CVE-2022-25258", "CVE-2022-25375"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2689-1:31A23", "DEBIAN:DLA-2690-1:EA198", "DEBIAN:DLA-2843-1:AB8E9", "DEBIAN:DLA-2940-1:FB71D", "DEBIAN:DLA-2941-1:96084", "DEBIAN:DLA-3065-1:C1710", "DEBIAN:DSA-5050-1:FB23B", "DEBIAN:DSA-5092-1:463D4", "DEBIAN:DSA-5095-1:31FF6", "DEBIAN:DSA-5096-1:B47F5"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-18808", "DEBIANCVE:CVE-2020-29374", "DEBIANCVE:CVE-2020-36322", "DEBIANCVE:CVE-2021-20317", "DEBIANCVE:CVE-2021-20321", "DEBIANCVE:CVE-2021-20322", "DEBIANCVE:CVE-2021-22600", "DEBIANCVE:CVE-2021-28711", "DEBIANCVE:CVE-2021-28712", "DEBIANCVE:CVE-2021-28713", "DEBIANCVE:CVE-2021-28714", "DEBIANCVE:CVE-2021-28715", "DEBIANCVE:CVE-2021-28950", "DEBIANCVE:CVE-2021-3640", "DEBIANCVE:CVE-2021-3744", "DEBIANCVE:CVE-2021-3752", "DEBIANCVE:CVE-2021-3760", "DEBIANCVE:CVE-2021-3764", "DEBIANCVE:CVE-2021-3772", "DEBIANCVE:CVE-2021-38300", "DEBIANCVE:CVE-2021-39685", "DEBIANCVE:CVE-2021-39686", "DEBIANCVE:CVE-2021-39698", "DEBIANCVE:CVE-2021-39713", "DEBIANCVE:CVE-2021-4002", "DEBIANCVE:CVE-2021-4083", "DEBIANCVE:CVE-2021-4135", "DEBIANCVE:CVE-2021-4155", "DEBIANCVE:CVE-2021-41864", "DEBIANCVE:CVE-2021-4202", "DEBIANCVE:CVE-2021-4203", "DEBIANCVE:CVE-2021-42739", "DEBIANCVE:CVE-2021-43389", "DEBIANCVE:CVE-2021-43975", "DEBIANCVE:CVE-2021-43976", "DEBIANCVE:CVE-2021-44733", "DEBIANCVE:CVE-2021-45095", "DEBIANCVE:CVE-2021-45469", "DEBIANCVE:CVE-2021-45480", "DEBIANCVE:CVE-2022-0001", "DEBIANCVE:CVE-2022-0002", "DEBIANCVE:CVE-2022-0322", "DEBIANCVE:CVE-2022-0330", "DEBIANCVE:CVE-2022-0435", "DEBIANCVE:CVE-2022-0487", "DEBIANCVE:CVE-2022-0492", "DEBIANCVE:CVE-2022-0617", "DEBIANCVE:CVE-2022-0644", "DEBIANCVE:CVE-2022-22942", "DEBIANCVE:CVE-2022-24448", "DEBIANCVE:CVE-2022-24959", "DEBIANCVE:CVE-2022-25258", "DEBIANCVE:CVE-2022-25375"]}, {"type": "f5", "idList": ["F5:K01311152", "F5:K11255393", "F5:K14981751", "F5:K22113693", "F5:K25511825", "F5:K30914425", "F5:K49440205", "F5:K52379673", "F5:K54724312", "F5:K57774767", "F5:K71080411"]}, {"type": "fedora", "idList": ["FEDORA:0035030A605C", "FEDORA:224AE608F491", "FEDORA:267796076024", "FEDORA:2757230742BD", "FEDORA:2997130BDE89", "FEDORA:2C60130E5BFF", "FEDORA:31629306A96B", "FEDORA:33F1C30BA750", "FEDORA:34D5930F2474", "FEDORA:3AA1530B13C7", "FEDORA:3C62F312AD5B", "FEDORA:4FE7A30C79D4", "FEDORA:5021030569C0", "FEDORA:51B856067EB8", "FEDORA:55CC430B13F2", "FEDORA:5BC786077CC2", "FEDORA:628EB603ECD0", "FEDORA:6B76630683C3", "FEDORA:6CC3030C5A5F", "FEDORA:6D74B30AE7EB", "FEDORA:73E1630A20AB", "FEDORA:803AE30C6416", "FEDORA:81E9830A6E1C", "FEDORA:8C83E30BAD02", "FEDORA:8FD383176A9C", "FEDORA:94BC060A4ECF", "FEDORA:956DE30B8B74", "FEDORA:95EFE30A071C", "FEDORA:983E93068B63", "FEDORA:9D52D306EA06", "FEDORA:A1C2A3072626", "FEDORA:A65BD30BAD03", "FEDORA:A6B0530AF205", "FEDORA:BE42330AF3B5", "FEDORA:BF5EC607125E", "FEDORA:C63656040AE1", "FEDORA:CB0956087865", "FEDORA:CCAC1305D42D", "FEDORA:EC9F26076D31"]}, {"type": "githubexploit", "idList": ["475F2C40-8FBF-5AE6-B718-F94A37696E94", "4B9FC39D-E20E-5C2B-9C2F-B18BF0FCFF81", "4DB16743-1B3F-505A-B93A-4202272E3C44", "564795E6-048F-581C-B600-4CA7B45E1319", "768F8F97-383F-5D15-BBA5-81FFC7138CD5", "8F8D2F72-BC08-5672-91A1-523A5EF7D1AA", "926D289B-3E6E-5186-8511-1F7D832A8CAD", "9840D3EA-61BB-54B6-904A-09DAD15F24DC", "9FDDDA87-06DB-51EC-ADC5-5009B1A6F124", "CD47B4AE-9604-5DF1-828D-8D320A71F6F7", "D5DA0DC0-04A9-5A7E-9454-2F6D05E8FFE8", "E15E347F-A26F-5F55-AA97-650439269AD6", "F0CED373-1989-53DF-9017-642D3BD9D9C4", "F235C897-C385-56AB-B58E-500B01C27538"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:F6A0481A189F0EAF78293E746E3C9083"]}, {"type": "hivepro", "idList": ["HIVEPRO:B59A6E24EF39F36B9D2E6D13B050D69A", "HIVEPRO:BCE2BBD9B7F60262FC88072724858373"]}, {"type": "ibm", "idList": ["1841E92577ACD6AADDBB49C1995A398D151CBC9679F1BA2B9C77425F2E40A55C", "185BBC212EB199C45233D6B9DC3039EA09F782A9A618E54D0204B7259290E45D", "41CD314F34CC21D5DF000017FEA2274687041AD7C28B5D88AAAF2CE43C5EF417", "433DE0092D030E14A71A2FA1BA9CEFA42E20E0192C794E75B0C1FF4CE223EEE8", "4777AA656AFE2A7E99CB0D93F8BE73D4229AC1A8C767E59363E711B828FD7059", "4799E621AAC3B2F147ABA50C4B1BDDD086D1674BCB8D390C130E00A00C814DF6", "6386F8948DEE250045178259A022D70BD9E8E6003BDBD116F95FAADC25DB23C2", "65AC1B828E41A5505E1A8E4F6E7E2E7A2BE86DE58C539C97379A40C7ED8BBD9F", "67AFE8257A8F5CA32ADE6C83C3A2186FBD379BBBF1049A235EA4EE0C4D67742A", "71704339C499506FBD9AD5216F79BE8D641A0F781BEF936B7F7E67FCCE6E79FA", "72AD5D71FF571D991FCA51BDAC7D0D303109A868FA89340C6F8CD492F9F038E3", "7A31AC3AD76478BCDFF5EAFDE198D822A87AF40F80D6BE332BB307F284077425", "80CD718D1D142D3B40DCBA71626D910648A9F36D3E9F858F36123167200B31E5", "8629A4ADAFCB95D5120D30DB27A7FEE450956908C79505EDF721F7E19CC8A212", "91D7C6C9A5739FEE5F42D389A6790AF75591DE3F4B00792DEC9B2F9736C9AA92", "A654520C31D8C30F04EA4DF13D66906D11A4C16B55D50B50EB88F47415ABF80C", "B2EA2FBA4D280351FEA7F9EC1921C448D44F4D9EC613590A87A15467F7D34153", "B315A585CDBD4D516E60AAEBBA49CDD9274D016108F5F855F13CF2FE3AA0F562", "B599429672D35F0898136CCC25113D8FA5E242634C8CEB73C87851525F0DA4BB", "D504296C469FF402F73637F620D6BEA70BC5D37426BFD10EC06DDF72B6870292", "D5ECBBDC568418EFF7397F83F70168665BB4FE519B1ECA21ED8FCE153E7910A1", "EAC404329213DF471FF757B7F009DD8A087FC2C57793182718799AB73514DB48", "ED670677BEE7F824FAA4922AD08CFBF43478203FCCB636E589E6854737336228"]}, {"type": "ics", "idList": ["ICSA-22-167-09", "ICSA-22-270-02", "ICSA-23-075-01", "ICSA-23-122-01"]}, {"type": "intel", "idList": ["INTEL:INTEL-SA-00598"]}, {"type": "mageia", "idList": ["MGASA-2021-0418", "MGASA-2021-0489", "MGASA-2021-0490", "MGASA-2021-0507", "MGASA-2021-0508", "MGASA-2021-0538", "MGASA-2021-0539", "MGASA-2021-0574", "MGASA-2021-0575", "MGASA-2021-0588", "MGASA-2021-0589", "MGASA-2022-0021", "MGASA-2022-0022", "MGASA-2022-0041", "MGASA-2022-0042", "MGASA-2022-0062", "MGASA-2022-0063", "MGASA-2022-0092", "MGASA-2022-0095", "MGASA-2022-0100", "MGASA-2022-0101"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT-LINUX-LOCAL-VMWGFX_FD_PRIV_ESC-"]}, {"type": "nessus", "idList": ["AL2022_ALAS2022-2022-039.NASL", "AL2022_ALAS2022-2022-185.NASL", "AL2023_ALAS2023-2023-070.NASL", "AL2_ALAS-2020-1480.NASL", "AL2_ALAS-2021-1636.NASL", "AL2_ALAS-2021-1719.NASL", "AL2_ALAS-2021-1727.NASL", "AL2_ALAS-2022-1749.NASL", "AL2_ALAS-2022-1761.NASL", "AL2_ALASKERNEL-5_10-2022-006.NASL", "AL2_ALASKERNEL-5_10-2022-007.NASL", "AL2_ALASKERNEL-5_10-2022-008.NASL", "AL2_ALASKERNEL-5_10-2022-009.NASL", "AL2_ALASKERNEL-5_10-2022-010.NASL", "AL2_ALASKERNEL-5_10-2022-011.NASL", "AL2_ALASKERNEL-5_4-2022-009.NASL", "AL2_ALASKERNEL-5_4-2022-014.NASL", "AL2_ALASKERNEL-5_4-2022-021.NASL", "AL2_ALASKERNEL-5_4-2022-022.NASL", "AL2_ALASKERNEL-5_4-2022-023.NASL", "AL2_ALASKERNEL-5_4-2022-027.NASL", "AL2_ALASKERNEL-5_4-2022-029.NASL", "AL2_ALASKERNEL-5_4-2022-031.NASL", "AL2_ALASMICROVM-KERNEL-4_14-2023-001.NASL", "ALA_ALAS-2021-1503.NASL", "ALA_ALAS-2022-1563.NASL", "ALA_ALAS-2022-1571.NASL", "ALA_ALAS-2023-1688.NASL", "ALMA_LINUX_ALSA-2020-4431.NASL", "ALMA_LINUX_ALSA-2021-1578.NASL", "ALMA_LINUX_ALSA-2021-4356.NASL", "ALMA_LINUX_ALSA-2021-4647.NASL", "ALMA_LINUX_ALSA-2021-5227.NASL", "ALMA_LINUX_ALSA-2022-0188.NASL", "ALMA_LINUX_ALSA-2022-0825.NASL", "ALMA_LINUX_ALSA-2022-1988.NASL", "ALMA_LINUX_ALSA-2022-7444.NASL", "ALMA_LINUX_ALSA-2022-7683.NASL", "ALMA_LINUX_ALSA-2022-7933.NASL", "ALMA_LINUX_ALSA-2022-8267.NASL", "CENTOS8_RHSA-2020-4431.NASL", "CENTOS8_RHSA-2021-1578.NASL", "CENTOS8_RHSA-2021-4140.NASL", "CENTOS8_RHSA-2021-4356.NASL", "CENTOS8_RHSA-2021-4646.NASL", "CENTOS8_RHSA-2021-4647.NASL", "CENTOS8_RHSA-2021-5227.NASL", "CENTOS8_RHSA-2022-0825.NASL", "CENTOS_RHSA-2020-4060.NASL", "CENTOS_RHSA-2022-0063.NASL", "CENTOS_RHSA-2022-0620.NASL", "CENTOS_RHSA-2022-4642.NASL", "DEBIAN_DLA-2689.NASL", "DEBIAN_DLA-2690.NASL", "DEBIAN_DLA-2843.NASL", "DEBIAN_DLA-3065.NASL", "DEBIAN_DSA-5050.NASL", "DEBIAN_DSA-5092.NASL", "DEBIAN_DSA-5095.NASL", "EULEROS_SA-2019-2531.NASL", "EULEROS_SA-2020-1012.NASL", "EULEROS_SA-2020-1042.NASL", "EULEROS_SA-2020-1197.NASL", "EULEROS_SA-2020-2222.NASL", "EULEROS_SA-2021-1039.NASL", "EULEROS_SA-2021-1967.NASL", "EULEROS_SA-2021-1971.NASL", "EULEROS_SA-2021-1983.NASL", "EULEROS_SA-2021-2051.NASL", "EULEROS_SA-2021-2062.NASL", "EULEROS_SA-2021-2075.NASL", "EULEROS_SA-2021-2183.NASL", "EULEROS_SA-2021-2195.NASL", "EULEROS_SA-2021-2246.NASL", "EULEROS_SA-2021-2272.NASL", "EULEROS_SA-2021-2336.NASL", "EULEROS_SA-2021-2392.NASL", "EULEROS_SA-2021-2502.NASL", "EULEROS_SA-2021-2805.NASL", "EULEROS_SA-2021-2912.NASL", "EULEROS_SA-2021-2919.NASL", "EULEROS_SA-2021-2934.NASL", "EULEROS_SA-2022-1010.NASL", "EULEROS_SA-2022-1030.NASL", "EULEROS_SA-2022-1046.NASL", "EULEROS_SA-2022-1171.NASL", "EULEROS_SA-2022-1196.NASL", "EULEROS_SA-2022-1208.NASL", "EULEROS_SA-2022-1227.NASL", "EULEROS_SA-2022-1243.NASL", "EULEROS_SA-2022-1255.NASL", "EULEROS_SA-2022-1271.NASL", "EULEROS_SA-2022-1292.NASL", "EULEROS_SA-2022-1308.NASL", "EULEROS_SA-2022-1328.NASL", "EULEROS_SA-2022-1352.NASL", "EULEROS_SA-2022-1366.NASL", "EULEROS_SA-2022-1376.NASL", "EULEROS_SA-2022-1402.NASL", "EULEROS_SA-2022-1429.NASL", "EULEROS_SA-2022-1450.NASL", "EULEROS_SA-2022-1466.NASL", "EULEROS_SA-2022-1475.NASL", "EULEROS_SA-2022-1489.NASL", "EULEROS_SA-2022-1508.NASL", "EULEROS_SA-2022-1523.NASL", "EULEROS_SA-2022-1537.NASL", "EULEROS_SA-2022-1607.NASL", "EULEROS_SA-2022-1630.NASL", "EULEROS_SA-2022-1647.NASL", "EULEROS_SA-2022-1661.NASL", "EULEROS_SA-2022-1681.NASL", "EULEROS_SA-2022-1735.NASL", "EULEROS_SA-2022-1779.NASL", "EULEROS_SA-2022-1780.NASL", "EULEROS_SA-2022-1781.NASL", "EULEROS_SA-2022-1782.NASL", "EULEROS_SA-2022-1791.NASL", "EULEROS_SA-2022-1808.NASL", "EULEROS_SA-2022-1844.NASL", "EULEROS_SA-2022-1868.NASL", "EULEROS_SA-2022-1896.NASL", "EULEROS_SA-2022-1934.NASL", "EULEROS_SA-2022-1969.NASL", "EULEROS_SA-2022-2026.NASL", "EULEROS_SA-2022-2054.NASL", "EULEROS_SA-2022-2110.NASL", "EULEROS_SA-2022-2159.NASL", "EULEROS_SA-2022-2181.NASL", "EULEROS_SA-2022-2200.NASL", "EULEROS_SA-2022-2244.NASL", "EULEROS_SA-2022-2257.NASL", "EULEROS_SA-2022-2348.NASL", "EULEROS_SA-2022-2566.NASL", "EULEROS_SA-2022-2873.NASL", "EULEROS_SA-2022-2891.NASL", "EULEROS_SA-2023-1695.NASL", "EULEROS_SA-2023-2444.NASL", "F5_BIGIP_SOL52379673.NASL", "F5_BIGIP_SOL54724312.NASL", "FEDORA_2019-124A241044.NASL", "FEDORA_2019-B86A7BDBA0.NASL", "FEDORA_2021-79CBBEFEBE.NASL", "FEDORA_2021-E49DA8A226.NASL", "MARINER_KERNEL_CVE-2021-4135.NASL", "MARINER_KERNEL_CVE-2021-4202.NASL", "MARINER_KERNEL_CVE-2021-43389.NASL", "MARINER_KERNEL_CVE-2021-43975.NASL", "MARINER_KERNEL_CVE-2021-43976.NASL", "MARINER_KERNEL_CVE-2022-0330.NASL", "MARINER_KERNEL_CVE-2022-0435.NASL", "NEWSTART_CGSL_NS-SA-2021-0025_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2021-0078_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2021-0169_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0004_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0024_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0074_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0078_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0089_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2023-0001_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2023-0005_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2023-0017_KERNEL.NASL", "NUTANIX_NXSA-AOS-5_15_5.NASL", "NUTANIX_NXSA-AOS-5_19_0_5.NASL", "NUTANIX_NXSA-AOS-5_19_1.NASL", "NUTANIX_NXSA-AOS-5_20_3_5.NASL", "NUTANIX_NXSA-AOS-5_20_3_6.NASL", "NUTANIX_NXSA-AOS-5_20_4.NASL", "NUTANIX_NXSA-AOS-5_20_4_5.NASL", "NUTANIX_NXSA-AOS-5_20_5.NASL", "NUTANIX_NXSA-AOS-6_0_2_6.NASL", "NUTANIX_NXSA-AOS-6_1_1.NASL", "NUTANIX_NXSA-AOS-6_1_1_5.NASL", "OPENSUSE-2020-336.NASL", "OPENSUSE-2021-1271.NASL", "OPENSUSE-2021-1357.NASL", "OPENSUSE-2021-1365.NASL", "OPENSUSE-2021-1460.NASL", "OPENSUSE-2021-1477.NASL", "OPENSUSE-2021-1975.NASL", "OPENSUSE-2021-1977.NASL", "OPENSUSE-2021-3179.NASL", "OPENSUSE-2021-3205.NASL", "OPENSUSE-2021-3338.NASL", "OPENSUSE-2021-3387.NASL", "OPENSUSE-2021-3447.NASL", "OPENSUSE-2021-3641.NASL", "OPENSUSE-2021-3655.NASL", "OPENSUSE-2021-3675.NASL", "OPENSUSE-2021-3876.NASL", "OPENSUSE-2021-393.NASL", "OPENSUSE-2021-3941.NASL", "OPENSUSE-2021-579.NASL", "OPENSUSE-2021-758.NASL", "OPENSUSE-2022-0056-1.NASL", "OPENSUSE-2022-0131-1.NASL", "OPENSUSE-2022-0169-1.NASL", "OPENSUSE-2022-0198-1.NASL", "OPENSUSE-2022-0363-1.NASL", "OPENSUSE-2022-0366-1.NASL", "OPENSUSE-2022-0370-1.NASL", "OPENSUSE-2022-0755-1.NASL", "OPENSUSE-2022-0760-1.NASL", "OPENSUSE-2022-0768-1.NASL", "OPENSUSE-2022-0940-1.NASL", "OPENSUSE-2022-1037-1.NASL", "OPENSUSE-2022-1039-1.NASL", "ORACLELINUX_ELSA-2020-4060.NASL", "ORACLELINUX_ELSA-2020-4431.NASL", "ORACLELINUX_ELSA-2021-1578.NASL", "ORACLELINUX_ELSA-2021-4356.NASL", "ORACLELINUX_ELSA-2021-4647.NASL", "ORACLELINUX_ELSA-2021-5227.NASL", "ORACLELINUX_ELSA-2021-9220.NASL", "ORACLELINUX_ELSA-2021-9221.NASL", "ORACLELINUX_ELSA-2021-9458.NASL", "ORACLELINUX_ELSA-2021-9460.NASL", "ORACLELINUX_ELSA-2021-9470.NASL", "ORACLELINUX_ELSA-2021-9471.NASL", "ORACLELINUX_ELSA-2021-9485.NASL", "ORACLELINUX_ELSA-2021-9488.NASL", "ORACLELINUX_ELSA-2021-9564.NASL", "ORACLELINUX_ELSA-2021-9565.NASL", "ORACLELINUX_ELSA-2021-9621.NASL", "ORACLELINUX_ELSA-2021-9623.NASL", "ORACLELINUX_ELSA-2022-0063.NASL", "ORACLELINUX_ELSA-2022-0188.NASL", "ORACLELINUX_ELSA-2022-0620.NASL", "ORACLELINUX_ELSA-2022-0825.NASL", "ORACLELINUX_ELSA-2022-1198.NASL", "ORACLELINUX_ELSA-2022-1988.NASL", "ORACLELINUX_ELSA-2022-4642.NASL", "ORACLELINUX_ELSA-2022-7683.NASL", "ORACLELINUX_ELSA-2022-8267.NASL", "ORACLELINUX_ELSA-2022-9010.NASL", "ORACLELINUX_ELSA-2022-9011.NASL", "ORACLELINUX_ELSA-2022-9012.NASL", "ORACLELINUX_ELSA-2022-9013.NASL", "ORACLELINUX_ELSA-2022-9014.NASL", "ORACLELINUX_ELSA-2022-9088.NASL", "ORACLELINUX_ELSA-2022-9141.NASL", "ORACLELINUX_ELSA-2022-9142.NASL", "ORACLELINUX_ELSA-2022-9147.NASL", "ORACLELINUX_ELSA-2022-9148.NASL", "ORACLELINUX_ELSA-2022-9179.NASL", "ORACLELINUX_ELSA-2022-9180.NASL", "ORACLELINUX_ELSA-2022-9244.NASL", "ORACLELINUX_ELSA-2022-9245.NASL", "ORACLELINUX_ELSA-2022-9260.NASL", "ORACLELINUX_ELSA-2022-9273.NASL", "ORACLELINUX_ELSA-2022-9274.NASL", "ORACLELINUX_ELSA-2022-9313.NASL", "ORACLELINUX_ELSA-2022-9314.NASL", "ORACLELINUX_ELSA-2022-9348.NASL", "ORACLELINUX_ELSA-2022-9365.NASL", "ORACLELINUX_ELSA-2022-9368.NASL", "ORACLELINUX_ELSA-2022-9477.NASL", "ORACLELINUX_ELSA-2022-9478.NASL", "ORACLELINUX_ELSA-2022-9667.NASL", "ORACLELINUX_ELSA-2022-9781.NASL", "ORACLELINUX_ELSA-2022-9852.NASL", "ORACLELINUX_ELSA-2022-9969.NASL", "ORACLEVM_OVMSA-2022-0005.NASL", "ORACLEVM_OVMSA-2022-0007.NASL", "ORACLEVM_OVMSA-2022-0011.NASL", "ORACLEVM_OVMSA-2022-0014.NASL", "ORACLEVM_OVMSA-2022-0021.NASL", "ORACLEVM_OVMSA-2022-0026.NASL", "PHOTONOS_PHSA-2021-4_0-0126_LINUX.NASL", "REDHAT-RHSA-2020-2854.NASL", "REDHAT-RHSA-2020-4060.NASL", "REDHAT-RHSA-2020-4062.NASL", "REDHAT-RHSA-2020-4431.NASL", "REDHAT-RHSA-2020-4609.NASL", "REDHAT-RHSA-2021-1578.NASL", "REDHAT-RHSA-2021-4140.NASL", "REDHAT-RHSA-2021-4356.NASL", "REDHAT-RHSA-2021-4646.NASL", "REDHAT-RHSA-2021-4647.NASL", "REDHAT-RHSA-2021-4648.NASL", "REDHAT-RHSA-2021-4650.NASL", "REDHAT-RHSA-2021-4871.NASL", "REDHAT-RHSA-2021-4875.NASL", "REDHAT-RHSA-2021-5227.NASL", "REDHAT-RHSA-2021-5241.NASL", "REDHAT-RHSA-2022-0063.NASL", "REDHAT-RHSA-2022-0065.NASL", "REDHAT-RHSA-2022-0072.NASL", "REDHAT-RHSA-2022-0078.NASL", "REDHAT-RHSA-2022-0176.NASL", "REDHAT-RHSA-2022-0186.NASL", "REDHAT-RHSA-2022-0187.NASL", "REDHAT-RHSA-2022-0188.NASL", "REDHAT-RHSA-2022-0231.NASL", "REDHAT-RHSA-2022-0232.NASL", "REDHAT-RHSA-2022-0335.NASL", "REDHAT-RHSA-2022-0344.NASL", "REDHAT-RHSA-2022-0529.NASL", "REDHAT-RHSA-2022-0530.NASL", "REDHAT-RHSA-2022-0531.NASL", "REDHAT-RHSA-2022-0533.NASL", "REDHAT-RHSA-2022-0540.NASL", "REDHAT-RHSA-2022-0590.NASL", "REDHAT-RHSA-2022-0592.NASL", "REDHAT-RHSA-2022-0620.NASL", "REDHAT-RHSA-2022-0622.NASL", "REDHAT-RHSA-2022-0629.NASL", "REDHAT-RHSA-2022-0636.NASL", "REDHAT-RHSA-2022-0712.NASL", "REDHAT-RHSA-2022-0718.NASL", "REDHAT-RHSA-2022-0771.NASL", "REDHAT-RHSA-2022-0772.NASL", "REDHAT-RHSA-2022-0777.NASL", "REDHAT-RHSA-2022-0819.NASL", "REDHAT-RHSA-2022-0820.NASL", "REDHAT-RHSA-2022-0821.NASL", "REDHAT-RHSA-2022-0823.NASL", "REDHAT-RHSA-2022-0825.NASL", "REDHAT-RHSA-2022-0841.NASL", "REDHAT-RHSA-2022-0849.NASL", "REDHAT-RHSA-2022-0851.NASL", "REDHAT-RHSA-2022-0925.NASL", "REDHAT-RHSA-2022-0958.NASL", "REDHAT-RHSA-2022-1103.NASL", "REDHAT-RHSA-2022-1104.NASL", "REDHAT-RHSA-2022-1106.NASL", "REDHAT-RHSA-2022-1107.NASL", "REDHAT-RHSA-2022-1185.NASL", "REDHAT-RHSA-2022-1186.NASL", "REDHAT-RHSA-2022-1198.NASL", "REDHAT-RHSA-2022-1199.NASL", "REDHAT-RHSA-2022-1209.NASL", "REDHAT-RHSA-2022-1213.NASL", "REDHAT-RHSA-2022-1263.NASL", "REDHAT-RHSA-2022-1324.NASL", "REDHAT-RHSA-2022-1373.NASL", "REDHAT-RHSA-2022-1413.NASL", "REDHAT-RHSA-2022-1417.NASL", "REDHAT-RHSA-2022-1418.NASL", "REDHAT-RHSA-2022-1455.NASL", "REDHAT-RHSA-2022-1589.NASL", "REDHAT-RHSA-2022-1619.NASL", "REDHAT-RHSA-2022-1975.NASL", "REDHAT-RHSA-2022-1988.NASL", "REDHAT-RHSA-2022-2186.NASL", "REDHAT-RHSA-2022-2189.NASL", "REDHAT-RHSA-2022-2211.NASL", "REDHAT-RHSA-2022-4642.NASL", "REDHAT-RHSA-2022-4644.NASL", "REDHAT-RHSA-2022-4655.NASL", "REDHAT-RHSA-2022-4717.NASL", "REDHAT-RHSA-2022-4721.NASL", "REDHAT-RHSA-2022-4829.NASL", "REDHAT-RHSA-2022-4835.NASL", "REDHAT-RHSA-2022-4896.NASL", "REDHAT-RHSA-2022-5157.NASL", "REDHAT-RHSA-2022-5626.NASL", "REDHAT-RHSA-2022-5633.NASL", "REDHAT-RHSA-2022-7444.NASL", "REDHAT-RHSA-2022-7683.NASL", "REDHAT-RHSA-2022-7933.NASL", "REDHAT-RHSA-2022-8267.NASL", "ROCKY_LINUX_RLSA-2021-4140.NASL", "ROCKY_LINUX_RLSA-2021-4356.NASL", "ROCKY_LINUX_RLSA-2021-4646.NASL", "ROCKY_LINUX_RLSA-2021-4647.NASL", "ROCKY_LINUX_RLSA-2022-176.NASL", "ROCKY_LINUX_RLSA-2022-188.NASL", "ROCKY_LINUX_RLSA-2022-1975.NASL", "ROCKY_LINUX_RLSA-2022-1988.NASL", "ROCKY_LINUX_RLSA-2022-819.NASL", "ROCKY_LINUX_RLSA-2022-825.NASL", "SLACKWARE_SSA_2022-031-01.NASL", "SLACKWARE_SSA_2022-067-01.NASL", "SLACKWARE_SSA_2022-129-01.NASL", "SL_20201001_KERNEL_ON_SL7_X.NASL", "SL_20220114_KERNEL_ON_SL7_X.NASL", "SL_20220223_KERNEL_ON_SL7_X.NASL", "SL_20220406_KERNEL_ON_SL7_X.NASL", "SL_20220519_KERNEL_ON_SL7_X.NASL", "SUSE_SU-2019-3381-1.NASL", "SUSE_SU-2020-0093-1.NASL", "SUSE_SU-2020-0559-1.NASL", "SUSE_SU-2020-0560-1.NASL", "SUSE_SU-2020-0580-1.NASL", "SUSE_SU-2020-0584-1.NASL", "SUSE_SU-2020-0613-1.NASL", "SUSE_SU-2021-0735-1.NASL", "SUSE_SU-2021-0736-1.NASL", "SUSE_SU-2021-0737-1.NASL", "SUSE_SU-2021-0740-1.NASL", "SUSE_SU-2021-0741-1.NASL", "SUSE_SU-2021-1175-1.NASL", "SUSE_SU-2021-1210-1.NASL", "SUSE_SU-2021-1211-1.NASL", "SUSE_SU-2021-1238-1.NASL", "SUSE_SU-2021-14724-1.NASL", "SUSE_SU-2021-14849-1.NASL", "SUSE_SU-2021-1572-1.NASL", "SUSE_SU-2021-1573-1.NASL", "SUSE_SU-2021-1595-1.NASL", "SUSE_SU-2021-1596-1.NASL", "SUSE_SU-2021-1617-1.NASL", "SUSE_SU-2021-1623-1.NASL", "SUSE_SU-2021-1624-1.NASL", "SUSE_SU-2021-1865-1.NASL", "SUSE_SU-2021-1870-1.NASL", "SUSE_SU-2021-1975-1.NASL", "SUSE_SU-2021-1977-1.NASL", "SUSE_SU-2021-2198-1.NASL", "SUSE_SU-2021-2577-1.NASL", "SUSE_SU-2021-3177-1.NASL", "SUSE_SU-2021-3178-1.NASL", "SUSE_SU-2021-3179-1.NASL", "SUSE_SU-2021-3192-1.NASL", "SUSE_SU-2021-3205-1.NASL", "SUSE_SU-2021-3206-1.NASL", "SUSE_SU-2021-3207-1.NASL", "SUSE_SU-2021-3217-1.NASL", "SUSE_SU-2021-3337-1.NASL", "SUSE_SU-2021-3338-1.NASL", "SUSE_SU-2021-3339-1.NASL", "SUSE_SU-2021-3360-1.NASL", "SUSE_SU-2021-3361-1.NASL", "SUSE_SU-2021-3371-1.NASL", "SUSE_SU-2021-3374-1.NASL", "SUSE_SU-2021-3386-1.NASL", "SUSE_SU-2021-3387-1.NASL", "SUSE_SU-2021-3388-1.NASL", "SUSE_SU-2021-3389-1.NASL", "SUSE_SU-2021-3401-1.NASL", "SUSE_SU-2021-3415-1.NASL", "SUSE_SU-2021-3440-1.NASL", "SUSE_SU-2021-3443-1.NASL", "SUSE_SU-2021-3447-1.NASL", "SUSE_SU-2021-3459-1.NASL", "SUSE_SU-2021-3640-1.NASL", "SUSE_SU-2021-3641-1.NASL", "SUSE_SU-2021-3642-1.NASL", "SUSE_SU-2021-3655-1.NASL", "SUSE_SU-2021-3658-1.NASL", "SUSE_SU-2021-3675-1.NASL", "SUSE_SU-2021-3684-1.NASL", "SUSE_SU-2021-3692-1.NASL", "SUSE_SU-2021-3710-1.NASL", "SUSE_SU-2021-3712-1.NASL", "SUSE_SU-2021-3718-1.NASL", "SUSE_SU-2021-3723-1.NASL", "SUSE_SU-2021-3735-1.NASL", "SUSE_SU-2021-3737-1.NASL", "SUSE_SU-2021-3738-1.NASL", "SUSE_SU-2021-3742-1.NASL", "SUSE_SU-2021-3743-1.NASL", "SUSE_SU-2021-3748-1.NASL", "SUSE_SU-2021-3751-1.NASL", "SUSE_SU-2021-3754-1.NASL", "SUSE_SU-2021-3806-1.NASL", "SUSE_SU-2021-3807-1.NASL", "SUSE_SU-2021-3848-1.NASL", "SUSE_SU-2021-3876-1.NASL", "SUSE_SU-2021-3877-1.NASL", "SUSE_SU-2021-3929-1.NASL", "SUSE_SU-2021-3933-1.NASL", "SUSE_SU-2021-3935-1.NASL", "SUSE_SU-2021-3941-1.NASL", "SUSE_SU-2021-3969-1.NASL", "SUSE_SU-2021-3972-1.NASL", "SUSE_SU-2021-3978-1.NASL", "SUSE_SU-2021-3979-1.NASL", "SUSE_SU-2021-3992-1.NASL", "SUSE_SU-2021-4021-1.NASL", "SUSE_SU-2021-4038-1.NASL", "SUSE_SU-2021-4057-1.NASL", "SUSE_SU-2021-4075-1.NASL", "SUSE_SU-2021-4090-1.NASL", "SUSE_SU-2021-4099-1.NASL", "SUSE_SU-2022-0056-1.NASL", "SUSE_SU-2022-0068-1.NASL", "SUSE_SU-2022-0079-1.NASL", "SUSE_SU-2022-0080-1.NASL", "SUSE_SU-2022-0090-1.NASL", "SUSE_SU-2022-0131-1.NASL", "SUSE_SU-2022-0169-1.NASL", "SUSE_SU-2022-0181-1.NASL", "SUSE_SU-2022-0197-1.NASL", "SUSE_SU-2022-0198-1.NASL", "SUSE_SU-2022-0234-1.NASL", "SUSE_SU-2022-0237-1.NASL", "SUSE_SU-2022-0238-1.NASL", "SUSE_SU-2022-0241-1.NASL", "SUSE_SU-2022-0242-1.NASL", "SUSE_SU-2022-0243-1.NASL", "SUSE_SU-2022-0246-1.NASL", "SUSE_SU-2022-0254-1.NASL", "SUSE_SU-2022-0255-1.NASL", "SUSE_SU-2022-0257-1.NASL", "SUSE_SU-2022-0263-1.NASL", "SUSE_SU-2022-0267-1.NASL", "SUSE_SU-2022-0270-1.NASL", "SUSE_SU-2022-0288-1.NASL", "SUSE_SU-2022-0289-1.NASL", "SUSE_SU-2022-0291-1.NASL", "SUSE_SU-2022-0292-1.NASL", "SUSE_SU-2022-0293-1.NASL", "SUSE_SU-2022-0295-1.NASL", "SUSE_SU-2022-0296-1.NASL", "SUSE_SU-2022-0298-1.NASL", "SUSE_SU-2022-0325-1.NASL", "SUSE_SU-2022-0327-1.NASL", "SUSE_SU-2022-0328-1.NASL", "SUSE_SU-2022-0362-1.NASL", "SUSE_SU-2022-0363-1.NASL", "SUSE_SU-2022-0364-1.NASL", "SUSE_SU-2022-0365-1.NASL", "SUSE_SU-2022-0366-1.NASL", "SUSE_SU-2022-0367-1.NASL", "SUSE_SU-2022-0370-1.NASL", "SUSE_SU-2022-0371-1.NASL", "SUSE_SU-2022-0372-1.NASL", "SUSE_SU-2022-0418-1.NASL", "SUSE_SU-2022-0429-1.NASL", "SUSE_SU-2022-0436-1.NASL", "SUSE_SU-2022-0463-1.NASL", "SUSE_SU-2022-0477-1.NASL", "SUSE_SU-2022-0543-1.NASL", "SUSE_SU-2022-0544-1.NASL", "SUSE_SU-2022-0552-1.NASL", "SUSE_SU-2022-0555-1.NASL", "SUSE_SU-2022-0619-1.NASL", "SUSE_SU-2022-0660-1.NASL", "SUSE_SU-2022-0755-1.NASL", "SUSE_SU-2022-0756-1.NASL", "SUSE_SU-2022-0757-1.NASL", "SUSE_SU-2022-0759-1.NASL", "SUSE_SU-2022-0760-1.NASL", "SUSE_SU-2022-0761-1.NASL", "SUSE_SU-2022-0762-1.NASL", "SUSE_SU-2022-0763-1.NASL", "SUSE_SU-2022-0764-1.NASL", "SUSE_SU-2022-0765-1.NASL", "SUSE_SU-2022-0766-1.NASL", "SUSE_SU-2022-0767-1.NASL", "SUSE_SU-2022-0768-1.NASL", "SUSE_SU-2022-0931-1.NASL", "SUSE_SU-2022-0939-1.NASL", "SUSE_SU-2022-0940-1.NASL", "SUSE_SU-2022-0978-1.NASL", "SUSE_SU-2022-0984-1.NASL", "SUSE_SU-2022-0991-1.NASL", "SUSE_SU-2022-0998-1.NASL", "SUSE_SU-2022-1012-1.NASL", "SUSE_SU-2022-1035-1.NASL", "SUSE_SU-2022-1036-1.NASL", "SUSE_SU-2022-1037-1.NASL", "SUSE_SU-2022-1038-1.NASL", "SUSE_SU-2022-1039-1.NASL", "SUSE_SU-2022-1163-1.NASL", "SUSE_SU-2022-1172-1.NASL", "SUSE_SU-2022-1189-1.NASL", "SUSE_SU-2022-1193-1.NASL", "SUSE_SU-2022-1194-1.NASL", "SUSE_SU-2022-1196-1.NASL", "SUSE_SU-2022-1197-1.NASL", "SUSE_SU-2022-1212-1.NASL", "SUSE_SU-2022-1223-1.NASL", "SUSE_SU-2022-1224-1.NASL", "SUSE_SU-2022-1242-1.NASL", "SUSE_SU-2022-1246-1.NASL", "SUSE_SU-2022-1255-1.NASL", "SUSE_SU-2022-1256-1.NASL", "SUSE_SU-2022-1257-1.NASL", "SUSE_SU-2022-1266-1.NASL", "SUSE_SU-2022-1267-1.NASL", "SUSE_SU-2022-1269-1.NASL", "SUSE_SU-2022-1278-1.NASL", "SUSE_SU-2022-1285-1.NASL", "SUSE_SU-2022-1300-1.NASL", "SUSE_SU-2022-1318-1.NASL", "SUSE_SU-2022-1320-1.NASL", "SUSE_SU-2022-1329-1.NASL", "SUSE_SU-2022-1359-1.NASL", "SUSE_SU-2022-1375-1.NASL", "SUSE_SU-2022-1402-1.NASL", "SUSE_SU-2022-1408-1.NASL", "SUSE_SU-2022-1440-1.NASL", "SUSE_SU-2022-1486-1.NASL", "SUSE_SU-2022-14905-1.NASL", "SUSE_SU-2022-1569-1.NASL", "SUSE_SU-2022-1573-1.NASL", "SUSE_SU-2022-1575-1.NASL", "SUSE_SU-2022-1580-1.NASL", "SUSE_SU-2022-1589-1.NASL", "SUSE_SU-2022-1591-1.NASL", "SUSE_SU-2022-1593-1.NASL", "SUSE_SU-2022-1598-1.NASL", "SUSE_SU-2022-1605-1.NASL", "SUSE_SU-2022-1634-1.NASL", "SUSE_SU-2022-1637-1.NASL", "SUSE_SU-2022-1640-1.NASL", "SUSE_SU-2022-1641-1.NASL", "SUSE_SU-2022-1651-1.NASL", "SUSE_SU-2022-1668-1.NASL", "SUSE_SU-2022-1669-1.NASL", "SUSE_SU-2022-1676-1.NASL", "SUSE_SU-2022-1686-1.NASL", "SUSE_SU-2022-1687-1.NASL", "SUSE_SU-2022-1989-1.NASL", "SUSE_SU-2022-2077-1.NASL", "SUSE_SU-2022-2079-1.NASL", "SUSE_SU-2022-2080-1.NASL", "SUSE_SU-2022-2082-1.NASL", "SUSE_SU-2022-2083-1.NASL", "SUSE_SU-2022-2103-1.NASL", "SUSE_SU-2022-2104-1.NASL", "SUSE_SU-2022-2111-1.NASL", "SUSE_SU-2022-2237-1.NASL", "SUSE_SU-2022-2268-1.NASL", "SUSE_SU-2022-2285-1.NASL", "SUSE_SU-2022-2515-1.NASL", "SUSE_SU-2022-2516-1.NASL", "SUSE_SU-2022-2520-1.NASL", "SUSE_SU-2022-2615-1.NASL", "SUSE_SU-2022-2721-1.NASL", "SUSE_SU-2022-2761-1.NASL", "SUSE_SU-2022-2840-1.NASL", "SUSE_SU-2022-3072-1.NASL", "SUSE_SU-2022-3123-1.NASL", "SUSE_SU-2022-3264-1.NASL", "SUSE_SU-2022-3265-1.NASL", "SUSE_SU-2022-3274-1.NASL", "SUSE_SU-2022-3282-1.NASL", "SUSE_SU-2022-3291-1.NASL", "SUSE_SU-2022-3408-1.NASL", "SUSE_SU-2022-3411-1.NASL", "SUSE_SU-2022-3415-1.NASL", "SUSE_SU-2022-3422-1.NASL", "SUSE_SU-2022-3450-1.NASL", "SUSE_SU-2022-3465-1.NASL", "SUSE_SU-2022-3607-1.NASL", "SUSE_SU-2022-3609-1.NASL", "SUSE_SU-2022-3809-1.NASL", "SUSE_SU-2022-4036-1.NASL", "SUSE_SU-2022-4038-1.NASL", "SUSE_SU-2022-4542-1.NASL", "SUSE_SU-2023-0634-1.NASL", "SUSE_SU-2023-0747-1.NASL", "SUSE_SU-2023-0768-1.NASL", "SUSE_SU-2023-0852-1.NASL", "SUSE_SU-2023-1848-1.NASL", "SUSE_SU-2023-2232-1.NASL", "UBUNTU_USN-4525-1.NASL", "UBUNTU_USN-4526-1.NASL", "UBUNTU_USN-4748-1.NASL", "UBUNTU_USN-4749-1.NASL", "UBUNTU_USN-4911-1.NASL", "UBUNTU_USN-4982-1.NASL", "UBUNTU_USN-4984-1.NASL", "UBUNTU_USN-5136-1.NASL", "UBUNTU_USN-5139-1.NASL", "UBUNTU_USN-5140-1.NASL", "UBUNTU_USN-5161-1.NASL", "UBUNTU_USN-5162-1.NASL", "UBUNTU_USN-5163-1.NASL", "UBUNTU_USN-5164-1.NASL", "UBUNTU_USN-5165-1.NASL", "UBUNTU_USN-5206-1.NASL", "UBUNTU_USN-5207-1.NASL", "UBUNTU_USN-5208-1.NASL", "UBUNTU_USN-5209-1.NASL", "UBUNTU_USN-5210-1.NASL", "UBUNTU_USN-5211-1.NASL", "UBUNTU_USN-5218-1.NASL", "UBUNTU_USN-5265-1.NASL", "UBUNTU_USN-5266-1.NASL", "UBUNTU_USN-5267-1.NASL", "UBUNTU_USN-5267-3.NASL", "UBUNTU_USN-5268-1.NASL", "UBUNTU_USN-5278-1.NASL", "UBUNTU_USN-5294-1.NASL", "UBUNTU_USN-5294-2.NASL", "UBUNTU_USN-5295-1.NASL", "UBUNTU_USN-5295-2.NASL", "UBUNTU_USN-5297-1.NASL", "UBUNTU_USN-5298-1.NASL", "UBUNTU_USN-5302-1.NASL", "UBUNTU_USN-5317-1.NASL", "UBUNTU_USN-5318-1.NASL", "UBUNTU_USN-5319-1.NASL", "UBUNTU_USN-5337-1.NASL", "UBUNTU_USN-5338-1.NASL", "UBUNTU_USN-5339-1.NASL", "UBUNTU_USN-5343-1.NASL", "UBUNTU_USN-5361-1.NASL", "UBUNTU_USN-5362-1.NASL", "UBUNTU_USN-5368-1.NASL", "UBUNTU_USN-5377-1.NASL", "UBUNTU_USN-5383-1.NASL", "UBUNTU_USN-5384-1.NASL", "UBUNTU_USN-5385-1.NASL", "UBUNTU_USN-5413-1.NASL", "UBUNTU_USN-5415-1.NASL", "UBUNTU_USN-5417-1.NASL", "UBUNTU_USN-5418-1.NASL", "UBUNTU_USN-5466-1.NASL", "UBUNTU_USN-5467-1.NASL", "UBUNTU_USN-5500-1.NASL", "UBUNTU_USN-5505-1.NASL", "UBUNTU_USN-5540-1.NASL", "UBUNTU_USN-5884-1.NASL", "UBUNTU_USN-5926-1.NASL", "UBUNTU_USN-6001-1.NASL", "UBUNTU_USN-6014-1.NASL", "UBUNTU_USN-6221-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310853070", "OPENVAS:1361412562310877070", "OPENVAS:1361412562310877132", "OPENVAS:1361412562310877136", "OPENVAS:1361412562310877358", "OPENVAS:1361412562310877370", "OPENVAS:1361412562310877476", "OPENVAS:1361412562310877479", "OPENVAS:1361412562310877533", "OPENVAS:1361412562310877540", "OPENVAS:1361412562310877541", "OPENVAS:1361412562310877952", "OPENVAS:1361412562311220192531", "OPENVAS:1361412562311220201012", "OPENVAS:1361412562311220201042", "OPENVAS:1361412562311220201197"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2023", "ORACLE:CPUJUL2022"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-4060", "ELSA-2020-4431", "ELSA-2021-1578", "ELSA-2021-4356", "ELSA-2021-4647", "ELSA-2021-5227", "ELSA-2021-9220", "ELSA-2021-9221", "ELSA-2021-9458", "ELSA-2021-9460", "ELSA-2021-9470", "ELSA-2021-9471", "ELSA-2021-9485", "ELSA-2021-9488", "ELSA-2021-9564", "ELSA-2021-9565", "ELSA-2021-9621", "ELSA-2021-9623", "ELSA-2022-0063", "ELSA-2022-0188", "ELSA-2022-0620", "ELSA-2022-0825", "ELSA-2022-1198", "ELSA-2022-1988", "ELSA-2022-4642", "ELSA-2022-7683", "ELSA-2022-8267", "ELSA-2022-9010", "ELSA-2022-9011", "ELSA-2022-9012", "ELSA-2022-9013", "ELSA-2022-9014", "ELSA-2022-9088", "ELSA-2022-9141", "ELSA-2022-9142", "ELSA-2022-9147", "ELSA-2022-9148", "ELSA-2022-9179", "ELSA-2022-9180", "ELSA-2022-9244", "ELSA-2022-9245", "ELSA-2022-9260", "ELSA-2022-9273", "ELSA-2022-9274", "ELSA-2022-9313", "ELSA-2022-9314", "ELSA-2022-9348", "ELSA-2022-9365", "ELSA-2022-9368", "ELSA-2022-9477", "ELSA-2022-9478", "ELSA-2022-9667", "ELSA-2022-9781", "ELSA-2022-9852", "ELSA-2022-9969"]}, {"type": "osv", "idList": ["OSV:ASB-A-162326603", "OSV:ASB-A-185125206", "OSV:DLA-2689-1", "OSV:DLA-2690-1", "OSV:DLA-2843-1", "OSV:DLA-2940-1", "OSV:DLA-2941-1", "OSV:DLA-3065-1", "OSV:DSA-5050-1", "OSV:DSA-5092-1", "OSV:DSA-5095-1", "OSV:DSA-5096-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:170833"]}, {"type": "photon", "idList": ["PHSA-2021-0126", "PHSA-2021-0138", "PHSA-2021-0449", "PHSA-2021-0461", "PHSA-2021-1.0-0448", "PHSA-2021-3.0-0234", "PHSA-2021-3.0-0325", "PHSA-2021-3.0-0336", "PHSA-2021-3.0-0341", "PHSA-2021-4.0-0126", "PHSA-2021-4.0-0138", "PHSA-2022-0145", "PHSA-2022-0146", "PHSA-2022-0148", "PHSA-2022-0151", "PHSA-2022-0152", "PHSA-2022-0341", "PHSA-2022-0350", "PHSA-2022-0351", "PHSA-2022-0356", "PHSA-2022-0361", "PHSA-2022-0393", "PHSA-2022-0429", "PHSA-2022-0432", "PHSA-2022-0433", "PHSA-2022-0440", "PHSA-2022-0460", "PHSA-2022-0463", "PHSA-2022-0464", "PHSA-2022-0469", "PHSA-2022-0499", "PHSA-2022-3.0-0350", "PHSA-2022-3.0-0351", "PHSA-2022-3.0-0356", "PHSA-2022-3.0-0361", "PHSA-2022-3.0-0362", "PHSA-2022-3.0-0370", "PHSA-2022-3.0-0393", "PHSA-2022-4.0-0145", "PHSA-2022-4.0-0146", "PHSA-2022-4.0-0148", "PHSA-2022-4.0-0151", "PHSA-2022-4.0-0152", "PHSA-2022-4.0-0160", "PHSA-2022-4.0-0183"]}, {"type": "prion", "idList": ["PRION:CVE-2019-18808", "PRION:CVE-2020-29374", "PRION:CVE-2020-36322", "PRION:CVE-2021-20317", "PRION:CVE-2021-20321", "PRION:CVE-2021-20322", "PRION:CVE-2021-22600", "PRION:CVE-2021-28711", "PRION:CVE-2021-28712", "PRION:CVE-2021-28713", "PRION:CVE-2021-28714", "PRION:CVE-2021-28715", "PRION:CVE-2021-28950", "PRION:CVE-2021-3640", "PRION:CVE-2021-3744", "PRION:CVE-2021-3752", "PRION:CVE-2021-3760", "PRION:CVE-2021-3764", "PRION:CVE-2021-3772", "PRION:CVE-2021-38300", "PRION:CVE-2021-39685", "PRION:CVE-2021-39686", "PRION:CVE-2021-39698", "PRION:CVE-2021-39713", "PRION:CVE-2021-4002", "PRION:CVE-2021-4083", "PRION:CVE-2021-4135", "PRION:CVE-2021-4155", "PRION:CVE-2021-41864", "PRION:CVE-2021-4202", "PRION:CVE-2021-4203", "PRION:CVE-2021-42739", "PRION:CVE-2021-43389", "PRION:CVE-2021-43975", "PRION:CVE-2021-43976", "PRION:CVE-2021-44733", "PRION:CVE-2021-45095", "PRION:CVE-2021-45469", "PRION:CVE-2021-45480", "PRION:CVE-2022-0001", "PRION:CVE-2022-0002", "PRION:CVE-2022-0322", "PRION:CVE-2022-0330", "PRION:CVE-2022-0435", "PRION:CVE-2022-0487", "PRION:CVE-2022-0492", "PRION:CVE-2022-0617", "PRION:CVE-2022-24448", "PRION:CVE-2022-24959", "PRION:CVE-2022-25258", "PRION:CVE-2022-25375"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:B1D4F0D015EADEF37B64DFDBD7A05342"]}, {"type": "redhat", "idList": ["RHSA-2020:2854", "RHSA-2020:4060", "RHSA-2020:4062", "RHSA-2020:4431", "RHSA-2020:4609", "RHSA-2020:5633", "RHSA-2020:5635", "RHSA-2021:1578", "RHSA-2021:2121", "RHSA-2021:2136", "RHSA-2021:4140", "RHSA-2021:4356", "RHSA-2021:4627", "RHSA-2021:4646", "RHSA-2021:4647", "RHSA-2021:4648", "RHSA-2021:4650", "RHSA-2021:4871", "RHSA-2021:4875", "RHSA-2021:4914", "RHSA-2021:5038", "RHSA-2021:5127", "RHSA-2021:5129", "RHSA-2021:5137", "RHSA-2021:5227", "RHSA-2021:5241", "RHSA-2022:0042", "RHSA-2022:0043", "RHSA-2022:0047", "RHSA-2022:0063", "RHSA-2022:0065", "RHSA-2022:0072", "RHSA-2022:0078", "RHSA-2022:0176", "RHSA-2022:0181", "RHSA-2022:0186", "RHSA-2022:0187", "RHSA-2022:0188", "RHSA-2022:0202", "RHSA-2022:0231", "RHSA-2022:0232", "RHSA-2022:0236", "RHSA-2022:0283", "RHSA-2022:0335", "RHSA-2022:0344", "RHSA-2022:0529", "RHSA-2022:0530", "RHSA-2022:0531", "RHSA-2022:0533", "RHSA-2022:0540", "RHSA-2022:0590", "RHSA-2022:0592", "RHSA-2022:0595", "RHSA-2022:0620", "RHSA-2022:0622", "RHSA-2022:0629", "RHSA-2022:0636", "RHSA-2022:0712", "RHSA-2022:0718", "RHSA-2022:0735", "RHSA-2022:0771", "RHSA-2022:0772", "RHSA-2022:0777", "RHSA-2022:0819", "RHSA-2022:0820", "RHSA-2022:0821", "RHSA-2022:0823", "RHSA-2022:0825", "RHSA-2022:0841", "RHSA-2022:0849", "RHSA-2022:0851", "RHSA-2022:0856", "RHSA-2022:0925", "RHSA-2022:0958", "RHSA-2022:1083", "RHSA-2022:1103", "RHSA-2022:1104", "RHSA-2022:1106", "RHSA-2022:1107", "RHSA-2022:1185", "RHSA-2022:1186", "RHSA-2022:1198", "RHSA-2022:1199", "RHSA-2022:1209", "RHSA-2022:1213", "RHSA-2022:1263", "RHSA-2022:1324", "RHSA-2022:1373", "RHSA-2022:1396", "RHSA-2022:1413", "RHSA-2022:1417", "RHSA-2022:1418", "RHSA-2022:1455", "RHSA-2022:1476", "RHSA-2022:1589", "RHSA-2022:1619", "RHSA-2022:1622", "RHSA-2022:1699", "RHSA-2022:1715", "RHSA-2022:1975", "RHSA-2022:1988", "RHSA-2022:2186", "RHSA-2022:2189", "RHSA-2022:2211", "RHSA-2022:4642", "RHSA-2022:4644", "RHSA-2022:4655", "RHSA-2022:4717", "RHSA-2022:4721", "RHSA-2022:4814", "RHSA-2022:4829", "RHSA-2022:4835", "RHSA-2022:4896", "RHSA-2022:4956", "RHSA-2022:5157", "RHSA-2022:5201", "RHSA-2022:5392", "RHSA-2022:5483", "RHSA-2022:5626", "RHSA-2022:5633", "RHSA-2022:5730", "RHSA-2022:5879", "RHSA-2022:6053", "RHSA-2022:7444", "RHSA-2022:7683", "RHSA-2022:7933", "RHSA-2022:8267", "RHSA-2022:8781", "RHSA-2022:8889", "RHSA-2022:9040"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-18808", "RH:CVE-2020-29374", "RH:CVE-2020-36322", "RH:CVE-2021-0920", "RH:CVE-2021-20317", "RH:CVE-2021-20321", "RH:CVE-2021-20322", "RH:CVE-2021-22600", "RH:CVE-2021-28711", "RH:CVE-2021-28712", "RH:CVE-2021-28713", "RH:CVE-2021-28714", "RH:CVE-2021-28950", "RH:CVE-2021-3640", "RH:CVE-2021-3744", "RH:CVE-2021-3752", "RH:CVE-2021-3760", "RH:CVE-2021-3764", "RH:CVE-2021-3772", "RH:CVE-2021-38300", "RH:CVE-2021-3894", "RH:CVE-2021-39685", "RH:CVE-2021-39686", "RH:CVE-2021-39698", "RH:CVE-2021-39713", "RH:CVE-2021-4002", "RH:CVE-2021-4083", "RH:CVE-2021-4135", "RH:CVE-2021-4155", "RH:CVE-2021-41864", "RH:CVE-2021-4202", "RH:CVE-2021-4203", "RH:CVE-2021-42739", "RH:CVE-2021-43389", "RH:CVE-2021-43975", "RH:CVE-2021-43976", "RH:CVE-2021-44733", "RH:CVE-2021-45095", "RH:CVE-2021-45469", "RH:CVE-2021-45480", "RH:CVE-2022-0001", "RH:CVE-2022-0002", "RH:CVE-2022-0322", "RH:CVE-2022-0330", "RH:CVE-2022-0435", "RH:CVE-2022-0487", "RH:CVE-2022-0492", "RH:CVE-2022-0617", "RH:CVE-2022-0644", "RH:CVE-2022-22942", "RH:CVE-2022-24448", "RH:CVE-2022-24959", "RH:CVE-2022-25258", "RH:CVE-2022-25375"]}, {"type": "redos", "idList": ["ROS-20220324-01", "ROS-20220413-01", "ROS-20220919-01"]}, {"type": "rocky", "idList": ["RLSA-2021:4140", "RLSA-2021:4356", "RLSA-2021:4646", "RLSA-2021:4647", "RLSA-2021:5227", "RLSA-2021:5241", "RLSA-2022:0176", "RLSA-2022:0188", "RLSA-2022:0819", "RLSA-2022:0825", "RLSA-2022:176", "RLSA-2022:188", "RLSA-2022:1975", "RLSA-2022:1988", "RLSA-2022:7444", "RLSA-2022:7683", "RLSA-2022:819", "RLSA-2022:825"]}, {"type": "slackware", "idList": ["SSA-2022-031-01", "SSA-2022-067-01", "SSA-2022-129-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:0336-1", "OPENSUSE-SU-2021:0393-1", "OPENSUSE-SU-2021:0579-1", "OPENSUSE-SU-2021:0758-1", "OPENSUSE-SU-2021:1271-1", "OPENSUSE-SU-2021:1357-1", "OPENSUSE-SU-2021:1365-1", "OPENSUSE-SU-2021:1460-1", "OPENSUSE-SU-2021:1477-1", "OPENSUSE-SU-2021:1501-1", "OPENSUSE-SU-2021:1975-1", "OPENSUSE-SU-2021:1977-1", "OPENSUSE-SU-2021:3179-1", "OPENSUSE-SU-2021:3205-1", "OPENSUSE-SU-2021:3338-1", "OPENSUSE-SU-2021:3387-1", "OPENSUSE-SU-2021:3447-1", "OPENSUSE-SU-2021:3641-1", "OPENSUSE-SU-2021:3655-1", "OPENSUSE-SU-2021:3675-1", "OPENSUSE-SU-2021:3806-1", "OPENSUSE-SU-2021:3876-1", "OPENSUSE-SU-2021:3941-1", "OPENSUSE-SU-2022:0056-1", "OPENSUSE-SU-2022:0131-1", "OPENSUSE-SU-2022:0169-1", "OPENSUSE-SU-2022:0198-1", "OPENSUSE-SU-2022:0363-1", "OPENSUSE-SU-2022:0366-1", "OPENSUSE-SU-2022:0370-1", "OPENSUSE-SU-2022:0755-1", "OPENSUSE-SU-2022:0760-1", "OPENSUSE-SU-2022:0768-1", "OPENSUSE-SU-2022:0940-1", "OPENSUSE-SU-2022:1037-1", "OPENSUSE-SU-2022:1039-1", "SUSE-SU-2022:1163-1", "SUSE-SU-2022:1256-1", "SUSE-SU-2022:1676-1", "SUSE-SU-2022:1687-1", "SUSE-SU-2022:2079-1", "SUSE-SU-2022:2111-1", "SUSE-SU-2022:2520-1", "SUSE-SU-2022:2615-1", "SUSE-SU-2022:3264-1", "SUSE-SU-2022:3408-1", "SUSE-SU-2022:3609-1", "SUSE-SU-2022:3809-1"]}, {"type": "thn", "idList": ["THN:B3B3DCC2A63D28F471BD0B6A3E2BD325", "THN:D83BCA7444B07BB4964502B0F216E095"]}, {"type": "threatpost", "idList": ["THREATPOST:1A553B57472BB0EB8D69F573B510FDE6"]}, {"type": "trellix", "idList": ["TRELLIX:39F2C513984A5BB7A3E14C8FB15CED7C"]}, {"type": "ubuntu", "idList": ["LSN-0083-1", "LSN-0085-1", "LSN-0086-1", "USN-4525-1", "USN-4526-1", "USN-4748-1", "USN-4749-1", "USN-4911-1", "USN-4982-1", "USN-4984-1", "USN-5136-1", "USN-5139-1", "USN-5140-1", "USN-5161-1", "USN-5162-1", "USN-5163-1", "USN-5164-1", "USN-5165-1", "USN-5206-1", "USN-5207-1", "USN-5208-1", "USN-5209-1", "USN-5210-1", "USN-5210-2", "USN-5211-1", "USN-5218-1", "USN-5265-1", "USN-5266-1", "USN-5267-1", "USN-5267-2", "USN-5267-3", "USN-5268-1", "USN-5278-1", "USN-5294-1", "USN-5294-2", "USN-5295-1", "USN-5295-2", "USN-5297-1", "USN-5298-1", "USN-5302-1", "USN-5317-1", "USN-5318-1", "USN-5319-1", "USN-5337-1", "USN-5338-1", "USN-5339-1", "USN-5343-1", "USN-5361-1", "USN-5362-1", "USN-5368-1", "USN-5377-1", "USN-5383-1", "USN-5384-1", "USN-5385-1", "USN-5413-1", "USN-5415-1", "USN-5417-1", "USN-5418-1", "USN-5466-1", "USN-5467-1", "USN-5484-1", "USN-5500-1", "USN-5505-1", "USN-5513-1", "USN-5540-1", "USN-5884-1", "USN-5926-1", "USN-6001-1", "USN-6013-1", "USN-6014-1", "USN-6221-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-18808", "UB:CVE-2020-29374", "UB:CVE-2020-36322", "UB:CVE-2021-20317", "UB:CVE-2021-20321", "UB:CVE-2021-20322", "UB:CVE-2021-22600", "UB:CVE-2021-28711", "UB:CVE-2021-28712", "UB:CVE-2021-28713", "UB:CVE-2021-28714", "UB:CVE-2021-28715", "UB:CVE-2021-28950", "UB:CVE-2021-3640", "UB:CVE-2021-3744", "UB:CVE-2021-3752", "UB:CVE-2021-3760", "UB:CVE-2021-3764", "UB:CVE-2021-3772", "UB:CVE-2021-38300", "UB:CVE-2021-3894", "UB:CVE-2021-39685", "UB:CVE-2021-39686", "UB:CVE-2021-39698", "UB:CVE-2021-39713", "UB:CVE-2021-4002", "UB:CVE-2021-4083", "UB:CVE-2021-4135", "UB:CVE-2021-4155", "UB:CVE-2021-41864", "UB:CVE-2021-4202", "UB:CVE-2021-4203", "UB:CVE-2021-42739", "UB:CVE-2021-43389", "UB:CVE-2021-43975", "UB:CVE-2021-43976", "UB:CVE-2021-44733", "UB:CVE-2021-45095", "UB:CVE-2021-45469", "UB:CVE-2021-45480", "UB:CVE-2022-0001", "UB:CVE-2022-0002", "UB:CVE-2022-0322", "UB:CVE-2022-0330", "UB:CVE-2022-0435", "UB:CVE-2022-0487", "UB:CVE-2022-0492", "UB:CVE-2022-0617", "UB:CVE-2022-0644", "UB:CVE-2022-20009", "UB:CVE-2022-22942", "UB:CVE-2022-24448", "UB:CVE-2022-24959", "UB:CVE-2022-25258", "UB:CVE-2022-25375"]}, {"type": "veracode", "idList": ["VERACODE:27232", "VERACODE:30595", "VERACODE:30841", "VERACODE:33126", "VERACODE:33430", "VERACODE:33467", "VERACODE:33468", "VERACODE:33647", "VERACODE:33692", "VERACODE:33693", "VERACODE:33700", "VERACODE:33776", "VERACODE:33902", "VERACODE:33961", "VERACODE:34087", "VERACODE:34088", "VERACODE:34091", "VERACODE:34347", "VERACODE:34348", "VERACODE:34349", "VERACODE:34350", "VERACODE:34616", "VERACODE:34843", "VERACODE:34844", "VERACODE:34848", "VERACODE:34849", "VERACODE:34850", "VERACODE:34852", "VERACODE:35279", "VERACODE:35280", "VERACODE:35281", "VERACODE:35282", "VERACODE:35283", "VERACODE:35529", "VERACODE:35988"]}, {"type": "virtuozzo", "idList": ["VZA-2021-063", "VZA-2022-001", "VZA-2022-014", "VZA-2022-015", "VZA-2022-027", "VZA-2023-015", "VZA-2023-018", "VZA-2023-024", "VZA-2023-027"]}, {"type": "xen", "idList": ["XSA-391", "XSA-392", "XSA-398"]}, {"type": "zdt", "idList": ["1337DAY-ID-38179"]}]}, "score": {"value": 9.2, "uncertanity": 0.2, "vector": "NONE"}, "epss": [{"cve": "CVE-2019-18808", "epss": 0.00045, "percentile": 0.12116, "modified": "2023-05-01"}, {"cve": "CVE-2020-29374", "epss": 0.00056, "percentile": 0.21241, "modified": "2023-05-01"}, {"cve": "CVE-2020-36322", "epss": 0.00045, "percentile": 0.12116, "modified": "2023-05-01"}, {"cve": "CVE-2021-20317", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2021-20321", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2021-20322", "epss": 0.00227, "percentile": 0.59432, "modified": "2023-05-02"}, {"cve": "CVE-2021-22600", "epss": 0.00063, "percentile": 0.24811, "modified": "2023-05-02"}, {"cve": "CVE-2021-28711", "epss": 0.00045, "percentile": 0.12121, "modified": "2023-05-02"}, {"cve": "CVE-2021-28712", "epss": 0.00045, "percentile": 0.12121, "modified": "2023-05-02"}, {"cve": "CVE-2021-28713", "epss": 0.00045, "percentile": 0.12121, "modified": "2023-05-02"}, {"cve": "CVE-2021-28714", "epss": 0.00045, "percentile": 0.12121, "modified": "2023-05-02"}, {"cve": "CVE-2021-28715", "epss": 0.00045, "percentile": 0.12121, "modified": "2023-05-02"}, {"cve": "CVE-2021-28950", "epss": 0.00045, "percentile": 0.12116, "modified": "2023-05-01"}, {"cve": "CVE-2021-3640", "epss": 0.00042, "percentile": 0.05657, "modified": "2023-05-01"}, {"cve": "CVE-2021-3744", "epss": 0.00043, "percentile": 0.07823, "modified": "2023-05-02"}, {"cve": "CVE-2021-3752", "epss": 0.00097, "percentile": 0.39346, "modified": "2023-05-02"}, {"cve": "CVE-2021-3760", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2021-3764", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2021-3772", "epss": 0.00139, "percentile": 0.4805, "modified": "2023-05-02"}, {"cve": "CVE-2021-38300", "epss": 0.00061, "percentile": 0.23702, "modified": "2023-05-02"}, {"cve": "CVE-2021-39685", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2021-39686", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2021-39698", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2021-39713", "epss": 0.0005, "percentile": 0.16424, "modified": "2023-05-02"}, {"cve": "CVE-2021-4002", "epss": 0.00043, "percentile": 0.07823, "modified": "2023-05-02"}, {"cve": "CVE-2021-4083", "epss": 0.00043, "percentile": 0.07862, "modified": "2023-05-02"}, {"cve": "CVE-2021-4135", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2021-4155", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2021-41864", "epss": 0.00045, "percentile": 0.12121, "modified": "2023-05-02"}, {"cve": "CVE-2021-4202", "epss": 0.00043, "percentile": 0.07892, "modified": "2023-05-02"}, {"cve": "CVE-2021-4203", "epss": 0.00097, "percentile": 0.3931, "modified": "2023-05-02"}, {"cve": "CVE-2021-42739", "epss": 0.00043, "percentile": 0.07823, "modified": "2023-05-02"}, {"cve": "CVE-2021-43389", "epss": 0.00045, "percentile": 0.12522, "modified": "2023-05-02"}, {"cve": "CVE-2021-43975", "epss": 0.00047, "percentile": 0.14387, "modified": "2023-05-02"}, {"cve": "CVE-2021-43976", "epss": 0.00096, "percentile": 0.389, "modified": "2023-05-02"}, {"cve": "CVE-2021-44733", "epss": 0.00043, "percentile": 0.07848, "modified": "2023-05-02"}, {"cve": "CVE-2021-45095", "epss": 0.00048, "percentile": 0.14639, "modified": "2023-05-02"}, {"cve": "CVE-2021-45469", "epss": 0.00047, "percentile": 0.14387, "modified": "2023-05-02"}, {"cve": "CVE-2021-45480", "epss": 0.00045, "percentile": 0.12121, "modified": "2023-05-02"}, {"cve": "CVE-2022-0001", "epss": 0.00046, "percentile": 0.12892, "modified": "2023-05-02"}, {"cve": "CVE-2022-0002", "epss": 0.00046, "percentile": 0.12892, "modified": "2023-05-02"}, {"cve": "CVE-2022-0322", "epss": 0.00043, "percentile": 0.07823, "modified": "2023-05-02"}, {"cve": "CVE-2022-0330", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-0435", "epss": 0.00996, "percentile": 0.81369, "modified": "2023-05-02"}, {"cve": "CVE-2022-0487", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-0492", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-0617", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-24448", "epss": 0.00046, "percentile": 0.12963, "modified": "2023-05-02"}, {"cve": "CVE-2022-24959", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-25258", "epss": 0.00068, "percentile": 0.27667, "modified": "2023-05-02"}, {"cve": "CVE-2022-25375", "epss": 0.00046, "percentile": 0.12963, "modified": "2023-05-02"}], "vulnersScore": 9.2}, "_state": {"dependencies": 1699464241, "score": 1699465704, "epss": 0}, "_internal": {"score_hash": "9d4f6c5f4c99a779980c7ecfc61511ff"}, "pluginID": "158761", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5096. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158761);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/06\");\n\n script_cve_id(\n \"CVE-2020-29374\",\n \"CVE-2020-36322\",\n \"CVE-2021-3640\",\n \"CVE-2021-3744\",\n \"CVE-2021-3752\",\n \"CVE-2021-3760\",\n \"CVE-2021-3764\",\n \"CVE-2021-3772\",\n \"CVE-2021-4002\",\n \"CVE-2021-4083\",\n \"CVE-2021-4135\",\n \"CVE-2021-4155\",\n \"CVE-2021-4202\",\n \"CVE-2021-4203\",\n \"CVE-2021-20317\",\n \"CVE-2021-20321\",\n \"CVE-2021-20322\",\n \"CVE-2021-22600\",\n \"CVE-2021-28711\",\n \"CVE-2021-28712\",\n \"CVE-2021-28713\",\n \"CVE-2021-28714\",\n \"CVE-2021-28715\",\n \"CVE-2021-28950\",\n \"CVE-2021-38300\",\n \"CVE-2021-39685\",\n \"CVE-2021-39686\",\n \"CVE-2021-39698\",\n \"CVE-2021-39713\",\n \"CVE-2021-41864\",\n \"CVE-2021-42739\",\n \"CVE-2021-43389\",\n \"CVE-2021-43975\",\n \"CVE-2021-43976\",\n \"CVE-2021-44733\",\n \"CVE-2021-45095\",\n \"CVE-2021-45469\",\n \"CVE-2021-45480\",\n \"CVE-2022-0001\",\n \"CVE-2022-0002\",\n \"CVE-2022-0322\",\n \"CVE-2022-0330\",\n \"CVE-2022-0435\",\n \"CVE-2022-0487\",\n \"CVE-2022-0492\",\n \"CVE-2022-0617\",\n \"CVE-2022-0644\",\n \"CVE-2022-22942\",\n \"CVE-2022-24448\",\n \"CVE-2022-24959\",\n \"CVE-2022-25258\",\n \"CVE-2022-25375\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/02\");\n\n script_name(english:\"Debian DSA-5096-1 : linux - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5096 advisory.\n\n - An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The\n get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider\n the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.\n (CVE-2020-29374)\n\n - An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka\n CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system\n crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as\n CVE-2021-28950. (CVE-2020-36322)\n\n - A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the\n timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user\n privileges to cause a denial of service, slowing and eventually stopping the system while running OSP.\n (CVE-2021-20317)\n\n - A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users\n do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.\n (CVE-2021-20321)\n\n - A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux\n kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an\n off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this\n vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source\n port randomization are indirectly affected as well. (CVE-2021-20322)\n\n - A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through\n crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected\n versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (CVE-2021-22600)\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to\n multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the\n ability to run PV backends in regular unprivileged guests, typically referred to as driver domains.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets\n compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain\n could try to attack other guests via sending events at a high frequency leading to a Denial of Service in\n the guest due to trying to service interrupts for elongated amounts of time. There are three affected\n backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch\n 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record\n relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.]\n Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is\n ready to process them. There are some measures taken for avoiding to pile up too much data, but those can\n be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming\n new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default).\n Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time.\n (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in\n its RX queue ring page and the next package would require more than one free slot, which may be the case\n when using GSO, XDP, or software hashing. (CVE-2021-28714) (CVE-2021-28714, CVE-2021-28715)\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur\n because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)\n\n - A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the\n way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del()\n together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A\n privileged local user could use this flaw to crash the system or escalate their privileges on the system.\n (CVE-2021-3640)\n\n - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in\n drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).\n This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)\n\n - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to\n the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the\n system or escalate their privileges. The highest threat from this vulnerability is to confidentiality,\n integrity, as well as system availability. (CVE-2021-3752)\n\n - A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat\n to confidentiality, integrity, and system availability. (CVE-2021-3760)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP\n association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and\n the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when\n transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context.\n This occurs because conditional branches can exceed the 128 KB limit of the MIPS architecture.\n (CVE-2021-38300)\n\n - A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some\n regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the\n memory pages. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4002)\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket\n file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race\n condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows\n unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds\n write. (CVE-2021-41864)\n\n - The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to\n drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt\n mishandles bounds checking. (CVE-2021-42739)\n\n - An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in\n the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (CVE-2021-43389)\n\n - In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in\n drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a\n crafted device) to trigger an out-of-bounds write via a crafted length value. (CVE-2021-43975)\n\n - In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows\n an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).\n (CVE-2021-43976)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory\n object. (CVE-2021-44733)\n\n - pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.\n (CVE-2021-45095)\n\n - In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds\n memory access when an inode has an invalid last xattr entry. (CVE-2021-45469)\n\n - An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the\n __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances.\n (CVE-2021-45480)\n\n - A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c\n in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system\n Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. (CVE-2022-0487)\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the\n kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups\n v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\n - An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in\n drivers/net/hamradio/yam.c. (CVE-2022-24959)\n\n - An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB\n Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array\n index and ones associated with NULL function pointer retrieval). Memory corruption might occur.\n (CVE-2022-25258)\n\n - An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The\n RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive\n information from kernel memory. (CVE-2022-25375)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988044\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/linux\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-29374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-36322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-20317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-20321\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-20322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-22600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-28711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-28712\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-28713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-28714\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-28715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-28950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-3640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-3744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-3752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-3760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-3764\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-3772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38300\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-39685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-39686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-39698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-39713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4083\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4135\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-41864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4202\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-42739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-43389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-43975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-43976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-44733\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-45095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-45469\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-45480\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0435\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-22942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-24448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-24959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-25258\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-25375\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/linux\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0435\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'vmwgfx Driver File Descriptor Handling Priv Esc');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:hyperv-daemons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbpf-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbpf4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:liblockdep-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:liblockdep4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-8-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-8-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-8-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-config-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-cpupower\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-mips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-mips64el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-mipsel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-ppc64el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-cloud-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rt-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-4kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-5kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-686-pae-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-686-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-amd64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-arm64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-cloud-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-cloud-amd64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-loongson-3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-octeon-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-powerpc64le-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rpi-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-686-pae-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-amd64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-arm64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-s390x-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-amd64-signed-template\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-arm64-signed-template\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-i386-signed-template\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.19.0-19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lockdep\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usbip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(10)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '10.0', 'prefix': 'hyperv-daemons', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'libbpf-dev', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'libbpf4.19', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'libcpupower-dev', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'libcpupower1', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'liblockdep-dev', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'liblockdep4.19', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-compiler-gcc-8-arm', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-compiler-gcc-8-s390', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-compiler-gcc-8-x86', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-config-4.19', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-cpupower', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-doc-4.19', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-4kc-malta', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-5kc-malta', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-686', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-686-pae', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-all', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-all-amd64', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-all-arm64', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-all-armel', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-all-armhf', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-all-i386', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-all-mips', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-all-mips64el', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-all-mipsel', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-all-ppc64el', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-all-s390x', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-amd64', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-arm64', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-armmp', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-armmp-lpae', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-cloud-amd64', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-common', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-common-rt', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-loongson-3', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-marvell', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-octeon', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-powerpc64le', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-rpi', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-rt-686-pae', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-rt-amd64', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-rt-arm64', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-rt-armmp', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-s390x', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-4kc-malta', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-4kc-malta-dbg', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-5kc-malta', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-5kc-malta-dbg', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-686-dbg', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-686-pae-dbg', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-686-pae-unsigned', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-686-unsigned', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-amd64-dbg', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-amd64-unsigned', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-arm64-dbg', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-arm64-unsigned', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-armmp', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-armmp-dbg', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-armmp-lpae', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-armmp-lpae-dbg', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-cloud-amd64-dbg', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-cloud-amd64-unsigned', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-loongson-3', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-loongson-3-dbg', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-marvell', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-marvell-dbg', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-octeon', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-octeon-dbg', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-powerpc64le', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-powerpc64le-dbg', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-rpi', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-rpi-dbg', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-rt-686-pae-dbg', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-rt-686-pae-unsigned', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-rt-amd64-dbg', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-rt-amd64-unsigned', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-rt-arm64-dbg', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-rt-arm64-unsigned', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-rt-armmp', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-rt-armmp-dbg', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-s390x', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-s390x-dbg', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-amd64-signed-template', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-arm64-signed-template', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-i386-signed-template', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-kbuild-4.19', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-libc-dev', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-perf-4.19', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-source-4.19', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-support-4.19.0-19', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'lockdep', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'usbip', 'reference': '4.19.232-1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'hyperv-daemons / libbpf-dev / libbpf4.19 / libcpupower-dev / etc');\n}\n", "naslFamily": "Debian Local Security Checks", "cpe": ["p-cpe:/a:debian:debian_linux:hyperv-daemons", "p-cpe:/a:debian:debian_linux:libbpf-dev", "p-cpe:/a:debian:debian_linux:libbpf4.19", "p-cpe:/a:debian:debian_linux:libcpupower-dev", "p-cpe:/a:debian:debian_linux:libcpupower1", "p-cpe:/a:debian:debian_linux:liblockdep-dev", "p-cpe:/a:debian:debian_linux:liblockdep4.19", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-8-arm", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-8-s390", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-8-x86", "p-cpe:/a:debian:debian_linux:linux-config-4.19", "p-cpe:/a:debian:debian_linux:linux-cpupower", "p-cpe:/a:debian:debian_linux:linux-doc-4.19", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-mips", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-mips64el", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-mipsel", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-ppc64el", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-s390x", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-cloud-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-common", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-loongson-3", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-marvell", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-octeon", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rpi", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-amd64-signed-template", "p-cpe:/a:debian:debian_linux:linux-image-arm64-signed-template", "p-cpe:/a:debian:debian_linux:linux-image-i386-signed-template", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.19", "p-cpe:/a:debian:debian_linux:linux-libc-dev", "p-cpe:/a:debian:debian_linux:linux-perf-4.19", "p-cpe:/a:debian:debian_linux:linux-source-4.19", "p-cpe:/a:debian:debian_linux:linux-support-4.19.0-19", "p-cpe:/a:debian:debian_linux:lockdep", "p-cpe:/a:debian:debian_linux:usbip", "cpe:/o:debian:debian_linux:10.0", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rt-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-s390x", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-4kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-5kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-686-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-686-pae-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-686-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-amd64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-arm64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-cloud-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-cloud-amd64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-loongson-3", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-loongson-3-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-marvell", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-marvell-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-octeon", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-octeon-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-powerpc64le-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rpi", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rpi-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-686-pae-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-amd64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-arm64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-s390x", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-s390x-dbg"], "solution": "Upgrade the linux packages.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2022-0435", "vendor_cvss2": {"score": 9, "vector": "CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "vendor_cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "Critical", "score": "9.2"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2022-03-09T00:00:00", "vulnerabilityPublicationDate": "2020-11-28T00:00:00", "exploitableWith": ["Metasploit(vmwgfx Driver File Descriptor Handling Priv Esc)"]}

{"debian": [{"lastseen": "2023-12-03T16:26:24", "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-2941-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Ben Hutchings\nMarch 09, 2022 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : linux-4.19\nVersion : 4.19.232-1~deb9u1\nCVE ID : CVE-2020-29374 CVE-2020-36322 CVE-2021-3640 CVE-2021-3744\n CVE-2021-3752 CVE-2021-3760 CVE-2021-3764 CVE-2021-3772\n CVE-2021-4002 CVE-2021-4083 CVE-2021-4135 CVE-2021-4155\n CVE-2021-4203 CVE-2021-20317 CVE-2021-20321 CVE-2021-20322\n CVE-2021-22600 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713\n CVE-2021-28714 CVE-2021-28715 CVE-2021-28950 CVE-2021-38300\n CVE-2021-39685 CVE-2021-39686 CVE-2021-39698 CVE-2021-39713\n CVE-2021-41864 CVE-2021-42739 CVE-2021-43389 CVE-2021-43975\n CVE-2021-43976 CVE-2021-44733 CVE-2021-45095 CVE-2021-45469\n CVE-2021-45480 CVE-2022-0001 CVE-2022-0002 CVE-2022-0322\n CVE-2022-0330 CVE-2022-0435 CVE-2022-0487 CVE-2022-0492\n CVE-2022-0617 CVE-2022-0644 CVE-2022-22942 CVE-2022-24448\n CVE-2022-24959 CVE-2022-25258 CVE-2022-25375\nDebian Bug : 988044 989285 990411 994050\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2020-29374\n\n Jann Horn of Google reported a flaw in Linux's virtual memory\n management. A parent and child process initially share all their\n memory, but when either writes to a shared page, the page is\n duplicated and unshared (copy-on-write). However, in case an\n operation such as vmsplice() required the kernel to take an\n additional reference to a shared page, and a copy-on-write occurs\n during this operation, the kernel might have accessed the wrong\n process's memory. For some programs, this could lead to an\n information leak or data corruption.\n\n This issue was already fixed for most architectures, but not on\n MIPS and System z. This update corrects that.\n\nCVE-2020-36322, CVE-2021-28950\n\n The syzbot tool found that the FUSE (filesystem-in-user-space)\n implementation did not correctly handle a FUSE server returning\n invalid attributes for a file. A local user permitted to run a\n FUSE server could use this to cause a denial of service (crash).\n\n The original fix for this introduced a different potential denial\n of service (infinite loop in kernel space), which has also been\n fixed.\n\nCVE-2021-3640\n\n Lin Ma discovered a race condiiton in the Bluetooth protocol\n implementation that can lead to a use-after-free. A local\n user could exploit this to cause a denial of service (memory\n corruption or crash) or possibly for privilege escalation.\n\nCVE-2021-3744, CVE-2021-3764\n\n minihanshen reported bugs in the ccp driver for AMD\n Cryptographic Coprocessors that could lead to a resource leak.\n On systems using this driver, a local user could exploit this to\n cause a denial of service.\n\nCVE-2021-3752\n\n Likang Luo of NSFOCUS Security Team discovered a flaw in the\n Bluetooth L2CAP implementation that can lead to a user-after-free.\n A local user could exploit this to cause a denial of service\n (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2021-3760, CVE-2021-4202\n\n Lin Ma discovered race conditions in the NCI (NFC Controller\n Interface) driver, which could lead to a use-after-free. A local\n user could exploit this to cause a denial of service (memory\n corruption or crash) or possibly for privilege escalation.\n\n This driver is not enabled in Debian's official kernel\n configurations.\n\nCVE-2021-3772\n\n A flaw was found in the SCTP protocol implementation, which would\n allow a networked attacker to break an SCTP association. The\n attacker would only need to know or guess the IP addresses and\n ports for the association.\n\nCVE-2021-4002\n\n It was discovered that hugetlbfs, the virtual filesystem used by\n applications to allocate huge pages in RAM, did not flush the\n CPU's TLB in one case where it was necessary. In some\n circumstances a local user would be able to read and write huge\n pages after they are freed and reallocated to a different process.\n This could lead to privilege escalation, denial of service or\n information leaks.\n\nCVE-2021-4083\n\n Jann Horn reported a race condition in the local (Unix) sockets\n garbage collector, that can lead to use-after-free. A local user\n could exploit this to cause a denial of service (memory corruption\n or crash) or possibly for privilege escalation.\n\nCVE-2021-4135\n\n A flaw was found in the netdevsim driver which would lead to an\n information leak.\n\n This driver is not enabled in Debian's official kernel\n configurations.\n\nCVE-2021-4155\n\n Kirill Tkhai discovered a data leak in the way the XFS_IOC_ALLOCSP\n IOCTL in the XFS filesystem allowed for a size increase of files\n with unaligned size. A local attacker can take advantage of this\n flaw to leak data on the XFS filesystem.\n\nCVE-2021-4203\n\n Jann Horn reported a race condition in the local (Unix) sockets\n implementation that can lead to a use-after-free. A local user\n could exploit this to leak sensitive information from the kernel.\n\nCVE-2021-20317\n\n It was discovered that the timer queue structure could become\n corrupt, leading to waiting tasks never being woken up. A local\n user with certain privileges could exploit this to cause a denial\n of service (system hang).\n\nCVE-2021-20321\n\n A race condition was discovered in the overlayfs filesystem\n driver. A local user with access to an overlayfs mount and to its\n underlying upper directory could exploit this for privilege\n escalation.\n\nCVE-2021-20322\n\n An information leak was discovered in the IPv4 implementation. A\n remote attacker could exploit this to quickly discover which UDP\n ports a system is using, making it easier for them to carry out a\n DNS poisoning attack against that system.\n\nCVE-2021-22600\n\n The syzbot tool found a flaw in the packet socket (AF_PACKET)\n implementation which could lead to incorrectly freeing memory. A\n local user with CAP_NET_RAW capability (in any user namespace)\n could exploit this for denial of service (memory corruption or\n crash) or possibly for privilege escalation.\n\nCVE-2021-28711, CVE-2021-28712, CVE-2021-28713 (XSA-391)\n\n Juergen Gross reported that malicious PV backends can cause a denial\n of service to guests being serviced by those backends via high\n frequency events, even if those backends are running in a less\n privileged environment.\n\nCVE-2021-28714, CVE-2021-28715 (XSA-392)\n\n Juergen Gross discovered that Xen guests can force the Linux\n netback driver to hog large amounts of kernel memory, resulting in\n denial of service.\n\nCVE-2021-38300\n\n Piotr Krysiuk discovered a flaw in the classic BPF (cBPF) JIT\n compiler for MIPS architectures. A local user could exploit\n this to excute arbitrary code in the kernel.\n\n This issue is mitigated by setting sysctl\n net.core.bpf_jit_enable=0, which is the default. It is *not*\n mitigated by disabling unprivileged use of eBPF.\n\nCVE-2021-39685\n\n Szymon Heidrich discovered a buffer overflow vulnerability in the\n USB gadget subsystem, resulting in information disclosure, denial of\n service or privilege escalation.\n\nCVE-2021-39686\n\n A race condition was discovered in the Android binder driver, that\n could lead to incorrect security checks. On systems where the\n binder driver is loaded, a local user could exploit this for\n privilege escalation.\n\nCVE-2021-39698\n\n Linus Torvalds reported a flaw in the file polling implementation,\n which could lead to a use-after-free. A local user could exploit\n this for denial of service (memory corruption or crash) or\n possibly for privilege escalation.\n\nCVE-2021-39713\n\n The syzbot tool found a race condition in the network scheduling\n subsystem which could lead to a use-after-free. A local user\n could exploit this for denial of service (memory corruption or\n crash) or possibly for privilege escalation.\n\nCVE-2021-41864\n\n An integer overflow was discovered in the Extended BPF (eBPF)\n subsystem. A local user could exploit this for denial of service\n (memory corruption or crash), or possibly for privilege\n escalation.\n\n This can be mitigated by setting sysctl\n kernel.unprivileged_bpf_disabled=1, which disables eBPF use by\n unprivileged users.\n\nCVE-2021-42739\n\n A heap buffer overflow was discovered in the firedtv driver for\n FireWire-connected DVB receivers. A local user with access to a\n firedtv device could exploit this for denial of service (memory\n corruption or crash), or possibly for privilege escalation.\n\nCVE-2021-43389\n\n The Active Defense Lab of Venustech discovered a flaw in the CMTP\n subsystem as used by Bluetooth, which could lead to an\n out-of-bounds read and object type confusion. A local user with\n CAP_NET_ADMIN capability in the initial user namespace could\n exploit this for denial of service (memory corruption or crash),\n or possibly for privilege escalation.\n\nCVE-2021-43975\n\n Brendan Dolan-Gavitt reported a flaw in the\n hw_atl_utils_fw_rpc_wait() function in the aQuantia AQtion ethernet\n device driver which can result in denial of service or the execution\n of arbitrary code.\n\nCVE-2021-43976\n\n Zekun Shen and Brendan Dolan-Gavitt discovered a flaw in the\n mwifiex_usb_recv() function of the Marvell WiFi-Ex USB Driver. An\n attacker able to connect a crafted USB device can take advantage of\n this flaw to cause a denial of service.\n\nCVE-2021-44733\n\n A race condition was discovered in the Trusted Execution\n Environment (TEE) subsystem for Arm processors, which could lead\n to a use-after-free. A local user permitted to access a TEE\n device could exploit this for denial of service (memory corruption\n or crash) or possibly for privilege escalation.\n\nCVE-2021-45095\n\n It was discovered that the Phone Network protocol (PhoNet) driver\n has a reference count leak in the pep_sock_accept() function.\n\nCVE-2021-45469\n\n Wenqing Liu reported an out-of-bounds memory access in the f2fs\n implementation if an inode has an invalid last xattr entry. An\n attacker able to mount a specially crafted image can take advantage\n of this flaw for denial of service.\n\nCVE-2021-45480\n\n A memory leak flaw was discovered in the __rds_conn_create()\n function in the RDS (Reliable Datagram Sockets) protocol subsystem.\n\nCVE-2022-0001 (INTEL-SA-00598)\n\n Researchers at VUSec discovered that the Branch History Buffer in\n Intel processors can be exploited to create information side-\n channels with speculative execution. This issue is similar to\n Spectre variant 2, but requires additional mitigations on some\n processors.\n\n This can be exploited to obtain sensitive information from a\n different security context, such as from user-space to the kernel,\n or from a KVM guest to the kernel.\n\nCVE-2022-0002 (INTEL-SA-00598)\n\n This is a similar issue to CVE-2022-0001, but covers exploitation\n within a security context, such as from JIT-compiled code in a\n sandbox to hosting code in the same process.\n\n This can be partly mitigated by disabling eBPF for unprivileged\n users with the sysctl: kernel.unprivileged_bpf_disabled=2. This\n update does that by default.\n\nCVE-2022-0322\n\n Eiichi Tsukata discovered a flaw in the sctp_make_strreset_req()\n function in the SCTP network protocol implementation which can\n result in denial of service.\n\nCVE-2022-0330\n\n Sushma Venkatesh Reddy discovered a missing GPU TLB flush in the\n i915 driver, resulting in denial of service or privilege escalation.\n\nCVE-2022-0435\n\n Samuel Page and Eric Dumazet reported a stack overflow in the\n networking module for the Transparent Inter-Process Communication\n (TIPC) protocol, resulting in denial of service or potentially the\n execution of arbitrary code.\n\nCVE-2022-0487\n\n A use-after-free was discovered in the MOXART SD/MMC Host Controller\n support driver. This flaw does not impact the Debian binary packages\n as CONFIG_MMC_MOXART is not set.\n\nCVE-2022-0492\n\n Yiqi Sun and Kevin Wang reported that the cgroup-v1 subsystem does\n not properly restrict access to the release-agent feature. A local\n user can take advantage of this flaw for privilege escalation and\n bypass of namespace isolation.\n\nCVE-2022-0617\n\n butt3rflyh4ck discovered a NULL pointer dereference in the UDF\n filesystem. A local user that can mount a specially crafted UDF\n image can use this flaw to crash the system.\n\nCVE-2022-0644\n\n Hao Sun reported a missing check for file read permission in the\n finit_module() and kexec_file_load() system calls. The security\n impact of this is unclear, since these system calls are usually\n only available to the root user.\n\nCVE-2022-22942\n\n It was discovered that wrong file file descriptor handling in the\n VMware Virtual GPU driver (vmwgfx) could result in information leak\n or privilege escalation.\n\nCVE-2022-24448\n\n Lyu Tao reported a flaw in the NFS implementation in the Linux\n kernel when handling requests to open a directory on a regular file,\n which could result in a information leak.\n\nCVE-2022-24959\n\n A memory leak was discovered in the yam_siocdevprivate() function of\n the YAM driver for AX.25, which could result in denial of service.\n\nCVE-2022-25258\n\n Szymon Heidrich reported the USB Gadget subsystem lacks certain\n validation of interface OS descriptor requests, resulting in memory\n corruption.\n\nCVE-2022-25375\n\n Szymon Heidrich reported that the RNDIS USB gadget lacks validation\n of the size of the RNDIS_MSG_SET command, resulting in information\n leak from kernel memory.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.19.232-1~deb9u1. This update additionally includes many more bug\nfixes from stable updates 4.19.209-4.19.232 inclusive.\n\nWe recommend that you upgrade your linux-4.19 packages.\n\nFor the detailed security status of linux-4.19 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/linux-4.19\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-09T12:40:55", "type": "debian", "title": "[SECURITY] [DLA 2941-1] linux-4.19 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-29374", "CVE-2020-36322", "CVE-2021-20317", "CVE-2021-20321", "CVE-2021-20322", "CVE-2021-22600", "CVE-2021-28711", "CVE-2021-28712", "CVE-2021-28713", "CVE-2021-28714", "CVE-2021-28715", "CVE-2021-28950", "CVE-2021-3640", "CVE-2021-3744", "CVE-2021-3752", "CVE-2021-3760", "CVE-2021-3764", "CVE-2021-3772", "CVE-2021-38300", "CVE-2021-39685", "CVE-2021-39686", "CVE-2021-39698", "CVE-2021-39713", "CVE-2021-4002", "CVE-2021-4083", "CVE-2021-4135", "CVE-2021-4155", "CVE-2021-41864", "CVE-2021-4202", "CVE-2021-4203", "CVE-2021-42739", "CVE-2021-43389", "CVE-2021-43975", "CVE-2021-43976", "CVE-2021-44733", "CVE-2021-45095", "CVE-2021-45469", "CVE-2021-45480", "CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0322", "CVE-2022-0330", "CVE-2022-0435", "CVE-2022-0487", "CVE-2022-0492", "CVE-2022-0617", "CVE-2022-0644", "CVE-2022-22942", "CVE-2022-24448", "CVE-2022-24959", "CVE-2022-25258", "CVE-2022-25375"], "modified": "2022-03-09T12:40:55", "id": "DEBIAN:DLA-2941-1:96084", "href": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T10:10:20", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5096-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nMarch 09, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2020-29374 CVE-2020-36322 CVE-2021-3640 CVE-2021-3744\n CVE-2021-3752 CVE-2021-3760 CVE-2021-3764 CVE-2021-3772\n CVE-2021-4002 CVE-2021-4083 CVE-2021-4135 CVE-2021-4155\n CVE-2021-4203 CVE-2021-20317 CVE-2021-20321 CVE-2021-20322\n CVE-2021-22600 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713\n CVE-2021-28714 CVE-2021-28715 CVE-2021-28950 CVE-2021-38300\n CVE-2021-39685 CVE-2021-39686 CVE-2021-39698 CVE-2021-39713\n CVE-2021-41864 CVE-2021-42739 CVE-2021-43389 CVE-2021-43975\n CVE-2021-43976 CVE-2021-44733 CVE-2021-45095 CVE-2021-45469\n CVE-2021-45480 CVE-2022-0001 CVE-2022-0002 CVE-2022-0322\n CVE-2022-0330 CVE-2022-0435 CVE-2022-0487 CVE-2022-0492\n CVE-2022-0617 CVE-2022-0644 CVE-2022-22942 CVE-2022-24448\n CVE-2022-24959 CVE-2022-25258 CVE-2022-25375\nDebian Bug : 988044 989285 990411 994050\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2020-29374\n\n Jann Horn of Google reported a flaw in Linux's virtual memory\n management. A parent and child process initially share all their\n memory, but when either writes to a shared page, the page is\n duplicated and unshared (copy-on-write). However, in case an\n operation such as vmsplice() required the kernel to take an\n additional reference to a shared page, and a copy-on-write occurs\n during this operation, the kernel might have accessed the wrong\n process's memory. For some programs, this could lead to an\n information leak or data corruption.\n\n This issue was already fixed for most architectures, but not on\n MIPS and System z. This update corrects that.\n\nCVE-2020-36322, CVE-2021-28950\n\n The syzbot tool found that the FUSE (filesystem-in-user-space)\n implementation did not correctly handle a FUSE server returning\n invalid attributes for a file. A local user permitted to run a\n FUSE server could use this to cause a denial of service (crash).\n\n The original fix for this introduced a different potential denial\n of service (infinite loop in kernel space), which has also been\n fixed.\n\nCVE-2021-3640\n\n Lin Ma discovered a race condiiton in the Bluetooth protocol\n implementation that can lead to a use-after-free. A local\n user could exploit this to cause a denial of service (memory\n corruption or crash) or possibly for privilege escalation.\n\nCVE-2021-3744, CVE-2021-3764\n\n minihanshen reported bugs in the ccp driver for AMD\n Cryptographic Coprocessors that could lead to a resource leak.\n On systems using this driver, a local user could exploit this to\n cause a denial of service.\n\nCVE-2021-3752\n\n Likang Luo of NSFOCUS Security Team discovered a flaw in the\n Bluetooth L2CAP implementation that can lead to a user-after-free.\n A local user could exploit this to cause a denial of service\n (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2021-3760, CVE-2021-4202\n\n Lin Ma discovered race conditions in the NCI (NFC Controller\n Interface) driver, which could lead to a use-after-free. A local\n user could exploit this to cause a denial of service (memory\n corruption or crash) or possibly for privilege escalation.\n\n This driver is not enabled in Debian's official kernel\n configurations.\n\nCVE-2021-3772\n\n A flaw was found in the SCTP protocol implementation, which would\n allow a networked attacker to break an SCTP association. The\n attacker would only need to know or guess the IP addresses and\n ports for the association.\n\nCVE-2021-4002\n\n It was discovered that hugetlbfs, the virtual filesystem used by\n applications to allocate huge pages in RAM, did not flush the\n CPU's TLB in one case where it was necessary. In some\n circumstances a local user would be able to read and write huge\n pages after they are freed and reallocated to a different process.\n This could lead to privilege escalation, denial of service or\n information leaks.\n\nCVE-2021-4083\n\n Jann Horn reported a race condition in the local (Unix) sockets\n garbage collector, that can lead to use-after-free. A local user\n could exploit this to cause a denial of service (memory corruption\n or crash) or possibly for privilege escalation.\n\nCVE-2021-4135\n\n A flaw was found in the netdevsim driver which would lead to an\n information leak.\n\n This driver is not enabled in Debian's official kernel\n configurations.\n\nCVE-2021-4155\n\n Kirill Tkhai discovered a data leak in the way the XFS_IOC_ALLOCSP\n IOCTL in the XFS filesystem allowed for a size increase of files\n with unaligned size. A local attacker can take advantage of this\n flaw to leak data on the XFS filesystem.\n\nCVE-2021-4203\n\n Jann Horn reported a race condition in the local (Unix) sockets\n implementation that can lead to a use-after-free. A local user\n could exploit this to leak sensitive information from the kernel.\n\nCVE-2021-20317\n\n It was discovered that the timer queue structure could become\n corrupt, leading to waiting tasks never being woken up. A local\n user with certain privileges could exploit this to cause a denial\n of service (system hang).\n\nCVE-2021-20321\n\n A race condition was discovered in the overlayfs filesystem\n driver. A local user with access to an overlayfs mount and to its\n underlying upper directory could exploit this for privilege\n escalation.\n\nCVE-2021-20322\n\n An information leak was discovered in the IPv4 implementation. A\n remote attacker could exploit this to quickly discover which UDP\n ports a system is using, making it easier for them to carry out a\n DNS poisoning attack against that system.\n\nCVE-2021-22600\n\n The syzbot tool found a flaw in the packet socket (AF_PACKET)\n implementation which could lead to incorrectly freeing memory. A\n local user with CAP_NET_RAW capability (in any user namespace)\n could exploit this for denial of service (memory corruption or\n crash) or possibly for privilege escalation.\n\nCVE-2021-28711, CVE-2021-28712, CVE-2021-28713 (XSA-391)\n\n Juergen Gross reported that malicious PV backends can cause a denial\n of service to guests being serviced by those backends via high\n frequency events, even if those backends are running in a less\n privileged environment.\n\nCVE-2021-28714, CVE-2021-28715 (XSA-392)\n\n Juergen Gross discovered that Xen guests can force the Linux\n netback driver to hog large amounts of kernel memory, resulting in\n denial of service.\n\nCVE-2021-38300\n\n Piotr Krysiuk discovered a flaw in the classic BPF (cBPF) JIT\n compiler for MIPS architectures. A local user could exploit\n this to excute arbitrary code in the kernel.\n\n This issue is mitigated by setting sysctl\n net.core.bpf_jit_enable=0, which is the default. It is *not*\n mitigated by disabling unprivileged use of eBPF.\n\nCVE-2021-39685\n\n Szymon Heidrich discovered a buffer overflow vulnerability in the\n USB gadget subsystem, resulting in information disclosure, denial of\n service or privilege escalation.\n\nCVE-2021-39686\n\n A race condition was discovered in the Android binder driver, that\n could lead to incorrect security checks. On systems where the\n binder driver is loaded, a local user could exploit this for\n privilege escalation.\n\nCVE-2021-39698\n\n Linus Torvalds reported a flaw in the file polling implementation,\n which could lead to a use-after-free. A local user could exploit\n this for denial of service (memory corruption or crash) or\n possibly for privilege escalation.\n\nCVE-2021-39713\n\n The syzbot tool found a race condition in the network scheduling\n subsystem which could lead to a use-after-free. A local user\n could exploit this for denial of service (memory corruption or\n crash) or possibly for privilege escalation.\n\nCVE-2021-41864\n\n An integer overflow was discovered in the Extended BPF (eBPF)\n subsystem. A local user could exploit this for denial of service\n (memory corruption or crash), or possibly for privilege\n escalation.\n\n This can be mitigated by setting sysctl\n kernel.unprivileged_bpf_disabled=1, which disables eBPF use by\n unprivileged users.\n\nCVE-2021-42739\n\n A heap buffer overflow was discovered in the firedtv driver for\n FireWire-connected DVB receivers. A local user with access to a\n firedtv device could exploit this for denial of service (memory\n corruption or crash), or possibly for privilege escalation.\n\nCVE-2021-43389\n\n The Active Defense Lab of Venustech discovered a flaw in the CMTP\n subsystem as used by Bluetooth, which could lead to an\n out-of-bounds read and object type confusion. A local user with\n CAP_NET_ADMIN capability in the initial user namespace could\n exploit this for denial of service (memory corruption or crash),\n or possibly for privilege escalation.\n\nCVE-2021-43975\n\n Brendan Dolan-Gavitt reported a flaw in the\n hw_atl_utils_fw_rpc_wait() function in the aQuantia AQtion ethernet\n device driver which can result in denial of service or the execution\n of arbitrary code.\n\nCVE-2021-43976\n\n Zekun Shen and Brendan Dolan-Gavitt discovered a flaw in the\n mwifiex_usb_recv() function of the Marvell WiFi-Ex USB Driver. An\n attacker able to connect a crafted USB device can take advantage of\n this flaw to cause a denial of service.\n\nCVE-2021-44733\n\n A race condition was discovered in the Trusted Execution\n Environment (TEE) subsystem for Arm processors, which could lead\n to a use-after-free. A local user permitted to access a TEE\n device could exploit this for denial of service (memory corruption\n or crash) or possibly for privilege escalation.\n\nCVE-2021-45095\n\n It was discovered that the Phone Network protocol (PhoNet) driver\n has a reference count leak in the pep_sock_accept() function.\n\nCVE-2021-45469\n\n Wenqing Liu reported an out-of-bounds memory access in the f2fs\n implementation if an inode has an invalid last xattr entry. An\n attacker able to mount a specially crafted image can take advantage\n of this flaw for denial of service.\n\nCVE-2021-45480\n\n A memory leak flaw was discovered in the __rds_conn_create()\n function in the RDS (Reliable Datagram Sockets) protocol subsystem.\n\nCVE-2022-0001 (INTEL-SA-00598)\n\n Researchers at VUSec discovered that the Branch History Buffer in\n Intel processors can be exploited to create information side-\n channels with speculative execution. This issue is similar to\n Spectre variant 2, but requires additional mitigations on some\n processors.\n\n This can be exploited to obtain sensitive information from a\n different security context, such as from user-space to the kernel,\n or from a KVM guest to the kernel.\n\nCVE-2022-0002 (INTEL-SA-00598)\n\n This is a similar issue to CVE-2022-0001, but covers exploitation\n within a security context, such as from JIT-compiled code in a\n sandbox to hosting code in the same process.\n\n This can be partly mitigated by disabling eBPF for unprivileged\n users with the sysctl: kernel.unprivileged_bpf_disabled=2. This\n update does that by default.\n\nCVE-2022-0322\n\n Eiichi Tsukata discovered a flaw in the sctp_make_strreset_req()\n function in the SCTP network protocol implementation which can\n result in denial of service.\n\nCVE-2022-0330\n\n Sushma Venkatesh Reddy discovered a missing GPU TLB flush in the\n i915 driver, resulting in denial of service or privilege escalation.\n\nCVE-2022-0435\n\n Samuel Page and Eric Dumazet reported a stack overflow in the\n networking module for the Transparent Inter-Process Communication\n (TIPC) protocol, resulting in denial of service or potentially the\n execution of arbitrary code.\n\nCVE-2022-0487\n\n A use-after-free was discovered in the MOXART SD/MMC Host Controller\n support driver. This flaw does not impact the Debian binary packages\n as CONFIG_MMC_MOXART is not set.\n\nCVE-2022-0492\n\n Yiqi Sun and Kevin Wang reported that the cgroup-v1 subsystem does\n not properly restrict access to the release-agent feature. A local\n user can take advantage of this flaw for privilege escalation and\n bypass of namespace isolation.\n\nCVE-2022-0617\n\n butt3rflyh4ck discovered a NULL pointer dereference in the UDF\n filesystem. A local user that can mount a specially crafted UDF\n image can use this flaw to crash the system.\n\nCVE-2022-0644\n\n Hao Sun reported a missing check for file read permission in the\n finit_module() and kexec_file_load() system calls. The security\n impact of this is unclear, since these system calls are usually\n only available to the root user.\n\nCVE-2022-22942\n\n It was discovered that wrong file file descriptor handling in the\n VMware Virtual GPU driver (vmwgfx) could result in information leak\n or privilege escalation.\n\nCVE-2022-24448\n\n Lyu Tao reported a flaw in the NFS implementation in the Linux\n kernel when handling requests to open a directory on a regular file,\n which could result in a information leak.\n\nCVE-2022-24959\n\n A memory leak was discovered in the yam_siocdevprivate() function of\n the YAM driver for AX.25, which could result in denial of service.\n\nCVE-2022-25258\n\n Szymon Heidrich reported the USB Gadget subsystem lacks certain\n validation of interface OS descriptor requests, resulting in memory\n corruption.\n\nCVE-2022-25375\n\n Szymon Heidrich reported that the RNDIS USB gadget lacks validation\n of the size of the RNDIS_MSG_SET command, resulting in information\n leak from kernel memory.\n\nFor the oldstable distribution (buster), these problems have been\nfixed in version 4.19.232-1. This update additionally includes many\nmore bug fixes from stable updates 4.19.209-4.19.232 inclusive.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-09T15:30:58", "type": "debian", "title": "[SECURITY] [DSA 5096-1] linux security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-29374", "CVE-2020-36322", "CVE-2021-20317", "CVE-2021-20321", "CVE-2021-20322", "CVE-2021-22600", "CVE-2021-28711", "CVE-2021-28712", "CVE-2021-28713", "CVE-2021-28714", "CVE-2021-28715", "CVE-2021-28950", "CVE-2021-3640", "CVE-2021-3744", "CVE-2021-3752", "CVE-2021-3760", "CVE-2021-3764", "CVE-2021-3772", "CVE-2021-38300", "CVE-2021-39685", "CVE-2021-39686", "CVE-2021-39698", "CVE-2021-39713", "CVE-2021-4002", "CVE-2021-4083", "CVE-2021-4135", "CVE-2021-4155", "CVE-2021-41864", "CVE-2021-4202", "CVE-2021-4203", "CVE-2021-42739", "CVE-2021-43389", "CVE-2021-43975", "CVE-2021-43976", "CVE-2021-44733", "CVE-2021-45095", "CVE-2021-45469", "CVE-2021-45480", "CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0322", "CVE-2022-0330", "CVE-2022-0435", "CVE-2022-0487", "CVE-2022-0492", "CVE-2022-0617", "CVE-2022-0644", "CVE-2022-22942", "CVE-2022-24448", "CVE-2022-24959", "CVE-2022-25258", "CVE-2022-25375"], "modified": "2022-03-09T15:30:58", "id": "DEBIAN:DSA-5096-1:B47F5", "href": "https://lists.debian.org/debian-security-announce/2022/msg00063.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T16:26:22", "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-2940-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Ben Hutchings\nMarch 09, 2022 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : linux\nVersion : 4.9.303-1\nCVE ID : CVE-2021-3640 CVE-2021-3752 CVE-2021-4002 CVE-2021-4083\n CVE-2021-4155 CVE-2021-4202 CVE-2021-28711 CVE-2021-28712\n CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-29264\n CVE-2021-33033 CVE-2021-39685 CVE-2021-39686 CVE-2021-39698\n CVE-2021-39714 CVE-2021-43976 CVE-2021-45095 CVE-2022-0001\n CVE-2022-0002 CVE-2022-0330 CVE-2022-0435 CVE-2022-0487\n CVE-2022-0492 CVE-2022-0617 CVE-2022-24448 CVE-2022-25258\n CVE-2022-25375\nDebian Bug : 990411\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2021-3640\n\n LinMa of BlockSec Team discovered a race condition in the\n Bluetooth SCO implementation that can lead to a use-after-free. A\n local user could exploit this to cause a denial of service (memory\n corruption or crash) or possibly for privilege escalation.\n\nCVE-2021-3752\n\n Likang Luo of NSFOCUS Security Team discovered a flaw in the\n Bluetooth L2CAP implementation that can lead to a user-after-free.\n A local user could exploit this to cause a denial of service\n (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2021-4002\n\n It was discovered that hugetlbfs, the virtual filesystem used by\n applications to allocate huge pages in RAM, did not flush the\n CPU's TLB in one case where it was necessary. In some\n circumstances a local user would be able to read and write huge\n pages after they are freed and reallocated to a different process.\n This could lead to privilege escalation, denial of service or\n information leaks.\n\nCVE-2021-4083\n\n Jann Horn reported a race condition in the local (Unix) sockets\n garbage collector, that can lead to use-after-free. A local user\n could exploit this to cause a denial of service (memory corruption\n or crash) or possibly for privilege escalation.\n\nCVE-2021-4155\n\n Kirill Tkhai discovered a data leak in the way the XFS_IOC_ALLOCSP\n IOCTL in the XFS filesystem allowed for a size increase of files\n with unaligned size. A local attacker can take advantage of this\n flaw to leak data on the XFS filesystem.\n\nCVE-2021-4202\n\n Lin Ma discovered a race condition in the NCI (NFC Controller\n Interface) driver, which could lead to a use-after-free. A local\n user could exploit this to cause a denial of service (memory\n corruption or crash) or possibly for privilege escalation.\n\n This protocol is not enabled in Debian's official kernel\n configurations.\n\nCVE-2021-28711, CVE-2021-28712, CVE-2021-28713 (XSA-391)\n\n Juergen Gross reported that malicious PV backends can cause a denial\n of service to guests being serviced by those backends via high\n frequency events, even if those backends are running in a less\n privileged environment.\n\nCVE-2021-28714, CVE-2021-28715 (XSA-392)\n\n Juergen Gross discovered that Xen guests can force the Linux\n netback driver to hog large amounts of kernel memory, resulting in\n denial of service.\n\nCVE-2021-29264\n\n It was discovered that the "gianfar" Ethernet driver used with\n some Freescale SoCs did not correctly handle a Rx queue overrun\n when jumbo packets were enabled. On systems using this driver and\n jumbo packets, an attacker on the network could exploit this to\n cause a denial of service (crash).\n\n This driver is not enabled in Debian's official kernel\n configurations.\n\nCVE-2021-33033\n\n The syzbot tool found a reference counting bug in the CIPSO\n implementation that can lead to a use-after-free.\n\n This protocol is not enabled in Debian's official kernel\n configurations.\n\nCVE-2021-39685\n\n Szymon Heidrich discovered a buffer overflow vulnerability in the\n USB gadget subsystem, resulting in information disclosure, denial of\n service or privilege escalation.\n\nCVE-2021-39686\n\n A race condition was discovered in the Android binder driver, that\n could lead to incorrect security checks. On systems where the\n binder driver is loaded, a local user could exploit this for\n privilege escalation.\n\n This driver is not enabled in Debian's official kernel\n configurations.\n\nCVE-2021-39698\n\n Linus Torvalds reported a flaw in the file polling implementation,\n which could lead to a use-after-free. A local user could exploit\n this for denial of service (memory corruption or crash) or\n possibly for privilege escalation.\n\nCVE-2021-39714\n\n A potential reference count overflow was found in the Android Ion\n driver. On systems where the Ion driver is loaded, a local user\n could exploit this for denial of service (memory corruption or\n crash) or possibly for privilege escalation.\n\n This driver is not enabled in Debian's official kernel\n configurations.\n\nCVE-2021-43976\n\n Zekun Shen and Brendan Dolan-Gavitt discovered a flaw in the\n mwifiex_usb_recv() function of the Marvell WiFi-Ex USB Driver. An\n attacker able to connect a crafted USB device can take advantage of\n this flaw to cause a denial of service.\n\nCVE-2021-45095\n\n It was discovered that the Phone Network protocol (PhoNet) driver\n has a reference count leak in the pep_sock_accept() function.\n\nCVE-2022-0001 (INTEL-SA-00598)\n\n Researchers at VUSec discovered that the Branch History Buffer in\n Intel processors can be exploited to create information side-\n channels with speculative execution. This issue is similar to\n Spectre variant 2, but requires additional mitigations on some\n processors.\n\n This can be exploited to obtain sensitive information from a\n different security context, such as from user-space to the kernel,\n or from a KVM guest to the kernel.\n\nCVE-2022-0002 (INTEL-SA-00598)\n\n This is a similar issue to CVE-2022-0001, but covers exploitation\n within a security context, such as from JIT-compiled code in a\n sandbox to hosting code in the same process.\n\n This can be partly mitigated by disabling eBPF for unprivileged\n users with the sysctl: kernel.unprivileged_bpf_disabled=2. This\n update does that by default.\n\nCVE-2022-0330\n\n Sushma Venkatesh Reddy discovered a missing GPU TLB flush in the\n i915 driver, resulting in denial of service or privilege escalation.\n\nCVE-2022-0435\n\n Samuel Page and Eric Dumazet reported a stack overflow in the\n networking module for the Transparent Inter-Process Communication\n (TIPC) protocol, resulting in denial of service or potentially the\n execution of arbitrary code.\n\nCVE-2022-0487\n\n A use-after-free was discovered in the MOXART SD/MMC Host Controller\n support driver. This flaw does not impact the Debian binary packages\n as CONFIG_MMC_MOXART is not set.\n\nCVE-2022-0492\n\n Yiqi Sun and Kevin Wang reported that the cgroup-v1 subsystem does\n not properly restrict access to the release-agent feature. A local\n user can take advantage of this flaw for privilege escalation and\n bypass of namespace isolation.\n\nCVE-2022-0617\n\n butt3rflyh4ck discovered a NULL pointer dereference in the UDF\n filesystem. A local user that can mount a specially crafted UDF\n image can use this flaw to crash the system.\n\nCVE-2022-24448\n\n Description\n\nCVE-2022-25258\n\n Szymon Heidrich reported the USB Gadget subsystem lacks certain\n validation of interface OS descriptor requests, resulting in memory\n corruption.\n\nCVE-2022-25375\n\n Szymon Heidrich reported that the RNDIS USB gadget lacks validation\n of the size of the RNDIS_MSG_SET command, resulting in information\n leak from kernel memory.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.9.303-1. This update additionally includes many more bug fixes from\nstable updates 4.9.291-4.9.303 inclusive.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-09T12:40:13", "type": "debian", "title": "[SECURITY] [DLA 2940-1] linux security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28711", "CVE-2021-28712", "CVE-2021-28713", "CVE-2021-28714", "CVE-2021-28715", "CVE-2021-29264", "CVE-2021-33033", "CVE-2021-3640", "CVE-2021-3752", "CVE-2021-39685", "CVE-2021-39686", "CVE-2021-39698", "CVE-2021-39714", "CVE-2021-4002", "CVE-2021-4083", "CVE-2021-4155", "CVE-2021-4202", "CVE-2021-43976", "CVE-2021-45095", "CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0330", "CVE-2022-0435", "CVE-2022-0487", "CVE-2022-0492", "CVE-2022-0617", "CVE-2022-24448", "CVE-2022-25258", "CVE-2022-25375"], "modified": "2022-03-09T12:40:13", "id": "DEBIAN:DLA-2940-1:FB71D", "href": "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T16:04:19", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5050-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJanuary 20, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2021-4155 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713\n CVE-2021-28714 CVE-2021-28715 CVE-2021-39685 CVE-2021-45095\n CVE-2021-45469 CVE-2021-45480 CVE-2022-0185 CVE-2022-23222\nDebian Bug : 988044 996974\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2021-4155\n\n Kirill Tkhai discovered a data leak in the way the XFS_IOC_ALLOCSP\n IOCTL in the XFS filesystem allowed for a size increase of files\n with unaligned size. A local attacker can take advantage of this\n flaw to leak data on the XFS filesystem.\n\nCVE-2021-28711, CVE-2021-28712, CVE-2021-28713 (XSA-391)\n\n Juergen Gross reported that malicious PV backends can cause a denial\n of service to guests being serviced by those backends via high\n frequency events, even if those backends are running in a less\n privileged environment.\n\nCVE-2021-28714, CVE-2021-28715 (XSA-392)\n\n Juergen Gross discovered that Xen guests can force the Linux\n netback driver to hog large amounts of kernel memory, resulting in\n denial of service.\n\nCVE-2021-39685\n\n Szymon Heidrich discovered a buffer overflow vulnerability in the\n USB gadget subsystem, resulting in information disclosure, denial of\n service or privilege escalation.\n\nCVE-2021-45095\n\n It was discovered that the Phone Network protocol (PhoNet) driver\n has a reference count leak in the pep_sock_accept() function.\n\nCVE-2021-45469\n\n Wenqing Liu reported an out-of-bounds memory access in the f2fs\n implementation if an inode has an invalid last xattr entry. An\n attacker able to mount a specially crafted image can take advantage\n of this flaw for denial of service.\n\nCVE-2021-45480\n\n A memory leak flaw was discovered in the __rds_conn_create()\n function in the RDS (Reliable Datagram Sockets) protocol subsystem.\n\nCVE-2022-0185\n\n William Liu, Jamie Hill-Daniel, Isaac Badipe, Alec Petridis, Hrvoje\n Misetic and Philip Papurt discovered a heap-based buffer overflow\n flaw in the legacy_parse_param function in the Filesystem Context\n functionality, allowing an local user (with CAP_SYS_ADMIN capability\n in the current namespace) to escalate privileges.\n\nCVE-2022-23222\n\n 'tr3e' discovered that the BPF verifier does not properly restrict\n several *_OR_NULL pointer types allowing these types to do pointer\n arithmetic. A local user with the ability to call bpf(), can take\n advantage of this flaw to excalate privileges. Unprivileged calls to\n bpf() are disabled by default in Debian, mitigating this flaw.\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 5.10.92-1. This version includes changes which were aimed to\nland in the next Debian bullseye point release.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-20T16:46:05", "type": "debian", "title": "[SECURITY] [DSA 5050-1] linux security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28711", "CVE-2021-28712", "CVE-2021-28713", "CVE-2021-28714", "CVE-2021-28715", "CVE-2021-39685", "CVE-2021-4155", "CVE-2021-45095", "CVE-2021-45469", "CVE-2021-45480", "CVE-2022-0185", "CVE-2022-23222"], "modified": "2022-01-20T16:46:05", "id": "DEBIAN:DSA-5050-1:FB23B", "href": "https://lists.debian.org/debian-security-announce/2022/msg00016.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T10:10:39", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5092-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nMarch 07, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2021-43976 CVE-2022-0330 CVE-2022-0435 CVE-2022-0516\n CVE-2022-0847 CVE-2022-22942 CVE-2022-24448 CVE-2022-24959\n CVE-2022-25258 CVE-2022-25375\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2021-43976\n\n Zekun Shen and Brendan Dolan-Gavitt discovered a flaw in the\n mwifiex_usb_recv() function of the Marvell WiFi-Ex USB Driver. An\n attacker able to connect a crafted USB device can take advantage of\n this flaw to cause a denial of service.\n\nCVE-2022-0330\n\n Sushma Venkatesh Reddy discovered a missing GPU TLB flush in the\n i915 driver, resulting in denial of service or privilege escalation.\n\nCVE-2022-0435\n\n Samuel Page and Eric Dumazet reported a stack overflow in the\n networking module for the Transparent Inter-Process Communication\n (TIPC) protocol, resulting in denial of service or potentially the\n execution of arbitrary code.\n\nCVE-2022-0516\n\n It was discovered that an insufficient check in the KVM subsystem\n for s390x could allow unauthorized memory read or write access.\n\nCVE-2022-0847\n\n Max Kellermann discovered a flaw in the handling of pipe buffer\n flags. An attacker can take advantage of this flaw for local\n privilege escalation.\n\nCVE-2022-22942\n\n It was discovered that wrong file file descriptor handling in the\n VMware Virtual GPU driver (vmwgfx) could result in information leak\n or privilege escalation.\n\nCVE-2022-24448\n\n Lyu Tao reported a flaw in the NFS implementation in the Linux\n kernel when handling requests to open a directory on a regular file,\n which could result in a information leak.\n\nCVE-2022-24959\n\n A memory leak was discovered in the yam_siocdevprivate() function of\n the YAM driver for AX.25, which could result in denial of service.\n\nCVE-2022-25258\n\n Szymon Heidrich reported the USB Gadget subsystem lacks certain\n validation of interface OS descriptor requests, resulting in memory\n corruption.\n\nCVE-2022-25375\n\n Szymon Heidrich reported that the RNDIS USB gadget lacks validation\n of the size of the RNDIS_MSG_SET command, resulting in information\n leak from kernel memory.\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 5.10.92-2.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-07T12:54:12", "type": "debian", "title": "[SECURITY] [DSA 5092-1] linux security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43976", "CVE-2022-0330", "CVE-2022-0435", "CVE-2022-0516", "CVE-2022-0847", "CVE-2022-22942", "CVE-2022-24448", "CVE-2022-24959", "CVE-2022-25258", "CVE-2022-25375"], "modified": "2022-03-07T12:54:12", "id": "DEBIAN:DSA-5092-1:463D4", "href": "https://lists.debian.org/debian-security-announce/2022/msg00059.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T10:10:15", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5095-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nMarch 09, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2020-36310 CVE-2022-0001 CVE-2022-0002 CVE-2022-0487\n CVE-2022-0492 CVE-2022-0617 CVE-2022-25636\nDebian Bug : 990279\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2020-36310\n\n A flaw was discovered in the KVM implementation for AMD processors,\n which could lead to an infinite loop. A malicious VM guest could\n exploit this to cause a denial of service.\n\nCVE-2022-0001 (INTEL-SA-00598)\n\n Researchers at VUSec discovered that the Branch History Buffer in\n Intel processors can be exploited to create information side-\n channels with speculative execution. This issue is similar to\n Spectre variant 2, but requires additional mitigations on some\n processors.\n\n This can be exploited to obtain sensitive information from a\n different security context, such as from user-space to the kernel,\n or from a KVM guest to the kernel.\n\nCVE-2022-0002 (INTEL-SA-00598)\n\n This is a similar issue to CVE-2022-0001, but covers exploitation\n within a security context, such as from JIT-compiled code in a\n sandbox to hosting code in the same process.\n\n This is partly mitigated by disabling eBPF for unprivileged users\n with the sysctl: kernel.unprivileged_bpf_disabled=2. This is\n already the default in Debian 11 "bullseye".\n\nCVE-2022-0487\n\n A use-after-free was discovered in the MOXART SD/MMC Host Controller\n support driver. This flaw does not impact the Debian binary packages\n as CONFIG_MMC_MOXART is not set.\n\nCVE-2022-0492\n\n Yiqi Sun and Kevin Wang reported that the cgroup-v1 subsystem does\n not properly restrict access to the release-agent feature. A local\n user can take advantage of this flaw for privilege escalation and\n bypass of namespace isolation.\n\nCVE-2022-0617\n\n butt3rflyh4ck discovered a NULL pointer dereference in the UDF\n filesystem. A local user that can mount a specially crafted UDF\n image can use this flaw to crash the system.\n\nCVE-2022-25636\n\n Nick Gregory reported a heap out-of-bounds write flaw in the\n netfilter subsystem. A user with the CAP_NET_ADMIN capability could\n use this for denial of service or possibly for privilege escalation.\n\nFor the stable distribution (bullseye), these problems have been fixed\nin version 5.10.103-1. This update additionally includes many more\nbug fixes from stable updates 5.10.93-5.10.103 inclusive.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-09T15:30:29", "type": "debian", "title": "[SECURITY] [DSA 5095-1] linux security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36310", "CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0487", "CVE-2022-0492", "CVE-2022-0617", "CVE-2022-25636"], "modified": "2022-03-09T15:30:29", "id": "DEBIAN:DSA-5095-1:31FF6", "href": "https://lists.debian.org/debian-security-announce/2022/msg00062.html", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "osv": [{"lastseen": "2022-08-29T21:22:18", "description": "\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\n\n* [CVE-2020-29374](https://security-tracker.debian.org/tracker/CVE-2020-29374)\nJann Horn of Google reported a flaw in Linux's virtual memory\n management. A parent and child process initially share all their\n memory, but when either writes to a shared page, the page is\n duplicated and unshared (copy-on-write). However, in case an\n operation such as vmsplice() required the kernel to take an\n additional reference to a shared page, and a copy-on-write occurs\n during this operation, the kernel might have accessed the wrong\n process's memory. For some programs, this could lead to an\n information leak or data corruption.\n\n\nThis issue was already fixed for most architectures, but not on\n MIPS and System z. This update corrects that.\n* [CVE-2020-36322](https://security-tracker.debian.org/tracker/CVE-2020-36322)\n, [CVE-2021-28950](https://security-tracker.debian.org/tracker/CVE-2021-28950)\n\n\nThe syzbot tool found that the FUSE (filesystem-in-user-space)\n implementation did not correctly handle a FUSE server returning\n invalid attributes for a file. A local user permitted to run a\n FUSE server could use this to cause a denial of service (crash).\n\n\nThe original fix for this introduced a different potential denial\n of service (infinite loop in kernel space), which has also been\n fixed.\n* [CVE-2021-3640](https://security-tracker.debian.org/tracker/CVE-2021-3640)\nLin Ma discovered a race condiiton in the Bluetooth protocol\n implementation that can lead to a use-after-free. A local\n user could exploit this to cause a denial of service (memory\n corruption or crash) or possibly for privilege escalation.\n* [CVE-2021-3744](https://security-tracker.debian.org/tracker/CVE-2021-3744)\n, [CVE-2021-3764](https://security-tracker.debian.org/tracker/CVE-2021-3764)\n\n\nminihanshen reported bugs in the ccp driver for AMD\n Cryptographic Coprocessors that could lead to a resource leak.\n On systems using this driver, a local user could exploit this to\n cause a denial of service.\n* [CVE-2021-3752](https://security-tracker.debian.org/tracker/CVE-2021-3752)\nLikang Luo of NSFOCUS Security Team discovered a flaw in the\n Bluetooth L2CAP implementation that can lead to a user-after-free.\n A local user could exploit this to cause a denial of service\n (memory corruption or crash) or possibly for privilege escalation.\n* [CVE-2021-3760](https://security-tracker.debian.org/tracker/CVE-2021-3760)\n, [CVE-2021-4202](https://security-tracker.debian.org/tracker/CVE-2021-4202)\n\n\nLin Ma discovered race conditions in the NCI (NFC Controller\n Interface) driver, which could lead to a use-after-free. A local\n user could exploit this to cause a denial of service (memory\n corruption or crash) or possibly for privilege escalation.\n\n\nThis driver is not enabled in Debian's official kernel\n configurations.\n* [CVE-2021-3772](https://security-tracker.debian.org/tracker/CVE-2021-3772)\nA flaw was found in the SCTP protocol implementation, which would\n allow a networked attacker to break an SCTP association. The\n attacker would only need to know or guess the IP addresses and\n ports for the association.\n* [CVE-2021-4002](https://security-tracker.debian.org/tracker/CVE-2021-4002)\nIt was discovered that hugetlbfs, the virtual filesystem used by\n applications to allocate huge pages in RAM, did not flush the\n CPU's TLB in one case where it was necessary. In some\n circumstances a local user would be able to read and write huge\n pages after they are freed and reallocated to a different process.\n This could lead to privilege escalation, denial of service or\n information leaks.\n* [CVE-2021-4083](https://security-tracker.debian.org/tracker/CVE-2021-4083)\nJann Horn reported a race condition in the local (Unix) sockets\n garbage collector, that can lead to use-after-free. A local user\n could exploit this to cause a denial of service (memory corruption\n or crash) or possibly for privilege escalation.\n* [CVE-2021-4135](https://security-tracker.debian.org/tracker/CVE-2021-4135)\nA flaw was found in the netdevsim driver which would lead to an\n information leak.\n\n\nThis driver is not enabled in Debian's official kernel\n configurations.\n* [CVE-2021-4155](https://security-tracker.debian.org/tracker/CVE-2021-4155)\nKirill Tkhai discovered a data leak in the way the XFS\\_IOC\\_ALLOCSP\n IOCTL in the XFS filesystem allowed for a size increase of files\n with unaligned size. A local attacker can take advantage of this\n flaw to leak data on the XFS filesystem.\n* [CVE-2021-4203](https://security-tracker.debian.org/tracker/CVE-2021-4203)\nJann Horn reported a race condition in the local (Unix) sockets\n implementation that can lead to a use-after-free. A local user\n could exploit this to leak sensitive information from the kernel.\n* [CVE-2021-20317](https://security-tracker.debian.org/tracker/CVE-2021-20317)\nIt was discovered that the timer queue structure could become\n corrupt, leading to waiting tasks never being woken up. A local\n user with certain privileges could exploit this to cause a denial\n of service (system hang).\n* [CVE-2021-20321](https://security-tracker.debian.org/tracker/CVE-2021-20321)\nA race condition was discovered in the overlayfs filesystem\n driver. A local user with access to an overlayfs mount and to its\n underlying upper directory could exploit this for privilege\n escalation.\n* [CVE-2021-20322](https://security-tracker.debian.org/tracker/CVE-2021-20322)\nAn information leak was discovered in the IPv4 implementation. A\n remote attacker could exploit this to quickly discover which UDP\n ports a system is using, making it easier for them to carry out a\n DNS poisoning attack against that system.\n* [CVE-2021-22600](https://security-tracker.debian.org/tracker/CVE-2021-22600)\nThe syzbot tool found a flaw in the packet socket (AF\\_PACKET)\n implementation which could lead to incorrectly freeing memory. A\n local user with CAP\\_NET\\_RAW capability (in any user namespace)\n could exploit this for denial of service (memory corruption or\n crash) or possibly for privilege escalation.\n* [CVE-2021-28711](https://security-tracker.debian.org/tracker/CVE-2021-28711)\n, [CVE-2021-28712](https://security-tracker.debian.org/tracker/CVE-2021-28712), [CVE-2021-28713](https://security-tracker.debian.org/tracker/CVE-2021-28713) (XSA-391)\n\n\nJuergen Gross reported that malicious PV backends can cause a denial\n of service to guests being serviced by those backends via high\n frequency events, even if those backends are running in a less\n privileged environment.\n* [CVE-2021-28714](https://security-tracker.debian.org/tracker/CVE-2021-28714)\n, [CVE-2021-28715](https://security-tracker.debian.org/tracker/CVE-2021-28715) (XSA-392)\n\n\nJuergen Gross discovered that Xen guests can force the Linux\n netback driver to hog large amounts of kernel memory, resulting in\n denial of service.\n* [CVE-2021-38300](https://security-tracker.debian.org/tracker/CVE-2021-38300)\nPiotr Krysiuk discovered a flaw in the classic BPF (cBPF) JIT\n compiler for MIPS architectures. A local user could exploit\n this to excute arbitrary code in the kernel.\n\n\nThis issue is mitigated by setting sysctl\n net.core.bpf\\_jit\\_enable=0, which is the default. It is \\*not\\*\n mitigated by disabling unprivileged use of eBPF.\n* [CVE-2021-39685](https://security-tracker.debian.org/tracker/CVE-2021-39685)\nSzymon Heidrich discovered a buffer overflow vulnerability in the\n USB gadget subsystem, resulting in information disclosure, denial of\n service or privilege escalation.\n* [CVE-2021-39686](https://security-tracker.debian.org/tracker/CVE-2021-39686)\nA race condition was discovered in the Android binder driver, that\n could lead to incorrect security checks. On systems where the\n binder driver is loaded, a local user could exploit this for\n privilege escalation.\n* [CVE-2021-39698](https://security-tracker.debian.org/tracker/CVE-2021-39698)\nLinus Torvalds reported a flaw in the file polling implementation,\n which could lead to a use-after-free. A local user could exploit\n this for denial of service (memory corruption or crash) or\n possibly for privilege escalation.\n* [CVE-2021-39713](https://security-tracker.debian.org/tracker/CVE-2021-39713)\nThe syzbot tool found a race condition in the network scheduling\n subsystem which could lead to a use-after-free. A local user\n could exploit this for denial of service (memory corruption or\n crash) or possibly for privilege escalation.\n* [CVE-2021-41864](https://security-tracker.debian.org/tracker/CVE-2021-41864)\nAn integer overflow was discovered in the Extended BPF (eBPF)\n subsystem. A local user could exploit this for denial of service\n (memory corruption or crash), or possibly for privilege\n escalation.\n\n\nThis can be mitigated by setting sysctl\n kernel.unprivileged\\_bpf\\_disabled=1, which disables eBPF use by\n unprivileged users.\n* [CVE-2021-42739](https://security-tracker.debian.org/tracker/CVE-2021-42739)\nA heap buffer overflow was discovered in the firedtv driver for\n FireWire-connected DVB receivers. A local user with access to a\n firedtv device could exploit this for denial of service (memory\n corruption or crash), or possibly for privilege escalation.\n* [CVE-2021-43389](https://security-tracker.debian.org/tracker/CVE-2021-43389)\nThe Active Defense Lab of Venustech discovered a flaw in the CMTP\n subsystem as used by Bluetooth, which could lead to an\n out-of-bounds read and object type confusion. A local user with\n CAP\\_NET\\_ADMIN capability in the initial user namespace could\n exploit this for denial of service (memory corruption or crash),\n or possibly for privilege escalation.\n* [CVE-2021-43975](https://security-tracker.debian.org/tracker/CVE-2021-43975)\nBrendan Dolan-Gavitt reported a flaw in the\n hw\\_atl\\_utils\\_fw\\_rpc\\_wait() function in the aQuantia AQtion ethernet\n device driver which can result in denial of service or the execution\n of arbitrary code.\n* [CVE-2021-43976](https://security-tracker.debian.org/tracker/CVE-2021-43976)\nZekun Shen and Brendan Dolan-Gavitt discovered a flaw in the\n mwifiex\\_usb\\_recv() function of the Marvell WiFi-Ex USB Driver. An\n attacker able to connect a crafted USB device can take advantage of\n this flaw to cause a denial of service.\n* [CVE-2021-44733](https://security-tracker.debian.org/tracker/CVE-2021-44733)\nA race condition was discovered in the Trusted Execution\n Environment (TEE) subsystem for Arm processors, which could lead\n to a use-after-free. A local user permitted to access a TEE\n device could exploit this for denial of service (memory corruption\n or crash) or possibly for privilege escalation.\n* [CVE-2021-45095](https://security-tracker.debian.org/tracker/CVE-2021-45095)\nIt was discovered that the Phone Network protocol (PhoNet) driver\n has a reference count leak in the pep\\_sock\\_accept() function.\n* [CVE-2021-45469](https://security-tracker.debian.org/tracker/CVE-2021-45469)\nWenqing Liu reported an out-of-bounds memory access in the f2fs\n implementation if an inode has an invalid last xattr entry. An\n attacker able to mount a specially crafted image can take advantage\n of this flaw for denial of service.\n* [CVE-2021-45480](https://security-tracker.debian.org/tracker/CVE-2021-45480)\nA memory leak flaw was discovered in the \\_\\_rds\\_conn\\_create()\n function in the RDS (Reliable Datagram Sockets) protocol subsystem.\n* [CVE-2022-0001](https://security-tracker.debian.org/tracker/CVE-2022-0001)\n(INTEL-SA-00598)\n\n\nResearchers at VUSec discovered that the Branch History Buffer in\n Intel processors can be exploited to create information side channels with speculative execution. This issue is similar to\n Spectre variant 2, but requires additional mitigations on some\n processors.\n\n\nThis can be exploited to obtain sensitive information from a\n different security context, such as from user-space to the kernel,\n or from a KVM guest to the kernel.\n* [CVE-2022-0002](https://security-tracker.debian.org/tracker/CVE-2022-0002)\n(INTEL-SA-00598)\n\n\nThis is a similar issue to [CVE-2022-0001](https://security-tracker.debian.org/tracker/CVE-2022-0001), but covers exploitation\n within a security context, such as from JIT-compiled code in a\n sandbox to hosting code in the same process.\n\n\nThis can be partly mitigated by disabling eBPF for unprivileged\n users with the sysctl: kernel.unprivileged\\_bpf\\_disabled=2. This\n update does that by default.\n* [CVE-2022-0322](https://security-tracker.debian.org/tracker/CVE-2022-0322)\nEiichi Tsukata discovered a flaw in the sctp\\_make\\_strreset\\_req()\n function in the SCTP network protocol implementation which can\n result in denial of service.\n* [CVE-2022-0330](https://security-tracker.debian.org/tracker/CVE-2022-0330)\nSushma Venkatesh Reddy discovered a missing GPU TLB flush in the\n i915 driver, resulting in denial of service or privilege escalation.\n* [CVE-2022-0435](https://security-tracker.debian.org/tracker/CVE-2022-0435)\nSamuel Page and Eric Dumazet reported a stack overflow in the\n networking module for the Transparent Inter-Process Communication\n (TIPC) protocol, resulting in denial of service or potentially the\n execution of arbitrary code.\n* [CVE-2022-0487](https://security-tracker.debian.org/tracker/CVE-2022-0487)\nA use-after-free was discovered in the MOXART SD/MMC Host Controller\n support driver. This flaw does not impact the Debian binary packages\n as CONFIG\\_MMC\\_MOXART is not set.\n* [CVE-2022-0492](https://security-tracker.debian.org/tracker/CVE-2022-0492)\nYiqi Sun and Kevin Wang reported that the cgroup-v1 subsystem does\n not properly restrict access to the release-agent feature. A local\n user can take advantage of this flaw for privilege escalation and\n bypass of namespace isolation.\n* [CVE-2022-0617](https://security-tracker.debian.org/tracker/CVE-2022-0617)\nbutt3rflyh4ck discovered a NULL pointer dereference in the UDF\n filesystem. A local user that can mount a specially crafted UDF\n image can use this flaw to crash the system.\n* [CVE-2022-22942](https://security-tracker.debian.org/tracker/CVE-2022-22942)\nIt was discovered that wrong file file descriptor handling in the\n VMware Virtual GPU driver (vmwgfx) could result in information leak\n or privilege escalation.\n* [CVE-2022-24448](https://security-tracker.debian.org/tracker/CVE-2022-24448)\nLyu Tao reported a flaw in the NFS implementation in the Linux\n kernel when handling requests to open a directory on a regular file,\n which could result in a information leak.\n* [CVE-2022-24959](https://security-tracker.debian.org/tracker/CVE-2022-24959)\nA memory leak was discovered in the yam\\_siocdevprivate() function of\n the YAM driver for AX.25, which could result in denial of service.\n* [CVE-2022-25258](https://security-tracker.debian.org/tracker/CVE-2022-25258)\nSzymon Heidrich reported the USB Gadget subsystem lacks certain\n validation of interface OS descriptor requests, resulting in memory\n corruption.\n* [CVE-2022-25375](https://security-tracker.debian.org/tracker/CVE-2022-25375)\nSzymon Heidrich reported that the RNDIS USB gadget lacks validation\n of the size of the RNDIS\\_MSG\\_SET command, resulting in information\n leak from kernel memory.\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.19.232-1~deb9u1. This update additionally includes many more bug\nfixes from stable updates 4.19.209-4.19.232 inclusive.\n\n\nWe recommend that you upgrade your linux-4.19 packages.\n\n\nFor the detailed security status of linux-4.19 please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/linux-4.19>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2022-03-09T00:00:00", "type": "osv", "title": "linux-4.19 - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28712", "CVE-2020-36322", "CVE-2021-39685", "CVE-2021-28715", "CVE-2021-4135", "CVE-2021-4002", "CVE-2021-45469", "CVE-2021-3772", "CVE-2021-4202", "CVE-2022-25375", "CVE-2022-0330", "CVE-2022-0487", "CVE-2021-43976", "CVE-2021-39713", "CVE-2022-0492", "CVE-2021-20317", "CVE-2021-43975", "CVE-2022-25258", "CVE-2021-4155", "CVE-2022-0322", "CVE-2021-22600", "CVE-2022-0001", "CVE-2021-45095", "CVE-2021-3640", "CVE-2021-38300", "CVE-2021-3760", "CVE-2022-0617", "CVE-2022-22942", "CVE-2021-3744", "CVE-2021-43389", "CVE-2021-42739", "CVE-2021-20322", "CVE-2021-39698", "CVE-2020-29374", "CVE-2022-24448", "CVE-2021-3764", "CVE-2021-3752", "CVE-2022-0435", "CVE-2021-28950", "CVE-2021-4203", "CVE-2021-39686", "CVE-2021-45480", "CVE-2021-44733", "CVE-2022-24959", "CVE-2021-28713", "CVE-2021-4083", "CVE-2021-20321", "CVE-2021-28714", "CVE-2021-41864", "CVE-2021-28711", "CVE-2022-0002"], "modified": "2022-08-29T21:22:14", "id": "OSV:DLA-2941-1", "href": "https://osv.dev/vulnerability/DLA-2941-1", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-08-29T21:13:59", "description": "\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\n\n* [CVE-2020-29374](https://security-tracker.debian.org/tracker/CVE-2020-29374)\nJann Horn of Google reported a flaw in Linux's virtual memory\n management. A parent and child process initially share all their\n memory, but when either writes to a shared page, the page is\n duplicated and unshared (copy-on-write). However, in case an\n operation such as vmsplice() required the kernel to take an\n additional reference to a shared page, and a copy-on-write occurs\n during this operation, the kernel might have accessed the wrong\n process's memory. For some programs, this could lead to an\n information leak or data corruption.\n\n\nThis issue was already fixed for most architectures, but not on\n MIPS and System z. This update corrects that.\n* [CVE-2020-36322](https://security-tracker.debian.org/tracker/CVE-2020-36322),\n [CVE-2021-28950](https://security-tracker.debian.org/tracker/CVE-2021-28950)\nThe syzbot tool found that the FUSE (filesystem-in-user-space)\n implementation did not correctly handle a FUSE server returning\n invalid attributes for a file. A local user permitted to run a\n FUSE server could use this to cause a denial of service (crash).\n\n\nThe original fix for this introduced a different potential denial\n of service (infinite loop in kernel space), which has also been\n fixed.\n* [CVE-2021-3640](https://security-tracker.debian.org/tracker/CVE-2021-3640)\nLin Ma discovered a race condiiton in the Bluetooth protocol\n implementation that can lead to a use-after-free. A local\n user could exploit this to cause a denial of service (memory\n corruption or crash) or possibly for privilege escalation.\n* [CVE-2021-3744](https://security-tracker.debian.org/tracker/CVE-2021-3744),\n [CVE-2021-3764](https://security-tracker.debian.org/tracker/CVE-2021-3764)\nminihanshen reported bugs in the ccp driver for AMD\n Cryptographic Coprocessors that could lead to a resource leak.\n On systems using this driver, a local user could exploit this to\n cause a denial of service.\n* [CVE-2021-3752](https://security-tracker.debian.org/tracker/CVE-2021-3752)\nLikang Luo of NSFOCUS Security Team discovered a flaw in the\n Bluetooth L2CAP implementation that can lead to a user-after-free.\n A local user could exploit this to cause a denial of service\n (memory corruption or crash) or possibly for privilege escalation.\n* [CVE-2021-3760](https://security-tracker.debian.org/tracker/CVE-2021-3760),\n [CVE-2021-4202](https://security-tracker.debian.org/tracker/CVE-2021-4202)\nLin Ma discovered race conditions in the NCI (NFC Controller\n Interface) driver, which could lead to a use-after-free. A local\n user could exploit this to cause a denial of service (memory\n corruption or crash) or possibly for privilege escalation.\n\n\nThis driver is not enabled in Debian's official kernel\n configurations.\n* [CVE-2021-3772](https://security-tracker.debian.org/tracker/CVE-2021-3772)\nA flaw was found in the SCTP protocol implementation, which would\n allow a networked attacker to break an SCTP association. The\n attacker would only need to know or guess the IP addresses and\n ports for the association.\n* [CVE-2021-4002](https://security-tracker.debian.org/tracker/CVE-2021-4002)\nIt was discovered that hugetlbfs, the virtual filesystem used by\n applications to allocate huge pages in RAM, did not flush the\n CPU's TLB in one case where it was necessary. In some\n circumstances a local user would be able to read and write huge\n pages after they are freed and reallocated to a different process.\n This could lead to privilege escalation, denial of service or\n information leaks.\n* [CVE-2021-4083](https://security-tracker.debian.org/tracker/CVE-2021-4083)\nJann Horn reported a race condition in the local (Unix) sockets\n garbage collector, that can lead to use-after-free. A local user\n could exploit this to cause a denial of service (memory corruption\n or crash) or possibly for privilege escalation.\n* [CVE-2021-4135](https://security-tracker.debian.org/tracker/CVE-2021-4135)\nA flaw was found in the netdevsim driver which would lead to an\n information leak.\n\n\nThis driver is not enabled in Debian's official kernel\n configurations.\n* [CVE-2021-4155](https://security-tracker.debian.org/tracker/CVE-2021-4155)\nKirill Tkhai discovered a data leak in the way the XFS\\_IOC\\_ALLOCSP\n IOCTL in the XFS filesystem allowed for a size increase of files\n with unaligned size. A local attacker can take advantage of this\n flaw to leak data on the XFS filesystem.\n* [CVE-2021-4203](https://security-tracker.debian.org/tracker/CVE-2021-4203)\nJann Horn reported a race condition in the local (Unix) sockets\n implementation that can lead to a use-after-free. A local user\n could exploit this to leak sensitive information from the kernel.\n* [CVE-2021-20317](https://security-tracker.debian.org/tracker/CVE-2021-20317)\nIt was discovered that the timer queue structure could become\n corrupt, leading to waiting tasks never being woken up. A local\n user with certain privileges could exploit this to cause a denial\n of service (system hang).\n* [CVE-2021-20321](https://security-tracker.debian.org/tracker/CVE-2021-20321)\nA race condition was discovered in the overlayfs filesystem\n driver. A local user with access to an overlayfs mount and to its\n underlying upper directory could exploit this for privilege\n escalation.\n* [CVE-2021-20322](https://security-tracker.debian.org/tracker/CVE-2021-20322)\nAn information leak was discovered in the IPv4 implementation. A\n remote attacker could exploit this to quickly discover which UDP\n ports a system is using, making it easier for them to carry out a\n DNS poisoning attack against that system.\n* [CVE-2021-22600](https://security-tracker.debian.org/tracker/CVE-2021-22600)\nThe syzbot tool found a flaw in the packet socket (AF\\_PACKET)\n implementation which could lead to incorrectly freeing memory. A\n local user with CAP\\_NET\\_RAW capability (in any user namespace)\n could exploit this for denial of service (memory corruption or\n crash) or possibly for privilege escalation.\n* [CVE-2021-28711](https://security-tracker.debian.org/tracker/CVE-2021-28711),\n [CVE-2021-28712](https://security-tracker.debian.org/tracker/CVE-2021-28712),\n [CVE-2021-28713](https://security-tracker.debian.org/tracker/CVE-2021-28713) (XSA-391)\n\n Juergen Gross reported that malicious PV backends can cause a denial\n of service to guests being serviced by those backends via high\n frequency events, even if those backends are running in a less\n privileged environment.\n* [CVE-2021-28714](https://security-tracker.debian.org/tracker/CVE-2021-28714),\n [CVE-2021-28715](https://security-tracker.debian.org/tracker/CVE-2021-28715) (XSA-392)\n\n Juergen Gross discovered that Xen guests can force the Linux\n netback driver to hog large amounts of kernel memory, resulting in\n denial of service.\n* [CVE-2021-38300](https://security-tracker.debian.org/tracker/CVE-2021-38300)\nPiotr Krysiuk discovered a flaw in the classic BPF (cBPF) JIT\n compiler for MIPS architectures. A local user could exploit\n this to excute arbitrary code in the kernel.\n\n\nThis issue is mitigated by setting sysctl\n net.core.bpf\\_jit\\_enable=0, which is the default. It is \\*not\\*\n mitigated by disabling unprivileged use of eBPF.\n* [CVE-2021-39685](https://security-tracker.debian.org/tracker/CVE-2021-39685)\nSzymon Heidrich discovered a buffer overflow vulnerability in the\n USB gadget subsystem, resulting in information disclosure, denial of\n service or privilege escalation.\n* [CVE-2021-39686](https://security-tracker.debian.org/tracker/CVE-2021-39686)\nA race condition was discovered in the Android binder driver, that\n could lead to incorrect security checks. On systems where the\n binder driver is loaded, a local user could exploit this for\n privilege escalation.\n* [CVE-2021-39698](https://security-tracker.debian.org/tracker/CVE-2021-39698)\nLinus Torvalds reported a flaw in the file polling implementation,\n which could lead to a use-after-free. A local user could exploit\n this for denial of service (memory corruption or crash) or\n possibly for privilege escalation.\n* [CVE-2021-39713](https://security-tracker.debian.org/tracker/CVE-2021-39713)\nThe syzbot tool found a race condition in the network scheduling\n subsystem which could lead to a use-after-free. A local user\n could exploit this for denial of service (memory corruption or\n crash) or possibly for privilege escalation.\n* [CVE-2021-41864](https://security-tracker.debian.org/tracker/CVE-2021-41864)\nAn integer overflow was discovered in the Extended BPF (eBPF)\n subsystem. A local user could exploit this for denial of service\n (memory corruption or crash), or possibly for privilege\n escalation.\n\n\nThis can be mitigated by setting sysctl\n kernel.unprivileged\\_bpf\\_disabled=1, which disables eBPF use by\n unprivileged users.\n* [CVE-2021-42739](https://security-tracker.debian.org/tracker/CVE-2021-42739)\nA heap buffer overflow was discovered in the firedtv driver for\n FireWire-connected DVB receivers. A local user with access to a\n firedtv device could exploit this for denial of service (memory\n corruption or crash), or possibly for privilege escalation.\n* [CVE-2021-43389](https://security-tracker.debian.org/tracker/CVE-2021-43389)\nThe Active Defense Lab of Venustech discovered a flaw in the CMTP\n subsystem as used by Bluetooth, which could lead to an\n out-of-bounds read and object type confusion. A local user with\n CAP\\_NET\\_ADMIN capability in the initial user namespace could\n exploit this for denial of service (memory corruption or crash),\n or possibly for privilege escalation.\n* [CVE-2021-43975](https://security-tracker.debian.org/tracker/CVE-2021-43975)\nBrendan Dolan-Gavitt reported a flaw in the\n hw\\_atl\\_utils\\_fw\\_rpc\\_wait() function in the aQuantia AQtion ethernet\n device driver which can result in denial of service or the execution\n of arbitrary code.\n* [CVE-2021-43976](https://security-tracker.debian.org/tracker/CVE-2021-43976)\nZekun Shen and Brendan Dolan-Gavitt discovered a flaw in the\n mwifiex\\_usb\\_recv() function of the Marvell WiFi-Ex USB Driver. An\n attacker able to connect a crafted USB device can take advantage of\n this flaw to cause a denial of service.\n* [CVE-2021-44733](https://security-tracker.debian.org/tracker/CVE-2021-44733)\nA race condition was discovered in the Trusted Execution\n Environment (TEE) subsystem for Arm processors, which could lead\n to a use-after-free. A local user permitted to access a TEE\n device could exploit this for denial of service (memory corruption\n or crash) or possibly for privilege escalation.\n* [CVE-2021-45095](https://security-tracker.debian.org/tracker/CVE-2021-45095)\nIt was discovered that the Phone Network protocol (PhoNet) driver\n has a reference count leak in the pep\\_sock\\_accept() function.\n* [CVE-2021-45469](https://security-tracker.debian.org/tracker/CVE-2021-45469)\nWenqing Liu reported an out-of-bounds memory access in the f2fs\n implementation if an inode has an invalid last xattr entry. An\n attacker able to mount a specially crafted image can take advantage\n of this flaw for denial of service.\n* [CVE-2021-45480](https://security-tracker.debian.org/tracker/CVE-2021-45480)\nA memory leak flaw was discovered in the \\_\\_rds\\_conn\\_create()\n function in the RDS (Reliable Datagram Sockets) protocol subsystem.\n* [CVE-2022-0001](https://security-tracker.debian.org/tracker/CVE-2022-0001) (INTEL-SA-00598)\n\n Researchers at VUSec discovered that the Branch History Buffer in\n Intel processors can be exploited to create information side\n channels with speculative execution. This issue is similar to\n Spectre variant 2, but requires additional mitigations on some\n processors.\n\n\nThis can be exploited to obtain sensitive information from a\n different security context, such as from user-space to the kernel,\n or from a KVM guest to the kernel.\n* [CVE-2022-0002](https://security-tracker.debian.org/tracker/CVE-2022-0002) (INTEL-SA-00598)\n\n This is a similar issue to\n [\\\n CVE-2022-0001](https://security-tracker.debian.org/tracker/CVE-2022-0001), but covers exploitation\n within a security context, such as from JIT-compiled code in a\n sandbox to hosting code in the same process.\n\n\nThis can be partly mitigated by disabling eBPF for unprivileged\n users with the sysctl: kernel.unprivileged\\_bpf\\_disabled=2. This\n update does that by default.\n* [CVE-2022-0322](https://security-tracker.debian.org/tracker/CVE-2022-0322)\nEiichi Tsukata discovered a flaw in the sctp\\_make\\_strreset\\_req()\n function in the SCTP network protocol implementation which can\n result in denial of service.\n* [CVE-2022-0330](https://security-tracker.debian.org/tracker/CVE-2022-0330)\nSushma Venkatesh Reddy discovered a missing GPU TLB flush in the\n i915 driver, resulting in denial of service or privilege escalation.\n* [CVE-2022-0435](https://security-tracker.debian.org/tracker/CVE-2022-0435)\nSamuel Page and Eric Dumazet reported a stack overflow in the\n networking module for the Transparent Inter-Process Communication\n (TIPC) protocol, resulting in denial of service or potentially the\n execution of arbitrary code.\n* [CVE-2022-0487](https://security-tracker.debian.org/tracker/CVE-2022-0487)\nA use-after-free was discovered in the MOXART SD/MMC Host Controller\n support driver. This flaw does not impact the Debian binary packages\n as CONFIG\\_MMC\\_MOXART is not set.\n* [CVE-2022-0492](https://security-tracker.debian.org/tracker/CVE-2022-0492)\nYiqi Sun and Kevin Wang reported that the cgroup-v1 subsystem does\n not properly restrict access to the release-agent feature. A local\n user can take advantage of this flaw for privilege escalation and\n bypass of namespace isolation.\n* [CVE-2022-0617](https://security-tracker.debian.org/tracker/CVE-2022-0617)\nbutt3rflyh4ck discovered a NULL pointer dereference in the UDF\n filesystem. A local user that can mount a specially crafted UDF\n image can use this flaw to crash the system.\n* [CVE-2022-22942](https://security-tracker.debian.org/tracker/CVE-2022-22942)\nIt was discovered that wrong file file descriptor handling in the\n VMware Virtual GPU driver (vmwgfx) could result in information leak\n or privilege escalation.\n* [CVE-2022-24448](https://security-tracker.debian.org/tracker/CVE-2022-24448)\nLyu Tao reported a flaw in the NFS implementation in the Linux\n kernel when handling requests to open a directory on a regular file,\n which could result in a information leak.\n* [CVE-2022-24959](https://security-tracker.debian.org/tracker/CVE-2022-24959)\nA memory leak was discovered in the yam\\_siocdevprivate() function of\n the YAM driver for AX.25, which could result in denial of service.\n* [CVE-2022-25258](https://security-tracker.debian.org/tracker/CVE-2022-25258)\nSzymon Heidrich reported the USB Gadget subsystem lacks certain\n validation of interface OS descriptor requests, resulting in memory\n corruption.\n* [CVE-2022-25375](https://security-tracker.debian.org/tracker/CVE-2022-25375)\nSzymon Heidrich reported that the RNDIS USB gadget lacks validation\n of the size of the RNDIS\\_MSG\\_SET command, resulting in information\n leak from kernel memory.\n\n\nFor the oldstable distribution (buster), these problems have been\nfixed in version 4.19.232-1. This update additionally includes many\nmore bug fixes from stable updates 4.19.209-4.19.232 inclusive.\n\n\nWe recommend that you upgrade your linux packages.\n\n\nFor the detailed security status of linux please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/linux](https://security-tracker.debian.org/tracker/linux)\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2022-03-09T00:00:00", "type": "osv", "title": "linux - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28712", "CVE-2020-36322", "CVE-2021-39685", "CVE-2021-28715", "CVE-2021-4135", "CVE-2021-4002", "CVE-2021-45469", "CVE-2021-3772", "CVE-2021-4202", "CVE-2022-25375", "CVE-2022-0330", "CVE-2022-0487", "CVE-2021-43976", "CVE-2021-39713", "CVE-2022-0492", "CVE-2021-20317", "CVE-2021-43975", "CVE-2022-25258", "CVE-2021-4155", "CVE-2022-0322", "CVE-2021-22600", "CVE-2022-0001", "CVE-2021-45095", "CVE-2021-3640", "CVE-2021-38300", "CVE-2021-3760", "CVE-2022-0617", "CVE-2022-22942", "CVE-2021-3744", "CVE-2021-43389", "CVE-2021-42739", "CVE-2021-20322", "CVE-2021-39698", "CVE-2020-29374", "CVE-2022-24448", "CVE-2021-3764", "CVE-2021-3752", "CVE-2022-0435", "CVE-2021-28950", "CVE-2021-4203", "CVE-2021-39686", "CVE-2021-45480", "CVE-2021-44733", "CVE-2022-24959", "CVE-2021-28713", "CVE-2021-4083", "CVE-2021-20321", "CVE-2021-28714", "CVE-2021-41864", "CVE-2021-28711", "CVE-2022-0002"], "modified": "2022-08-29T21:13:57", "id": "OSV:DSA-5096-1", "href": "https://osv.dev/vulnerability/DSA-5096-1", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-07-21T08:14:30", "description": "\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\n\n* [CVE-2021-3640](https://security-tracker.debian.org/tracker/CVE-2021-3640)\nLinMa of BlockSec Team discovered a race condition in the\n Bluetooth SCO implementation that can lead to a use-after-free. A\n local user could exploit this to cause a denial of service (memory\n corruption or crash) or possibly for privilege escalation.\n* [CVE-2021-3752](https://security-tracker.debian.org/tracker/CVE-2021-3752)\nLikang Luo of NSFOCUS Security Team discovered a flaw in the\n Bluetooth L2CAP implementation that can lead to a user-after-free.\n A local user could exploit this to cause a denial of service\n (memory corruption or crash) or possibly for privilege escalation.\n* [CVE-2021-4002](https://security-tracker.debian.org/tracker/CVE-2021-4002)\nIt was discovered that hugetlbfs, the virtual filesystem used by\n applications to allocate huge pages in RAM, did not flush the\n CPU's TLB in one case where it was necessary. In some\n circumstances a local user would be able to read and write huge\n pages after they are freed and reallocated to a different process.\n This could lead to privilege escalation, denial of service or\n information leaks.\n* [CVE-2021-4083](https://security-tracker.debian.org/tracker/CVE-2021-4083)\nJann Horn reported a race condition in the local (Unix) sockets\n garbage collector, that can lead to use-after-free. A local user\n could exploit this to cause a denial of service (memory corruption\n or crash) or possibly for privilege escalation.\n* [CVE-2021-4155](https://security-tracker.debian.org/tracker/CVE-2021-4155)\nKirill Tkhai discovered a data leak in the way the XFS\\_IOC\\_ALLOCSP\n IOCTL in the XFS filesystem allowed for a size increase of files\n with unaligned size. A local attacker can take advantage of this\n flaw to leak data on the XFS filesystem.\n* [CVE-2021-4202](https://security-tracker.debian.org/tracker/CVE-2021-4202)\nLin Ma discovered a race condition in the NCI (NFC Controller\n Interface) driver, which could lead to a use-after-free. A local\n user could exploit this to cause a denial of service (memory\n corruption or crash) or possibly for privilege escalation.\n\n\nThis protocol is not enabled in Debian's official kernel\n configurations.\n* [CVE-2021-28711](https://security-tracker.debian.org/tracker/CVE-2021-28711)\n, [CVE-2021-28712](https://security-tracker.debian.org/tracker/CVE-2021-28712), [CVE-2021-28713](https://security-tracker.debian.org/tracker/CVE-2021-28713) (XSA-391)\n\n\nJuergen Gross reported that malicious PV backends can cause a denial\n of service to guests being serviced by those backends via high\n frequency events, even if those backends are running in a less\n privileged environment.\n* [CVE-2021-28714](https://security-tracker.debian.org/tracker/CVE-2021-28714)\n, [CVE-2021-28715](https://security-tracker.debian.org/tracker/CVE-2021-28715) (XSA-392)\n\n\nJuergen Gross discovered that Xen guests can force the Linux\n netback driver to hog large amounts of kernel memory, resulting in\n denial of service.\n* [CVE-2021-29264](https://security-tracker.debian.org/tracker/CVE-2021-29264)\nIt was discovered that the gianfar Ethernet driver used with\n some Freescale SoCs did not correctly handle a Rx queue overrun\n when jumbo packets were enabled. On systems using this driver and\n jumbo packets, an attacker on the network could exploit this to\n cause a denial of service (crash).\n\n\nThis driver is not enabled in Debian's official kernel\n configurations.\n* [CVE-2021-33033](https://security-tracker.debian.org/tracker/CVE-2021-33033)\nThe syzbot tool found a reference counting bug in the CIPSO\n implementation that can lead to a use-after-free.\n\n\nThis protocol is not enabled in Debian's official kernel\n configurations.\n* [CVE-2021-39685](https://security-tracker.debian.org/tracker/CVE-2021-39685)\nSzymon Heidrich discovered a buffer overflow vulnerability in the\n USB gadget subsystem, resulting in information disclosure, denial of\n service or privilege escalation.\n* [CVE-2021-39686](https://security-tracker.debian.org/tracker/CVE-2021-39686)\nA race condition was discovered in the Android binder driver, that\n could lead to incorrect security checks. On systems where the\n binder driver is loaded, a local user could exploit this for\n privilege escalation.\n\n\nThis driver is not enabled in Debian's official kernel\n configurations.\n* [CVE-2021-39698](https://security-tracker.debian.org/tracker/CVE-2021-39698)\nLinus Torvalds reported a flaw in the file polling implementation,\n which could lead to a use-after-free. A local user could exploit\n this for denial of service (memory corruption or crash) or\n possibly for privilege escalation.\n* [CVE-2021-39714](https://security-tracker.debian.org/tracker/CVE-2021-39714)\nA potential reference count overflow was found in the Android Ion\n driver. On systems where the Ion driver is loaded, a local user\n could exploit this for denial of service (memory corruption or\n crash) or possibly for privilege escalation.\n\n\nThis driver is not enabled in Debian's official kernel\n configurations.\n* [CVE-2021-43976](https://security-tracker.debian.org/tracker/CVE-2021-43976)\nZekun Shen and Brendan Dolan-Gavitt discovered a flaw in the\n mwifiex\\_usb\\_recv() function of the Marvell WiFi-Ex USB Driver. An\n attacker able to connect a crafted USB device can take advantage of\n this flaw to cause a denial of service.\n* [CVE-2021-45095](https://security-tracker.debian.org/tracker/CVE-2021-45095)\nIt was discovered that the Phone Network protocol (PhoNet) driver\n has a reference count leak in the pep\\_sock\\_accept() function.\n* [CVE-2022-0001](https://security-tracker.debian.org/tracker/CVE-2022-0001)\n(INTEL-SA-00598)\n\n\nResearchers at VUSec discovered that the Branch History Buffer in\n Intel processors can be exploited to create information side channels with speculative execution. This issue is similar to\n Spectre variant 2, but requires additional mitigations on some\n processors.\n\n\nThis can be exploited to obtain sensitive information from a\n different security context, such as from user-space to the kernel,\n or from a KVM guest to the kernel.\n* [CVE-2022-0002](https://security-tracker.debian.org/tracker/CVE-2022-0002)\n(INTEL-SA-00598)\n\n\nThis is a similar issue to [CVE-2022-0001](https://security-tracker.debian.org/tracker/CVE-2022-0001), but covers exploitation\n within a security context, such as from JIT-compiled code in a\n sandbox to hosting code in the same process.\n\n\nThis can be partly mitigated by disabling eBPF for unprivileged\n users with the sysctl: kernel.unprivileged\\_bpf\\_disabled=2. This\n update does that by default.\n* [CVE-2022-0330](https://security-tracker.debian.org/tracker/CVE-2022-0330)\nSushma Venkatesh Reddy discovered a missing GPU TLB flush in the\n i915 driver, resulting in denial of service or privilege escalation.\n* [CVE-2022-0435](https://security-tracker.debian.org/tracker/CVE-2022-0435)\nSamuel Page and Eric Dumazet reported a stack overflow in the\n networking module for the Transparent Inter-Process Communication\n (TIPC) protocol, resulting in denial of service or potentially the\n execution of arbitrary code.\n* [CVE-2022-0487](https://security-tracker.debian.org/tracker/CVE-2022-0487)\nA use-after-free was discovered in the MOXART SD/MMC Host Controller\n support driver. This flaw does not impact the Debian binary packages\n as CONFIG\\_MMC\\_MOXART is not set.\n* [CVE-2022-0492](https://security-tracker.debian.org/tracker/CVE-2022-0492)\nYiqi Sun and Kevin Wang reported that the cgroup-v1 subsystem does\n not properly restrict access to the release-agent feature. A local\n user can take advantage of this flaw for privilege escalation and\n bypass of namespace isolation.\n* [CVE-2022-0617](https://security-tracker.debian.org/tracker/CVE-2022-0617)\nbutt3rflyh4ck discovered a NULL pointer dereference in the UDF\n filesystem. A local user that can mount a specially crafted UDF\n image can use this flaw to crash the system.\n* [CVE-2022-24448](https://security-tracker.debian.org/tracker/CVE-2022-24448)\nLyu Tao reported a flaw in the NFS implementation in the Linux\n kernel when handling requests to open a directory on a regular file,\n which could result in a information leak.\n* [CVE-2022-25258](https://security-tracker.debian.org/tracker/CVE-2022-25258)\nSzymon Heidrich reported the USB Gadget subsystem lacks certain\n validation of interface OS descriptor requests, resulting in memory\n corruption.\n* [CVE-2022-25375](https://security-tracker.debian.org/tracker/CVE-2022-25375)\nSzymon Heidrich reported that the RNDIS USB gadget lacks validation\n of the size of the RNDIS\\_MSG\\_SET command, resulting in information\n leak from kernel memory.\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.9.303-1. This update additionally includes many more bug fixes from\nstable updates 4.9.291-4.9.303 inclusive.\n\n\nWe recommend that you upgrade your linux packages.\n\n\nFor the detailed security status of linux please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/linux>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2022-03-09T00:00:00", "type": "osv", "title": "linux - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28712", "CVE-2021-39685", "CVE-2021-28715", "CVE-2021-4002", "CVE-2021-4202", "CVE-2022-25375", "CVE-2022-0330", "CVE-2022-0487", "CVE-2021-43976", "CVE-2022-0492", "CVE-2022-25258", "CVE-2021-4155", "CVE-2021-29264", "CVE-2021-33033", "CVE-2022-0001", "CVE-2021-45095", "CVE-2021-3640", "CVE-2022-0617", "CVE-2021-39698", "CVE-2022-24448", "CVE-2021-3752", "CVE-2022-0435", "CVE-2021-39686", "CVE-2021-28713", "CVE-2021-4083", "CVE-2021-28714", "CVE-2021-28711", "CVE-2022-0002", "CVE-2021-39714"], "modified": "2022-07-21T05:54:05", "id": "OSV:DLA-2940-1", "href": "https://osv.dev/vulnerability/DLA-2940-1", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-28T06:37:19", "description": "\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\n\n* [CVE-2021-4155](https://security-tracker.debian.org/tracker/CVE-2021-4155)\nKirill Tkhai discovered a data leak in the way the XFS\\_IOC\\_ALLOCSP\n IOCTL in the XFS filesystem allowed for a size increase of files\n with unaligned size. A local attacker can take advantage of this\n flaw to leak data on the XFS filesystem.\n* [CVE-2021-28711](https://security-tracker.debian.org/tracker/CVE-2021-28711), [CVE-2021-28712](https://security-tracker.debian.org/tracker/CVE-2021-28712), [CVE-2021-28713](https://security-tracker.debian.org/tracker/CVE-2021-28713) (XSA-391)\n\n Juergen Gross reported that malicious PV backends can cause a denial\n of service to guests being serviced by those backends via high\n frequency events, even if those backends are running in a less\n privileged environment.\n* [CVE-2021-28714](https://security-tracker.debian.org/tracker/CVE-2021-28714), [CVE-2021-28715](https://security-tracker.debian.org/tracker/CVE-2021-28715) (XSA-392)\n\n Juergen Gross discovered that Xen guests can force the Linux\n netback driver to hog large amounts of kernel memory, resulting in\n denial of service.\n* [CVE-2021-39685](https://security-tracker.debian.org/tracker/CVE-2021-39685)\nSzymon Heidrich discovered a buffer overflow vulnerability in the\n USB gadget subsystem, resulting in information disclosure, denial of\n service or privilege escalation.\n* [CVE-2021-45095](https://security-tracker.debian.org/tracker/CVE-2021-45095)\nIt was discovered that the Phone Network protocol (PhoNet) driver\n has a reference count leak in the pep\\_sock\\_accept() function.\n* [CVE-2021-45469](https://security-tracker.debian.org/tracker/CVE-2021-45469)\nWenqing Liu reported an out-of-bounds memory access in the f2fs\n implementation if an inode has an invalid last xattr entry. An\n attacker able to mount a specially crafted image can take advantage\n of this flaw for denial of service.\n* [CVE-2021-45480](https://security-tracker.debian.org/tracker/CVE-2021-45480)\nA memory leak flaw was discovered in the \\_\\_rds\\_conn\\_create()\n function in the RDS (Reliable Datagram Sockets) protocol subsystem.\n* [CVE-2022-0185](https://security-tracker.debian.org/tracker/CVE-2022-0185)\nWilliam Liu, Jamie Hill-Daniel, Isaac Badipe, Alec Petridis, Hrvoje\n Misetic and Philip Papurt discovered a heap-based buffer overflow\n flaw in the legacy\\_parse\\_param function in the Filesystem Context\n functionality, allowing an local user (with CAP\\_SYS\\_ADMIN capability\n in the current namespace) to escalate privileges.\n* [CVE-2022-23222](https://security-tracker.debian.org/tracker/CVE-2022-23222)\ntr3e discovered that the BPF verifier does not properly restrict\n several \\*\\_OR\\_NULL pointer types allowing these types to do pointer\n arithmetic. A local user with the ability to call bpf(), can take\n advantage of this flaw to excalate privileges. Unprivileged calls to\n bpf() are disabled by default in Debian, mitigating this flaw.\n\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 5.10.92-1. This version includes changes which were aimed to\nland in the next Debian bullseye point release.\n\n\nWe recommend that you upgrade your linux packages.\n\n\nFor the detailed security status of linux please refer to its security\ntracker page at:\n<https://security-tracker.debian.org/tracker/linux>\n\n\n", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-20T00:00:00", "type": "osv", "title": "linux - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28711", "CVE-2021-28712", "CVE-2021-28713", "CVE-2021-28714", "CVE-2021-28715", "CVE-2021-39685", "CVE-2021-4155", "CVE-2021-45095", "CVE-2021-45469", "CVE-2021-45480", "CVE-2022-0185", "CVE-2022-23222"], "modified": "2023-06-28T06:36:23", "id": "OSV:DSA-5050-1", "href": "https://osv.dev/vulnerability/DSA-5050-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-10T07:20:53", "description": "\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\n\n* [CVE-2021-43976](https://security-tracker.debian.org/tracker/CVE-2021-43976)\nZekun Shen and Brendan Dolan-Gavitt discovered a flaw in the\n mwifiex\\_usb\\_recv() function of the Marvell WiFi-Ex USB Driver. An\n attacker able to connect a crafted USB device can take advantage of\n this flaw to cause a denial of service.\n* [CVE-2022-0330](https://security-tracker.debian.org/tracker/CVE-2022-0330)\nSushma Venkatesh Reddy discovered a missing GPU TLB flush in the\n i915 driver, resulting in denial of service or privilege escalation.\n* [CVE-2022-0435](https://security-tracker.debian.org/tracker/CVE-2022-0435)\nSamuel Page and Eric Dumazet reported a stack overflow in the\n networking module for the Transparent Inter-Process Communication\n (TIPC) protocol, resulting in denial of service or potentially the\n execution of arbitrary code.\n* [CVE-2022-0516](https://security-tracker.debian.org/tracker/CVE-2022-0516)\nIt was discovered that an insufficient check in the KVM subsystem\n for s390x could allow unauthorized memory read or write access.\n* [CVE-2022-0847](https://security-tracker.debian.org/tracker/CVE-2022-0847)\nMax Kellermann discovered a flaw in the handling of pipe buffer\n flags. An attacker can take advantage of this flaw for local\n privilege escalation.\n* [CVE-2022-22942](https://security-tracker.debian.org/tracker/CVE-2022-22942)\nIt was discovered that wrong file descriptor handling in the\n VMware Virtual GPU driver (vmwgfx) could result in information leak\n or privilege escalation.\n* [CVE-2022-24448](https://security-tracker.debian.org/tracker/CVE-2022-24448)\nLyu Tao reported a flaw in the NFS implementation in the Linux\n kernel when handling requests to open a directory on a regular file,\n which could result in a information leak.\n* [CVE-2022-24959](https://security-tracker.debian.org/tracker/CVE-2022-24959)\nA memory leak was discovered in the yam\\_siocdevprivate() function of\n the YAM driver for AX.25, which could result in denial of service.\n* [CVE-2022-25258](https://security-tracker.debian.org/tracker/CVE-2022-25258)\nSzymon Heidrich reported the USB Gadget subsystem lacks certain\n validation of interface OS descriptor requests, resulting in memory\n corruption.\n* [CVE-2022-25375](https://security-tracker.debian.org/tracker/CVE-2022-25375)\nSzymon Heidrich reported that the RNDIS USB gadget lacks validation\n of the size of the RNDIS\\_MSG\\_SET command, resulting in information\n leak from kernel memory.\n\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 5.10.92-2.\n\n\nWe recommend that you upgrade your linux packages.\n\n\nFor the detailed security status of linux please refer to its security\ntracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/linux](https://security-tracker.debian.org/tracker/linux)\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2022-03-07T00:00:00", "type": "osv", "title": "linux - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-25375", "CVE-2022-0330", "CVE-2021-43976", "CVE-2022-25258", "CVE-2022-22942", "CVE-2022-0847", "CVE-2022-24448", "CVE-2022-0516", "CVE-2022-0435", "CVE-2022-24959"], "modified": "2022-08-10T07:20:49", "id": "OSV:DSA-5092-1", "href": "https://osv.dev/vulnerability/DSA-5092-1", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-08-10T07:20:53", "description": "\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\n\n* [CVE-2020-36310](https://security-tracker.debian.org/tracker/CVE-2020-36310)\nA flaw was discovered in the KVM implementation for AMD processors,\n which could lead to an infinite loop. A malicious VM guest could\n exploit this to cause a denial of service.\n* [CVE-2022-0001](https://security-tracker.debian.org/tracker/CVE-2022-0001) (INTEL-SA-00598)\n\n Researchers at VUSec discovered that the Branch History Buffer in\n Intel processors can be exploited to create information side channels with speculative execution. This issue is similar to\n Spectre variant 2, but requires additional mitigations on some\n processors.\n\n\nThis can be exploited to obtain sensitive information from a\n different security context, such as from user-space to the kernel,\n or from a KVM guest to the kernel.\n* [CVE-2022-0002](https://security-tracker.debian.org/tracker/CVE-2022-0002) (INTEL-SA-00598)\n\n This is a similar issue to [CVE-2022-0001](https://security-tracker.debian.org/tracker/CVE-2022-0001), but covers exploitation\n within a security context, such as from JIT-compiled code in a\n sandbox to hosting code in the same process.\n\n\nThis is partly mitigated by disabling eBPF for unprivileged users\n with the sysctl: kernel.unprivileged\\_bpf\\_disabled=2. This is\n already the default in Debian 11 bullseye.\n* [CVE-2022-0487](https://security-tracker.debian.org/tracker/CVE-2022-0487)\nA use-after-free was discovered in the MOXART SD/MMC Host Controller\n support driver. This flaw does not impact the Debian binary packages\n as CONFIG\\_MMC\\_MOXART is not set.\n* [CVE-2022-0492](https://security-tracker.debian.org/tracker/CVE-2022-0492)\nYiqi Sun and Kevin Wang reported that the cgroup-v1 subsystem does\n not properly restrict access to the release-agent feature. A local\n user can take advantage of this flaw for privilege escalation and\n bypass of namespace isolation.\n* [CVE-2022-0617](https://security-tracker.debian.org/tracker/CVE-2022-0617)\nbutt3rflyh4ck discovered a NULL pointer dereference in the UDF\n filesystem. A local user that can mount a specially crafted UDF\n image can use this flaw to crash the system.\n* [CVE-2022-25636](https://security-tracker.debian.org/tracker/CVE-2022-25636)\nNick Gregory reported a heap out-of-bounds write flaw in the\n netfilter subsystem. A user with the CAP\\_NET\\_ADMIN capability could\n use this for denial of service or possibly for privilege escalation.\n\n\nFor the stable distribution (bullseye), these problems have been fixed\nin version 5.10.103-1. This update additionally includes many more\nbug fixes from stable updates 5.10.93-5.10.103 inclusive.\n\n\nWe recommend that you upgrade your linux packages.\n\n\nFor the detailed security status of linux please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/linux](https://security-tracker.debian.org/tracker/linux)\n\n\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2022-03-09T00:00:00", "type": "osv", "title": "linux - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0487", "CVE-2022-0492", "CVE-2020-36310", "CVE-2022-0001", "CVE-2022-0617", "CVE-2022-25636", "CVE-2022-0002"], "modified": "2022-08-10T07:20:49", "id": "OSV:DSA-5095-1", "href": "https://osv.dev/vulnerability/DSA-5095-1", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2023-12-03T18:42:44", "description": "## Releases\n\n * Ubuntu 18.04 ESM\n * Ubuntu 16.04 ESM\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-aws-hwe \\- Linux kernel for Amazon Web Services (AWS-HWE) systems\n * linux-azure \\- Linux kernel for Microsoft Azure Cloud systems\n * linux-azure-4.15 \\- Linux kernel for Microsoft Azure Cloud systems\n * linux-dell300x \\- Linux kernel for Dell 300x platforms\n * linux-gcp \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-gcp-4.15 \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-hwe \\- Linux hardware enablement (HWE) kernel\n * linux-kvm \\- Linux kernel for cloud environments\n * linux-oracle \\- Linux kernel for Oracle Cloud systems\n * linux-raspi2 \\- Linux kernel for Raspberry Pi systems\n * linux-snapdragon \\- Linux kernel for Qualcomm Snapdragon processors\n\nIt was discovered that the Packet network protocol implementation in the \nLinux kernel contained a double-free vulnerability. A local attacker could \nuse this to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2021-22600)\n\nJ\u00fcrgen Gro\u00df discovered that the Xen subsystem within the Linux kernel did \nnot adequately limit the number of events driver domains (unprivileged PV \nbackends) could send to other guest VMs. An attacker in a driver domain \ncould use this to cause a denial of service in other guest VMs. \n(CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\nJ\u00fcrgen Gro\u00df discovered that the Xen network backend driver in the Linux \nkernel did not adequately limit the amount of queued packets when a guest \ndid not process them. An attacker in a guest VM can use this to cause a \ndenial of service (excessive kernel memory consumption) in the network \nbackend domain. (CVE-2021-28714, CVE-2021-28715)\n\nSzymon Heidrich discovered that the USB Gadget subsystem in the Linux \nkernel did not properly restrict the size of control requests for certain \ngadget types, leading to possible out of bounds reads or writes. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2021-39685)\n\nJann Horn discovered a race condition in the Unix domain socket \nimplementation in the Linux kernel that could result in a read-after-free. \nA local attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2021-4083)\n\nKirill Tkhai discovered that the XFS file system implementation in the \nLinux kernel did not calculate size correctly when pre-allocating space in \nsome situations. A local attacker could use this to expose sensitive \ninformation. (CVE-2021-4155)\n\nLin Ma discovered that the NFC Controller Interface (NCI) implementation in \nthe Linux kernel contained a race condition, leading to a use-after-free \nvulnerability. A local attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2021-4202)\n\nSushma Venkatesh Reddy discovered that the Intel i915 graphics driver in \nthe Linux kernel did not perform a GPU TLB flush in some situations. A \nlocal attacker could use this to cause a denial of service or possibly \nexecute arbitrary code. (CVE-2022-0330)\n\nIt was discovered that the VMware Virtual GPU driver in the Linux kernel \ndid not properly handle certain failure conditions, leading to a stale \nentry in the file descriptor table. A local attacker could use this to \nexpose sensitive information or possibly gain administrative privileges. \n(CVE-2022-22942)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-22T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22600", "CVE-2021-28711", "CVE-2021-28712", "CVE-2021-28713", "CVE-2021-28714", "CVE-2021-28715", "CVE-2021-39685", "CVE-2021-4083", "CVE-2021-4155", "CVE-2021-4202", "CVE-2022-0330", "CVE-2022-22942"], "modified": "2022-02-22T00:00:00", "id": "USN-5298-1", "href": "https://ubuntu.com/security/notices/USN-5298-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T18:40:10", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n\n## Packages\n\n * linux-bluefield \\- Linux kernel for NVIDIA BlueField platforms\n\nIt was discovered that the network traffic control implementation in the \nLinux kernel contained a use-after-free vulnerability. A local attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2022-1055)\n\nYiqi Sun and Kevin Wang discovered that the cgroups implementation in the \nLinux kernel did not properly restrict access to the cgroups v1 \nrelease_agent feature. A local attacker could use this to gain \nadministrative privileges. (CVE-2022-0492)\n\nJ\u00fcrgen Gro\u00df discovered that the Xen subsystem within the Linux kernel did \nnot adequately limit the number of events driver domains (unprivileged PV \nbackends) could send to other guest VMs. An attacker in a driver domain \ncould use this to cause a denial of service in other guest VMs. \n(CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\nJ\u00fcrgen Gro\u00df discovered that the Xen network backend driver in the Linux \nkernel did not adequately limit the amount of queued packets when a guest \ndid not process them. An attacker in a guest VM can use this to cause a \ndenial of service (excessive kernel memory consumption) in the network \nbackend domain. (CVE-2021-28714, CVE-2021-28715)\n\nIt was discovered that the simulated networking device driver for the Linux \nkernel did not properly initialize memory in certain situations. A local \nattacker could use this to expose sensitive information (kernel memory). \n(CVE-2021-4135)\n\nBrendan Dolan-Gavitt discovered that the Marvell WiFi-Ex USB device driver \nin the Linux kernel did not properly handle some error conditions. A \nphysically proximate attacker could use this to cause a denial of service \n(system crash). (CVE-2021-43976)\n\nIt was discovered that the ARM Trusted Execution Environment (TEE) \nsubsystem in the Linux kernel contained a race condition leading to a use- \nafter-free vulnerability. A local attacker could use this to cause a denial \nof service or possibly execute arbitrary code. (CVE-2021-44733)\n\nIt was discovered that the Phone Network protocol (PhoNet) implementation \nin the Linux kernel did not properly perform reference counting in some \nerror conditions. A local attacker could possibly use this to cause a \ndenial of service (memory exhaustion). (CVE-2021-45095)\n\nWenqing Liu discovered that the f2fs file system in the Linux kernel did \nnot properly validate the last xattr entry in an inode. An attacker could \nuse this to construct a malicious f2fs image that, when mounted and \noperated on, could cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2021-45469)\n\nIt was discovered that the Reliable Datagram Sockets (RDS) protocol \nimplementation in the Linux kernel did not properly deallocate memory in \nsome error conditions. A local attacker could possibly use this to cause a \ndenial of service (memory exhaustion). (CVE-2021-45480)\n\nSamuel Page discovered that the Transparent Inter-Process Communication \n(TIPC) protocol implementation in the Linux kernel contained a stack-based \nbuffer overflow. A remote attacker could use this to cause a denial of \nservice (system crash) for systems that have a TIPC bearer configured. \n(CVE-2022-0435)\n\nIt was discovered that the IPsec implementation in the Linux kernel did not \nproperly allocate enough memory when performing ESP transformations, \nleading to a heap-based buffer overflow. A local attacker could use this to \ncause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2022-27666)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-13T00:00:00", "type": "ubuntu", "title": "Linux kernel (BlueField) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28711", "CVE-2021-28712", "CVE-2021-28713", "CVE-2021-28714", "CVE-2021-28715", "CVE-2021-4135", "CVE-2021-43976", "CVE-2021-44733", "CVE-2021-45095", "CVE-2021-45469", "CVE-2021-45480", "CVE-2022-0435", "CVE-2022-0492", "CVE-2022-1055", "CVE-2022-27666"], "modified": "2022-04-13T00:00:00", "id": "USN-5377-1", "href": "https://ubuntu.com/security/notices/USN-5377-1", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T18:41:18", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n * Ubuntu 18.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-aws-5.4 \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-azure \\- Linux kernel for Microsoft Azure Cloud systems\n * linux-azure-5.4 \\- Linux kernel for Microsoft Azure cloud systems\n * linux-azure-fde \\- Linux kernel for Microsoft Azure cloud systems\n * linux-gcp \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-gcp-5.4 \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-gke \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-gke-5.4 \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-gkeop \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-gkeop-5.4 \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-hwe-5.4 \\- Linux hardware enablement (HWE) kernel\n * linux-ibm \\- Linux kernel for IBM cloud systems\n * linux-ibm-5.4 \\- Linux kernel for IBM cloud systems\n * linux-kvm \\- Linux kernel for cloud environments\n * linux-oracle \\- Linux kernel for Oracle Cloud systems\n * linux-oracle-5.4 \\- Linux kernel for Oracle Cloud systems\n * linux-raspi \\- Linux kernel for Raspberry Pi systems\n * linux-raspi-5.4 \\- Linux kernel for Raspberry Pi systems\n\nYiqi Sun and Kevin Wang discovered that the cgroups implementation in the \nLinux kernel did not properly restrict access to the cgroups v1 \nrelease_agent feature. A local attacker could use this to gain \nadministrative privileges. (CVE-2022-0492)\n\nJ\u00fcrgen Gro\u00df discovered that the Xen subsystem within the Linux kernel did \nnot adequately limit the number of events driver domains (unprivileged PV \nbackends) could send to other guest VMs. An attacker in a driver domain \ncould use this to cause a denial of service in other guest VMs. \n(CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\nJ\u00fcrgen Gro\u00df discovered that the Xen network backend driver in the Linux \nkernel did not adequately limit the amount of queued packets when a guest \ndid not process them. An attacker in a guest VM can use this to cause a \ndenial of service (excessive kernel memory consumption) in the network \nbackend domain. (CVE-2021-28714, CVE-2021-28715)\n\nIt was discovered that the simulated networking device driver for the Linux \nkernel did not properly initialize memory in certain situations. A local \nattacker could use this to expose sensitive information (kernel memory). \n(CVE-2021-4135)\n\nBrendan Dolan-Gavitt discovered that the Marvell WiFi-Ex USB device driver \nin the Linux kernel did not properly handle some error conditions. A \nphysically proximate attacker could use this to cause a denial of service \n(system crash). (CVE-2021-43976)\n\nIt was discovered that the ARM Trusted Execution Environment (TEE) \nsubsystem in the Linux kernel contained a race condition leading to a use- \nafter-free vulnerability. A local attacker could use this to cause a denial \nof service or possibly execute arbitrary code. (CVE-2021-44733)\n\nIt was discovered that the Phone Network protocol (PhoNet) implementation \nin the Linux kernel did not properly perform reference counting in some \nerror conditions. A local attacker could possibly use this to cause a \ndenial of service (memory exhaustion). (CVE-2021-45095)\n\nIt was discovered that the Reliable Datagram Sockets (RDS) protocol \nimplementation in the Linux kernel did not properly deallocate memory in \nsome error conditions. A local attacker could possibly use this to cause a \ndenial of service (memory exhaustion). (CVE-2021-45480)\n\nSamuel Page discovered that the Transparent Inter-Process Communication \n(TIPC) protocol implementation in the Linux kernel contained a stack-based \nbuffer overflow. A remote attacker could use this to cause a denial of \nservice (system crash) for systems that have a TIPC bearer configured. \n(CVE-2022-0435)\n\nIt was discovered that the KVM implementation for s390 systems in the Linux \nkernel did not properly prevent memory operations on PVM guests that were \nin non-protected mode. A local attacker could use this to obtain \nunauthorized memory write access. (CVE-2022-0516)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-22T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28711", "CVE-2021-28712", "CVE-2021-28713", "CVE-2021-28714", "CVE-2021-28715", "CVE-2021-4135", "CVE-2021-43976", "CVE-2021-44733", "CVE-2021-45095", "CVE-2021-45480", "CVE-2022-0435", "CVE-2022-0492", "CVE-2022-0516"], "modified": "2022-03-22T00:00:00", "id": "USN-5338-1", "href": "https://ubuntu.com/security/notices/USN-5338-1", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T18:43:03", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n\n## Packages\n\n * linux \\- Linux kernel\n\nIt was discovered that the Packet network protocol implementation in the \nLinux kernel contained a double-free vulnerability. A local attacker could \nuse this to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2021-22600)\n\nSzymon Heidrich discovered that the USB Gadget subsystem in the Linux \nkernel did not properly restrict the size of control requests for certain \ngadget types, leading to possible out of bounds reads or writes. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2021-39685)\n\nJann Horn discovered a race condition in the Unix domain socket \nimplementation in the Linux kernel that could result in a read-after-free. \nA local attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2021-4083)\n\nKirill Tkhai discovered that the XFS file system implementation in the \nLinux kernel did not calculate size correctly when pre-allocating space in \nsome situations. A local attacker could use this to expose sensitive \ninformation. (CVE-2021-4155)\n\nLin Ma discovered that the NFC Controller Interface (NCI) implementation in \nthe Linux kernel contained a race condition, leading to a use-after-free \nvulnerability. A local attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2021-4202)\n\nBrendan Dolan-Gavitt discovered that the aQuantia AQtion Ethernet device \ndriver in the Linux kernel did not properly validate meta-data coming from \nthe device. A local attacker who can control an emulated device can use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2021-43975)\n\nSushma Venkatesh Reddy discovered that the Intel i915 graphics driver in \nthe Linux kernel did not perform a GPU TLB flush in some situations. A \nlocal attacker could use this to cause a denial of service or possibly \nexecute arbitrary code. (CVE-2022-0330)\n\nIt was discovered that the VMware Virtual GPU driver in the Linux kernel \ndid not properly handle certain failure conditions, leading to a stale \nentry in the file descriptor table. A local attacker could use this to \nexpose sensitive information or possibly gain administrative privileges. \n(CVE-2022-22942)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-18T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22600", "CVE-2021-39685", "CVE-2021-4083", "CVE-2021-4155", "CVE-2021-4202", "CVE-2021-43975", "CVE-2022-0330", "CVE-2022-22942"], "modified": "2022-02-18T00:00:00", "id": "USN-5294-1", "href": "https://ubuntu.com/security/notices/USN-5294-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T18:42:40", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n * Ubuntu 18.04 ESM\n\n## Packages\n\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-aws-5.4 \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-azure \\- Linux kernel for Microsoft Azure Cloud systems\n * linux-azure-5.4 \\- Linux kernel for Microsoft Azure cloud systems\n * linux-azure-fde \\- Linux kernel for Microsoft Azure cloud systems\n * linux-bluefield \\- Linux kernel for NVIDIA BlueField platforms\n * linux-gcp \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-gcp-5.4 \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-gkeop \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-gkeop-5.4 \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-hwe-5.4 \\- Linux hardware enablement (HWE) kernel\n * linux-ibm \\- Linux kernel for IBM cloud systems\n * linux-ibm-5.4 \\- Linux kernel for IBM cloud systems\n * linux-kvm \\- Linux kernel for cloud environments\n * linux-oracle \\- Linux kernel for Oracle Cloud systems\n * linux-oracle-5.4 \\- Linux kernel for Oracle Cloud systems\n * linux-raspi \\- Linux kernel for Raspberry Pi systems\n * linux-raspi-5.4 \\- Linux kernel for Raspberry Pi systems\n\nIt was discovered that the Packet network protocol implementation in the \nLinux kernel contained a double-free vulnerability. A local attacker could \nuse this to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2021-22600)\n\nSzymon Heidrich discovered that the USB Gadget subsystem in the Linux \nkernel did not properly restrict the size of control requests for certain \ngadget types, leading to possible out of bounds reads or writes. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2021-39685)\n\nJann Horn discovered a race condition in the Unix domain socket \nimplementation in the Linux kernel that could result in a read-after-free. \nA local attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2021-4083)\n\nKirill Tkhai discovered that the XFS file system implementation in the \nLinux kernel did not calculate size correctly when pre-allocating space in \nsome situations. A local attacker could use this to expose sensitive \ninformation. (CVE-2021-4155)\n\nLin Ma discovered that the NFC Controller Interface (NCI) implementation in \nthe Linux kernel contained a race condition, leading to a use-after-free \nvulnerability. A local attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2021-4202)\n\nBrendan Dolan-Gavitt discovered that the aQuantia AQtion Ethernet device \ndriver in the Linux kernel did not properly validate meta-data coming from \nthe device. A local attacker who can control an emulated device can use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2021-43975)\n\nSushma Venkatesh Reddy discovered that the Intel i915 graphics driver in \nthe Linux kernel did not perform a GPU TLB flush in some situations. A \nlocal attacker could use this to cause a denial of service or possibly \nexecute arbitrary code. (CVE-2022-0330)\n\nIt was discovered that the VMware Virtual GPU driver in the Linux kernel \ndid not properly handle certain failure conditions, leading to a stale \nentry in the file descriptor table. A local attacker could use this to \nexpose sensitive information or possibly gain administrative privileges. \n(CVE-2022-22942)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-22T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22600", "CVE-2021-39685", "CVE-2021-4083", "CVE-2021-4155", "CVE-2021-4202", "CVE-2021-43975", "CVE-2022-0330", "CVE-2022-22942"], "modified": "2022-02-22T00:00:00", "id": "USN-5294-2", "href": "https://ubuntu.com/security/notices/USN-5294-2", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T18:42:42", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n * Ubuntu 18.04 ESM\n\n## Packages\n\n * linux-gke \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-gke-5.4 \\- Linux kernel for Google Container Engine (GKE) systems\n\nSzymon Heidrich discovered that the USB Gadget subsystem in the Linux \nkernel did not properly restrict the size of control requests for certain \ngadget types, leading to possible out of bounds reads or writes. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2021-39685)\n\nJann Horn discovered a race condition in the Unix domain socket \nimplementation in the Linux kernel that could result in a read-after-free. \nA local attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2021-4083)\n\nKirill Tkhai discovered that the XFS file system implementation in the \nLinux kernel did not calculate size correctly when pre-allocating space in \nsome situations. A local attacker could use this to expose sensitive \ninformation. (CVE-2021-4155)\n\nLin Ma discovered that the NFC Controller Interface (NCI) implementation in \nthe Linux kernel contained a race condition, leading to a use-after-free \nvulnerability. A local attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2021-4202)\n\nBrendan Dolan-Gavitt discovered that the aQuantia AQtion Ethernet device \ndriver in the Linux kernel did not properly validate meta-data coming from \nthe device. A local attacker who can control an emulated device can use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2021-43975)\n\nSushma Venkatesh Reddy discovered that the Intel i915 graphics driver in \nthe Linux kernel did not perform a GPU TLB flush in some situations. A \nlocal attacker could use this to cause a denial of service or possibly \nexecute arbitrary code. (CVE-2022-0330)\n\nIt was discovered that the VMware Virtual GPU driver in the Linux kernel \ndid not properly handle certain failure conditions, leading to a stale \nentry in the file descriptor table. A local attacker could use this to \nexpose sensitive information or possibly gain administrative privileges. \n(CVE-2022-22942)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-22T00:00:00", "type": "ubuntu", "title": "Linux kernel (GKE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39685", "CVE-2021-4083", "CVE-2021-4155", "CVE-2021-4202", "CVE-2021-43975", "CVE-2022-0330", "CVE-2022-22942"], "modified": "2022-02-22T00:00:00", "id": "USN-5297-1", "href": "https://ubuntu.com/security/notices/USN-5297-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T18:46:13", "description": "## Releases\n\n * Ubuntu 18.04 ESM\n * Ubuntu 16.04 ESM\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-aws-hwe \\- Linux kernel for Amazon Web Services (AWS-HWE) systems\n * linux-azure \\- Linux kernel for Microsoft Azure Cloud systems\n * linux-azure-4.15 \\- Linux kernel for Microsoft Azure Cloud systems\n * linux-dell300x \\- Linux kernel for Dell 300x platforms\n * linux-gcp \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-gcp-4.15 \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-hwe \\- Linux hardware enablement (HWE) kernel\n * linux-kvm \\- Linux kernel for cloud environments\n * linux-oracle \\- Linux kernel for Oracle Cloud systems\n * linux-raspi2 \\- Linux kernel for Raspberry Pi systems\n * linux-snapdragon \\- Linux kernel for Qualcomm Snapdragon processors\n\nNadav Amit discovered that the hugetlb implementation in the Linux kernel \ndid not perform TLB flushes under certain conditions. A local attacker \ncould use this to leak or alter data from other processes that use huge \npages. (CVE-2021-4002)\n\nIt was discovered that a race condition existed in the timer implementation \nin the Linux kernel. A privileged attacker could use this cause a denial of \nservice. (CVE-2021-20317)\n\nIt was discovered that a race condition existed in the overlay file system \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash). (CVE-2021-20321)\n\nIt was discovered that the NFC subsystem in the Linux kernel contained a \nuse-after-free vulnerability in its NFC Controller Interface (NCI) \nimplementation. A local attacker could possibly use this to cause a denial \nof service (system crash) or execute arbitrary code. (CVE-2021-3760)\n\nIt was discovered that an integer overflow could be triggered in the eBPF \nimplementation in the Linux kernel when preallocating objects for stack \nmaps. A privileged local attacker could use this to cause a denial of \nservice or possibly execute arbitrary code. (CVE-2021-41864)\n\nIt was discovered that the ISDN CAPI implementation in the Linux kernel \ncontained a race condition in certain situations that could trigger an \narray out-of-bounds bug. A privileged local attacker could possibly use \nthis to cause a denial of service or execute arbitrary code. \n(CVE-2021-43389)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-06T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20317", "CVE-2021-20321", "CVE-2021-3760", "CVE-2021-4002", "CVE-2021-41864", "CVE-2021-43389"], "modified": "2022-01-06T00:00:00", "id": "USN-5209-1", "href": "https://ubuntu.com/security/notices/USN-5209-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T18:41:23", "description": "## Releases\n\n * Ubuntu 21.10 \n * Ubuntu 20.04 LTS\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-aws-5.13 \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-gcp \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-gcp-5.13 \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-hwe-5.13 \\- Linux hardware enablement (HWE) kernel\n * linux-kvm \\- Linux kernel for cloud environments\n * linux-oracle \\- Linux kernel for Oracle Cloud systems\n * linux-raspi \\- Linux kernel for Raspberry Pi systems\n\nIt was discovered that the BPF verifier in the Linux kernel did not \nproperly restrict pointer types in certain situations. A local attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2022-23222)\n\nYiqi Sun and Kevin Wang discovered that the cgroups implementation in the \nLinux kernel did not properly restrict access to the cgroups v1 \nrelease_agent feature. A local attacker could use this to gain \nadministrative privileges. (CVE-2022-0492)\n\nJ\u00fcrgen Gro\u00df discovered that the Xen subsystem within the Linux kernel did \nnot adequately limit the number of events driver domains (unprivileged PV \nbackends) could send to other guest VMs. An attacker in a driver domain \ncould use this to cause a denial of service in other guest VMs. \n(CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\nJ\u00fcrgen Gro\u00df discovered that the Xen network backend driver in the Linux \nkernel did not adequately limit the amount of queued packets when a guest \ndid not process them. An attacker in a guest VM can use this to cause a \ndenial of service (excessive kernel memory consumption) in the network \nbackend domain. (CVE-2021-28714, CVE-2021-28715)\n\nSzymon Heidrich discovered that the USB Gadget subsystem in the Linux \nkernel did not properly restrict the size of control requests for certain \ngadget types, leading to possible out of bounds reads or writes. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2021-39685)\n\nIt was discovered that a race condition existed in the poll implementation \nin the Linux kernel, resulting in a use-after-free vulnerability. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2021-39698)\n\nIt was discovered that the simulated networking device driver for the Linux \nkernel did not properly initialize memory in certain situations. A local \nattacker could use this to expose sensitive information (kernel memory). \n(CVE-2021-4135)\n\nEric Biederman discovered that the cgroup process migration implementation \nin the Linux kernel did not perform permission checks correctly in some \nsituations. A local attacker could possibly use this to gain administrative \nprivileges. (CVE-2021-4197)\n\nBrendan Dolan-Gavitt discovered that the aQuantia AQtion Ethernet device \ndriver in the Linux kernel did not properly validate meta-data coming from \nthe device. A local attacker who can control an emulated device can use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2021-43975)\n\nIt was discovered that the ARM Trusted Execution Environment (TEE) \nsubsystem in the Linux kernel contained a race condition leading to a use- \nafter-free vulnerability. A local attacker could use this to cause a denial \nof service or possibly execute arbitrary code. (CVE-2021-44733)\n\nIt was discovered that the Phone Network protocol (PhoNet) implementation \nin the Linux kernel did not properly perform reference counting in some \nerror conditions. A local attacker could possibly use this to cause a \ndenial of service (memory exhaustion). (CVE-2021-45095)\n\nIt was discovered that the eBPF verifier in the Linux kernel did not \nproperly perform bounds checking on mov32 operations. A local attacker \ncould use this to expose sensitive information (kernel pointer addresses). \n(CVE-2021-45402)\n\nIt was discovered that the Reliable Datagram Sockets (RDS) protocol \nimplementation in the Linux kernel did not properly deallocate memory in \nsome error conditions. A local attacker could possibly use this to cause a \ndenial of service (memory exhaustion). (CVE-2021-45480)\n\nIt was discovered that the BPF subsystem in the Linux kernel did not \nproperly track pointer types on atomic fetch operations in some situations. \nA local attacker could use this to expose sensitive information (kernel \npointer addresses). (CVE-2022-0264)\n\nIt was discovered that the TIPC Protocol implementation in the Linux kernel \ndid not properly initialize memory in some situations. A local attacker \ncould use this to expose sensitive information (kernel memory). \n(CVE-2022-0382)\n\nSamuel Page discovered that the Transparent Inter-Process Communication \n(TIPC) protocol implementation in the Linux kernel contained a stack-based \nbuffer overflow. A remote attacker could use this to cause a denial of \nservice (system crash) for systems that have a TIPC bearer configured. \n(CVE-2022-0435)\n\nIt was discovered that the KVM implementation for s390 systems in the Linux \nkernel did not properly prevent memory operations on PVM guests that were \nin non-protected mode. A local attacker could use this to obtain \nunauthorized memory write access. (CVE-2022-0516)\n\nIt was discovered that the ICMPv6 implementation in the Linux kernel did \nnot properly deallocate memory in certain situations. A remote attacker \ncould possibly use this to cause a denial of service (memory exhaustion). \n(CVE-2022-0742)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-22T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28711", "CVE-2021-28712", "CVE-2021-28713", "CVE-2021-28714", "CVE-2021-28715", "CVE-2021-39685", "CVE-2021-39698", "CVE-2021-4135", "CVE-2021-4197", "CVE-2021-43975", "CVE-2021-44733", "CVE-2021-45095", "CVE-2021-45402", "CVE-2021-45480", "CVE-2022-0264", "CVE-2022-0382", "CVE-2022-0435", "CVE-2022-0492", "CVE-2022-0516", "CVE-2022-0742", "CVE-2022-23222"], "modified": "2022-03-22T00:00:00", "id": "USN-5337-1", "href": "https://ubuntu.com/security/notices/USN-5337-1", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T18:43:31", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n\n## Packages\n\n * linux-oem-5.14 \\- Linux kernel for OEM systems\n\nIt was discovered that the rlimit tracking for user namespaces in the Linux \nkernel did not properly perform reference counting, leading to a use-after- \nfree vulnerability. A local attacker could use this to cause a denial of \nservice or possibly execute arbitrary code. (CVE-2022-24122)\n\nIt was discovered that the BPF verifier in the Linux kernel did not \nproperly restrict pointer types in certain situations. A local attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2022-23222)\n\nJeremy Cline discovered a use-after-free in the nouveau graphics driver of \nthe Linux kernel during device removal. A privileged or physically \nproximate attacker could use this to cause a denial of service (system \ncrash). (CVE-2020-27820)\n\nIt was discovered that the Packet network protocol implementation in the \nLinux kernel contained a double-free vulnerability. A local attacker could \nuse this to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2021-22600)\n\nJ\u00fcrgen Gro\u00df discovered that the Xen subsystem within the Linux kernel did \nnot adequately limit the number of events driver domains (unprivileged PV \nbackends) could send to other guest VMs. An attacker in a driver domain \ncould use this to cause a denial of service in other guest VMs. \n(CVE-2021-28713)\n\nJ\u00fcrgen Gro\u00df discovered that the Xen network backend driver in the Linux \nkernel did not adequately limit the amount of queued packets when a guest \ndid not process them. An attacker in a guest VM can use this to cause a \ndenial of service (excessive kernel memory consumption) in the network \nbackend domain. (CVE-2021-28714, CVE-2021-28715)\n\nSzymon Heidrich discovered that the USB Gadget subsystem in the Linux \nkernel did not properly restrict the size of control requests for certain \ngadget types, leading to possible out of bounds reads or writes. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2021-39685)\n\nIt was discovered that the eBPF implementation in the Linux kernel \ncontained a race condition around read-only maps. A privileged attacker \ncould use this to modify read-only maps. (CVE-2021-4001)\n\nJann Horn discovered a race condition in the Unix domain socket \nimplementation in the Linux kernel that could result in a read-after-free. \nA local attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2021-4083)\n\nIt was discovered that the simulated networking device driver for the Linux \nkernel did not properly initialize memory in certain situations. A local \nattacker could use this to expose sensitive information (kernel memory). \n(CVE-2021-4135)\n\nKirill Tkhai discovered that the XFS file system implementation in the \nLinux kernel did not calculate size correctly when pre-allocating space in \nsome situations. A local attacker could use this to expose sensitive \ninformation. (CVE-2021-4155)\n\nEric Biederman discovered that the cgroup process migration implementation \nin the Linux kernel did not perform permission checks correctly in some \nsituations. A local attacker could possibly use this to gain administrative \nprivileges. (CVE-2021-4197)\n\nBrendan Dolan-Gavitt discovered that the aQuantia AQtion Ethernet device \ndriver in the Linux kernel did not properly validate meta-data coming from \nthe device. A local attacker who can control an emulated device can use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2021-43975)\n\nIt was discovered that the ARM Trusted Execution Environment (TEE) \nsubsystem in the Linux kernel contained a race condition leading to a use- \nafter-free vulnerability. A local attacker could use this to cause a denial \nof service or possibly execute arbitrary code. (CVE-2021-44733)\n\nIt was discovered that the Phone Network protocol (PhoNet) implementation \nin the Linux kernel did not properly perform reference counting in some \nerror conditions. A local attacker could possibly use this to cause a \ndenial of service (memory exhaustion). (CVE-2021-45095)\n\nIt was discovered that the Reliable Datagram Sockets (RDS) protocol \nimplementation in the Linux kernel did not properly deallocate memory in \nsome error conditions. A local attacker could possibly use this to cause a \ndenial of service (memory exhaustion). (CVE-2021-45480)\n\nIt was discovered that the BPF subsystem in the Linux kernel did not \nproperly track pointer types on atomic fetch operations in some situations. \nA local attacker could use this to expose sensitive information (kernel \npointer addresses). (CVE-2022-0264)\n\nSushma Venkatesh Reddy discovered that the Intel i915 graphics driver in \nthe Linux kernel did not perform a GPU TLB flush in some situations. A \nlocal attacker could use this to cause a denial of service or possibly \nexecute arbitrary code. (CVE-2022-0330)\n\nIt was discovered that the TIPC Protocol implementation in the Linux kernel \ndid not properly initialize memory in some situations. A local attacker \ncould use this to expose sensitive information (kernel memory). \n(CVE-2022-0382)\n\nIt was discovered that the VMware Virtual GPU driver in the Linux kernel \ndid not properly handle certain failure conditions, leading to a stale \nentry in the file descriptor table. A local attacker could use this to \nexpose sensitive information or possibly gain administrative privileges. \n(CVE-2022-22942)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-09T00:00:00", "type": "ubuntu", "title": "Linux kernel (OEM) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27820", "CVE-2021-22600", "CVE-2021-28713", "CVE-2021-28714", "CVE-2021-28715", "CVE-2021-39685", "CVE-2021-4001", "CVE-2021-4083", "CVE-2021-4135", "CVE-2021-4155", "CVE-2021-4197", "CVE-2021-43975", "CVE-2021-44733", "CVE-2021-45095", "CVE-2021-45480", "CVE-2022-0264", "CVE-2022-0330", "CVE-2022-0382", "CVE-2022-22942", "CVE-2022-23222", "CVE-2022-24122"], "modified": "2022-02-09T00:00:00", "id": "USN-5278-1", "href": "https://ubuntu.com/security/notices/USN-5278-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T18:42:43", "description": "## Releases\n\n * Ubuntu 21.10 \n * Ubuntu 20.04 LTS\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-aws-5.13 \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-azure \\- Linux kernel for Microsoft Azure Cloud systems\n * linux-gcp \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-kvm \\- Linux kernel for cloud environments\n * linux-oracle \\- Linux kernel for Oracle Cloud systems\n * linux-oracle-5.13 \\- Linux kernel for Oracle Cloud systems\n * linux-raspi \\- Linux kernel for Raspberry Pi systems\n\nIt was discovered that the Packet network protocol implementation in the \nLinux kernel contained a double-free vulnerability. A local attacker could \nuse this to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2021-22600)\n\nJann Horn discovered a race condition in the Unix domain socket \nimplementation in the Linux kernel that could result in a read-after-free. \nA local attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2021-4083)\n\nKirill Tkhai discovered that the XFS file system implementation in the \nLinux kernel did not calculate size correctly when pre-allocating space in \nsome situations. A local attacker could use this to expose sensitive \ninformation. (CVE-2021-4155)\n\nSushma Venkatesh Reddy discovered that the Intel i915 graphics driver in \nthe Linux kernel did not perform a GPU TLB flush in some situations. A \nlocal attacker could use this to cause a denial of service or possibly \nexecute arbitrary code. (CVE-2022-0330)\n\nIt was discovered that the VMware Virtual GPU driver in the Linux kernel \ndid not properly handle certain failure conditions, leading to a stale \nentry in the file descriptor table. A local attacker could use this to \nexpose sensitive information or possibly gain administrative privileges. \n(CVE-2022-22942)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-22T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22600", "CVE-2021-4083", "CVE-2021-4155", "CVE-2022-0330", "CVE-2022-22942"], "modified": "2022-02-22T00:00:00", "id": "USN-5295-2", "href": "https://ubuntu.com/security/notices/USN-5295-2", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T18:43:00", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n\n## Packages\n\n * linux-hwe-5.13 \\- Linux hardware enablement (HWE) kernel\n\nIt was discovered that the Packet network protocol implementation in the \nLinux kernel contained a double-free vulnerability. A local attacker could \nuse this to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2021-22600)\n\nJann Horn discovered a race condition in the Unix domain socket \nimplementation in the Linux kernel that could result in a read-after-free. \nA local attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2021-4083)\n\nKirill Tkhai discovered that the XFS file system implementation in the \nLinux kernel did not calculate size correctly when pre-allocating space in \nsome situations. A local attacker could use this to expose sensitive \ninformation. (CVE-2021-4155)\n\nSushma Venkatesh Reddy discovered that the Intel i915 graphics driver in \nthe Linux kernel did not perform a GPU TLB flush in some situations. A \nlocal attacker could use this to cause a denial of service or possibly \nexecute arbitrary code. (CVE-2022-0330)\n\nIt was discovered that the VMware Virtual GPU driver in the Linux kernel \ndid not properly handle certain failure conditions, leading to a stale \nentry in the file descriptor table. A local attacker could use this to \nexpose sensitive information or possibly gain administrative privileges. \n(CVE-2022-22942)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-18T00:00:00", "type": "ubuntu", "title": "Linux kernel (HWE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22600", "CVE-2021-4083", "CVE-2021-4155", "CVE-2022-0330", "CVE-2022-22942"], "modified": "2022-02-18T00:00:00", "id": "USN-5295-1", "href": "https://ubuntu.com/security/notices/USN-5295-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T18:40:28", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n\n## Packages\n\n * linux-azure-5.13 \\- Linux kernel for Microsoft Azure cloud systems\n * linux-oracle-5.13 \\- Linux kernel for Oracle Cloud systems\n\nIt was discovered that the BPF verifier in the Linux kernel did not \nproperly restrict pointer types in certain situations. A local attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2022-23222)\n\nIt was discovered that the network traffic control implementation in the \nLinux kernel contained a use-after-free vulnerability. A local attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2022-1055)\n\nYiqi Sun and Kevin Wang discovered that the cgroups implementation in the \nLinux kernel did not properly restrict access to the cgroups v1 \nrelease_agent feature. A local attacker could use this to gain \nadministrative privileges. (CVE-2022-0492)\n\nJ\u00fcrgen Gro\u00df discovered that the Xen subsystem within the Linux kernel did \nnot adequately limit the number of events driver domains (unprivileged PV \nbackends) could send to other guest VMs. An attacker in a driver domain \ncould use this to cause a denial of service in other guest VMs. \n(CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\nJ\u00fcrgen Gro\u00df discovered that the Xen network backend driver in the Linux \nkernel did not adequately limit the amount of queued packets when a guest \ndid not process them. An attacker in a guest VM can use this to cause a \ndenial of service (excessive kernel memory consumption) in the network \nbackend domain. (CVE-2021-28714, CVE-2021-28715)\n\nSzymon Heidrich discovered that the USB Gadget subsystem in the Linux \nkernel did not properly restrict the size of control requests for certain \ngadget types, leading to possible out of bounds reads or writes. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2021-39685)\n\nIt was discovered that a race condition existed in the poll implementation \nin the Linux kernel, resulting in a use-after-free vulnerability. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2021-39698)\n\nIt was discovered that the simulated networking device driver for the Linux \nkernel did not properly initialize memory in certain situations. A local \nattacker could use this to expose sensitive information (kernel memory). \n(CVE-2021-4135)\n\nEric Biederman discovered that the cgroup process migration implementation \nin the Linux kernel did not perform permission checks correctly in some \nsituations. A local attacker could possibly use this to gain administrative \nprivileges. (CVE-2021-4197)\n\nBrendan Dolan-Gavitt discovered that the aQuantia AQtion Ethernet device \ndriver in the Linux kernel did not properly validate meta-data coming from \nthe device. A local attacker who can control an emulated device can use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2021-43975)\n\nIt was discovered that the ARM Trusted Execution Environment (TEE) \nsubsystem in the Linux kernel contained a race condition leading to a use- \nafter-free vulnerability. A local attacker could use this to cause a denial \nof service or possibly execute arbitrary code. (CVE-2021-44733)\n\nIt was discovered that the Phone Network protocol (PhoNet) implementation \nin the Linux kernel did not properly perform reference counting in some \nerror conditions. A local attacker could possibly use this to cause a \ndenial of service (memory exhaustion). (CVE-2021-45095)\n\nIt was discovered that the eBPF verifier in the Linux kernel did not \nproperly perform bounds checking on mov32 operations. A local attacker \ncould use this to expose sensitive information (kernel pointer addresses). \n(CVE-2021-45402)\n\nIt was discovered that the Reliable Datagram Sockets (RDS) protocol \nimplementation in the Linux kernel did not properly deallocate memory in \nsome error conditions. A local attacker could possibly use this to cause a \ndenial of service (memory exhaustion). (CVE-2021-45480)\n\nIt was discovered that the BPF subsystem in the Linux kernel did not \nproperly track pointer types on atomic fetch operations in some situations. \nA local attacker could use this to expose sensitive information (kernel \npointer addresses). (CVE-2022-0264)\n\nIt was discovered that the TIPC Protocol implementation in the Linux kernel \ndid not properly initialize memory in some situations. A local attacker \ncould use this to expose sensitive information (kernel memory). \n(CVE-2022-0382)\n\nSamuel Page discovered that the Transparent Inter-Process Communication \n(TIPC) protocol implementation in the Linux kernel contained a stack-based \nbuffer overflow. A remote attacker could use this to cause a denial of \nservice (system crash) for systems that have a TIPC bearer configured. \n(CVE-2022-0435)\n\nIt was discovered that the KVM implementation for s390 systems in the Linux \nkernel did not properly prevent memory operations on PVM guests that were \nin non-protected mode. A local attacker could use this to obtain \nunauthorized memory write access. (CVE-2022-0516)\n\nIt was discovered that the ICMPv6 implementation in the Linux kernel did \nnot properly deallocate memory in certain situations. A remote attacker \ncould possibly use this to cause a denial of service (memory exhaustion). \n(CVE-2022-0742)\n\nIt was discovered that the IPsec implementation in the Linux kernel did not \nproperly allocate enough memory when performing ESP transformations, \nleading to a heap-based buffer overflow. A local attacker could use this to \ncause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2022-27666)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-06T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28711", "CVE-2021-28712", "CVE-2021-28713", "CVE-2021-28714", "CVE-2021-28715", "CVE-2021-39685", "CVE-2021-39698", "CVE-2021-4135", "CVE-2021-4197", "CVE-2021-43975", "CVE-2021-44733", "CVE-2021-45095", "CVE-2021-45402", "CVE-2021-45480", "CVE-2022-0264", "CVE-2022-0382", "CVE-2022-0435", "CVE-2022-0492", "CVE-2022-0516", "CVE-2022-0742", "CVE-2022-1055", "CVE-2022-23222", "CVE-2022-27666"], "modified": "2022-04-06T00:00:00", "id": "USN-5368-1", "href": "https://ubuntu.com/security/notices/USN-5368-1", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T18:39:59", "description": "## Releases\n\n * Ubuntu 18.04 ESM\n * Ubuntu 16.04 ESM\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-aws-hwe \\- Linux kernel for Amazon Web Services (AWS-HWE) systems\n * linux-azure \\- Linux kernel for Microsoft Azure Cloud systems\n * linux-azure-4.15 \\- Linux kernel for Microsoft Azure Cloud systems\n * linux-dell300x \\- Linux kernel for Dell 300x platforms\n * linux-gcp \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-gcp-4.15 \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-hwe \\- Linux hardware enablement (HWE) kernel\n * linux-kvm \\- Linux kernel for cloud environments\n * linux-oracle \\- Linux kernel for Oracle Cloud systems\n * linux-snapdragon \\- Linux kernel for Qualcomm Snapdragon processors\n\nBrendan Dolan-Gavitt discovered that the aQuantia AQtion Ethernet device \ndriver in the Linux kernel did not properly validate meta-data coming from \nthe device. A local attacker who can control an emulated device can use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2021-43975)\n\nIt was discovered that the UDF file system implementation in the Linux \nkernel could attempt to dereference a null pointer in some situations. An \nattacker could use this to construct a malicious UDF image that, when \nmounted and operated on, could cause a denial of service (system crash). \n(CVE-2022-0617)\n\nLyu Tao discovered that the NFS implementation in the Linux kernel did not \nproperly handle requests to open a directory on a regular file. A local \nattacker could use this to expose sensitive information (kernel memory). \n(CVE-2022-24448)\n\nIt was discovered that the YAM AX.25 device driver in the Linux kernel did \nnot properly deallocate memory in some error conditions. A local privileged \nattacker could use this to cause a denial of service (kernel memory \nexhaustion). (CVE-2022-24959)\n", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-21T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43975", "CVE-2022-0617", "CVE-2022-24448", "CVE-2022-24959"], "modified": "2022-04-21T00:00:00", "id": "USN-5385-1", "href": "https://ubuntu.com/security/notices/USN-5385-1", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-03T18:44:09", "description": "## Releases\n\n * Ubuntu 18.04 ESM\n * Ubuntu 16.04 ESM\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-aws-hwe \\- Linux kernel for Amazon Web Services (AWS-HWE) systems\n * linux-azure \\- Linux kernel for Microsoft Azure Cloud systems\n * linux-dell300x \\- Linux kernel for Dell 300x platforms\n * linux-gcp \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-gcp-4.15 \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-hwe \\- Linux hardware enablement (HWE) kernel\n * linux-kvm \\- Linux kernel for cloud environments\n * linux-oracle \\- Linux kernel for Oracle Cloud systems\n * linux-raspi2 \\- Linux kernel for Raspberry Pi systems\n * linux-snapdragon \\- Linux kernel for Qualcomm Snapdragon processors\n\nKeyu Man discovered that the ICMP implementation in the Linux kernel did \nnot properly handle received ICMP error packets. A remote attacker could \nuse this to facilitate attacks on UDP based services that depend on source \nport randomization. (CVE-2021-20322)\n\nIt was discovered that the Bluetooth subsystem in the Linux kernel \ncontained a use-after-free vulnerability. A local attacker could use this \nto cause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2021-3640)\n\nLikang Luo discovered that a race condition existed in the Bluetooth \nsubsystem of the Linux kernel, leading to a use-after-free vulnerability. A \nlocal attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2021-3752)\n\nLuo Likang discovered that the FireDTV Firewire driver in the Linux kernel \ndid not properly perform bounds checking in some situations. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2021-42739)\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-02-03T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.9, "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20322", "CVE-2021-3640", "CVE-2021-3752", "CVE-2021-42739"], "modified": "2022-02-03T00:00:00", "id": "USN-5268-1", "href": "https://ubuntu.com/security/notices/USN-5268-1", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T18:41:18", "description": "## Releases\n\n * Ubuntu 18.04 ESM\n * Ubuntu 16.04 ESM\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-aws-hwe \\- Linux kernel for Amazon Web Services (AWS-HWE) systems\n * linux-azure \\- Linux kernel for Microsoft Azure Cloud systems\n * linux-azure-4.15 \\- Linux kernel for Microsoft Azure Cloud systems\n * linux-dell300x \\- Linux kernel for Dell 300x platforms\n * linux-gcp \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-gcp-4.15 \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-hwe \\- Linux hardware enablement (HWE) kernel\n * linux-kvm \\- Linux kernel for cloud environments\n * linux-oracle \\- Linux kernel for Oracle Cloud systems\n * linux-raspi2 \\- Linux kernel for Raspberry Pi systems\n * linux-snapdragon \\- Linux kernel for Qualcomm Snapdragon processors\n\nYiqi Sun and Kevin Wang discovered that the cgroups implementation in the \nLinux kernel did not properly restrict access to the cgroups v1 \nrelease_agent feature. A local attacker could use this to gain \nadministrative privileges. (CVE-2022-0492)\n\nIt was discovered that an out-of-bounds (OOB) memory access flaw existed in \nthe f2fs module of the Linux kernel. A local attacker could use this issue \nto cause a denial of service (system crash). (CVE-2021-3506)\n\nBrendan Dolan-Gavitt discovered that the Marvell WiFi-Ex USB device driver \nin the Linux kernel did not properly handle some error conditions. A \nphysically proximate attacker could use this to cause a denial of service \n(system crash). (CVE-2021-43976)\n\nIt was discovered that the ARM Trusted Execution Environment (TEE) \nsubsystem in the Linux kernel contained a race condition leading to a use- \nafter-free vulnerability. A local attacker could use this to cause a denial \nof service or possibly execute arbitrary code. (CVE-2021-44733)\n\nIt was discovered that the Phone Network protocol (PhoNet) implementation \nin the Linux kernel did not properly perform reference counting in some \nerror conditions. A local attacker could possibly use this to cause a \ndenial of service (memory exhaustion). (CVE-2021-45095)\n\nSamuel Page discovered that the Transparent Inter-Process Communication \n(TIPC) protocol implementation in the Linux kernel contained a stack-based \nbuffer overflow. A remote attacker could use this to cause a denial of \nservice (system crash) for systems that have a TIPC bearer configured. \n(CVE-2022-0435)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-22T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3506", "CVE-2021-43976", "CVE-2021-44733", "CVE-2021-45095", "CVE-2022-0435", "CVE-2022-0492"], "modified": "2022-03-22T00:00:00", "id": "USN-5339-1", "href": "https://ubuntu.com/security/notices/USN-5339-1", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T18:42:29", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n\n## Packages\n\n * linux-oem-5.14 \\- Linux kernel for OEM systems\n\nYiqi Sun and Kevin Wang discovered that the cgroups implementation in the \nLinux kernel did not properly restrict access to the cgroups v1 \nrelease_agent feature. A local attacker could use this to gain \nadministrative privileges. (CVE-2022-0492)\n\nBrendan Dolan-Gavitt discovered that the Marvell WiFi-Ex USB device driver \nin the Linux kernel did not properly handle some error conditions. A \nphysically proximate attacker could use this to cause a denial of service \n(system crash). (CVE-2021-43976)\n\nWenqing Liu discovered that the f2fs file system implementation in the \nLinux kernel did not properly validate inode types while performing garbage \ncollection. An attacker could use this to construct a malicious f2fs image \nthat, when mounted and operated on, could cause a denial of service (system \ncrash). (CVE-2021-44879)\n\nSamuel Page discovered that the Transparent Inter-Process Communication \n(TIPC) protocol implementation in the Linux kernel contained a stack-based \nbuffer overflow. A remote attacker could use this to cause a denial of \nservice (system crash) for systems that have a TIPC bearer configured. \n(CVE-2022-0435)\n\nLyu Tao discovered that the NFS implementation in the Linux kernel did not \nproperly handle requests to open a directory on a regular file. A local \nattacker could use this to expose sensitive information (kernel memory). \n(CVE-2022-24448)\n\nIt was discovered that the YAM AX.25 device driver in the Linux kernel did \nnot properly deallocate memory in some error conditions. A local privileged \nattacker could use this to cause a denial of service (kernel memory \nexhaustion). (CVE-2022-24959)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-22T00:00:00", "type": "ubuntu", "title": "Linux kernel (OEM) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43976", "CVE-2021-44879", "CVE-2022-0435", "CVE-2022-0492", "CVE-2022-24448", "CVE-2022-24959"], "modified": "2022-02-22T00:00:00", "id": "USN-5302-1", "href": "https://ubuntu.com/security/notices/USN-5302-1", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T18:46:22", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n * Ubuntu 18.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-aws-5.4 \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-azure \\- Linux kernel for Microsoft Azure Cloud systems\n * linux-azure-5.4 \\- Linux kernel for Microsoft Azure cloud systems\n * linux-bluefield \\- Linux kernel for NVIDIA BlueField platforms\n * linux-gcp \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-gcp-5.4 \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-gke \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-gke-5.4 \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-gkeop \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-gkeop-5.4 \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-hwe-5.4 \\- Linux hardware enablement (HWE) kernel\n * linux-ibm \\- Linux kernel for IBM cloud systems\n * linux-kvm \\- Linux kernel for cloud environments\n * linux-oracle \\- Linux kernel for Oracle Cloud systems\n * linux-oracle-5.4 \\- Linux kernel for Oracle Cloud systems\n * linux-raspi \\- Linux kernel for Raspberry Pi systems\n * linux-raspi-5.4 \\- Linux kernel for Raspberry Pi systems\n\nNadav Amit discovered that the hugetlb implementation in the Linux kernel \ndid not perform TLB flushes under certain conditions. A local attacker \ncould use this to leak or alter data from other processes that use huge \npages. (CVE-2021-4002)\n\nIt was discovered that the Linux kernel did not properly enforce certain \ntypes of entries in the Secure Boot Forbidden Signature Database (aka dbx) \nprotection mechanism. An attacker could use this to bypass UEFI Secure Boot \nrestrictions. (CVE-2020-26541)\n\nIt was discovered that a race condition existed in the overlay file system \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash). (CVE-2021-20321)\n\nIt was discovered that the NFC subsystem in the Linux kernel contained a \nuse-after-free vulnerability in its NFC Controller Interface (NCI) \nimplementation. A local attacker could possibly use this to cause a denial \nof service (system crash) or execute arbitrary code. (CVE-2021-3760)\n\nIt was discovered that an integer overflow could be triggered in the eBPF \nimplementation in the Linux kernel when preallocating objects for stack \nmaps. A privileged local attacker could use this to cause a denial of \nservice or possibly execute arbitrary code. (CVE-2021-41864)\n\nIt was discovered that the KVM implementation for POWER8 processors in the \nLinux kernel did not properly keep track if a wakeup event could be \nresolved by a guest. An attacker in a guest VM could possibly use this to \ncause a denial of service (host OS crash). (CVE-2021-43056)\n\nIt was discovered that the ISDN CAPI implementation in the Linux kernel \ncontained a race condition in certain situations that could trigger an \narray out-of-bounds bug. A privileged local attacker could possibly use \nthis to cause a denial of service or execute arbitrary code. \n(CVE-2021-43389)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-06T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-26541", "CVE-2021-20321", "CVE-2021-3760", "CVE-2021-4002", "CVE-2021-41864", "CVE-2021-43056", "CVE-2021-43389"], "modified": "2022-01-06T00:00:00", "id": "USN-5210-1", "href": "https://ubuntu.com/security/notices/USN-5210-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T18:46:20", "description": "## Releases\n\n * Ubuntu 21.10 \n * Ubuntu 21.04 \n * Ubuntu 20.04 LTS\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-aws-5.11 \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-azure \\- Linux kernel for Microsoft Azure Cloud systems\n * linux-azure-5.11 \\- Linux kernel for Microsoft Azure cloud systems\n * linux-gcp \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-gcp-5.11 \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-hwe-5.11 \\- Linux hardware enablement (HWE) kernel\n * linux-kvm \\- Linux kernel for cloud environments\n * linux-oracle \\- Linux kernel for Oracle Cloud systems\n * linux-oracle-5.11 \\- Linux kernel for Oracle Cloud systems\n * linux-raspi \\- Linux kernel for Raspberry Pi systems\n\nNadav Amit discovered that the hugetlb implementation in the Linux kernel \ndid not perform TLB flushes under certain conditions. A local attacker \ncould use this to leak or alter data from other processes that use huge \npages. (CVE-2021-4002)\n\nIt was discovered that a race condition existed in the overlay file system \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash). (CVE-2021-20321)\n\nIt was discovered that the NFC subsystem in the Linux kernel contained a \nuse-after-free vulnerability in its NFC Controller Interface (NCI) \nimplementation. A local attacker could possibly use this to cause a denial \nof service (system crash) or execute arbitrary code. (CVE-2021-3760)\n\nIt was discovered that an integer overflow could be triggered in the eBPF \nimplementation in the Linux kernel when preallocating objects for stack \nmaps. A privileged local attacker could use this to cause a denial of \nservice or possibly execute arbitrary code. (CVE-2021-41864)\n\nIt was discovered that the KVM implementation for POWER8 processors in the \nLinux kernel did not properly keep track if a wakeup event could be \nresolved by a guest. An attacker in a guest VM could possibly use this to \ncause a denial of service (host OS crash). (CVE-2021-43056)\n\nIt was discovered that the TIPC Protocol implementation in the Linux kernel \ndid not properly validate MSG_CRYPTO messages in some situations. An \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2021-43267)\n\nIt was discovered that the ISDN CAPI implementation in the Linux kernel \ncontained a race condition in certain situations that could trigger an \narray out-of-bounds bug. A privileged local attacker could possibly use \nthis to cause a denial of service or execute arbitrary code. \n(CVE-2021-43389)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-06T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20321", "CVE-2021-3760", "CVE-2021-4002", "CVE-2021-41864", "CVE-2021-43056", "CVE-2021-43267", "CVE-2021-43389"], "modified": "2022-01-06T00:00:00", "id": "USN-5208-1", "href": "https://ubuntu.com/security/notices/USN-5208-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T18:45:44", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n * Ubuntu 18.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-gcp \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-gcp-5.4 \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-hwe-5.4 \\- Linux hardware enablement (HWE) kernel\n\nUSN-5210-1 fixed vulnerabilities in the Linux kernel. Unfortunately, \nthat update introduced a regression that caused failures to boot in \nenvironments with AMD Secure Encrypted Virtualization (SEV) enabled. \nThis update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nNadav Amit discovered that the hugetlb implementation in the Linux kernel \ndid not perform TLB flushes under certain conditions. A local attacker \ncould use this to leak or alter data from other processes that use huge \npages. (CVE-2021-4002)\n\nIt was discovered that the Linux kernel did not properly enforce certain \ntypes of entries in the Secure Boot Forbidden Signature Database (aka dbx) \nprotection mechanism. An attacker could use this to bypass UEFI Secure Boot \nrestrictions. (CVE-2020-26541)\n\nIt was discovered that a race condition existed in the overlay file system \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash). (CVE-2021-20321)\n\nIt was discovered that the NFC subsystem in the Linux kernel contained a \nuse-after-free vulnerability in its NFC Controller Interface (NCI) \nimplementation. A local attacker could possibly use this to cause a denial \nof service (system crash) or execute arbitrary code. (CVE-2021-3760)\n\nIt was discovered that an integer overflow could be triggered in the eBPF \nimplementation in the Linux kernel when preallocating objects for stack \nmaps. A privileged local attacker could use this to cause a denial of \nservice or possibly execute arbitrary code. (CVE-2021-41864)\n\nIt was discovered that the KVM implementation for POWER8 processors in the \nLinux kernel did not properly keep track if a wakeup event could be \nresolved by a guest. An attacker in a guest VM could possibly use this to \ncause a denial of service (host OS crash). (CVE-2021-43056)\n\nIt was discovered that the ISDN CAPI implementation in the Linux kernel \ncontained a race condition in certain situations that could trigger an \narray out-of-bounds bug. A privileged local attacker could possibly use \nthis to cause a denial of service or execute arbitrary code. \n(CVE-2021-43389)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-12T00:00:00", "type": "ubuntu", "title": "Linux kernel regression", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-26541", "CVE-2021-20321", "CVE-2021-3760", "CVE-2021-4002", "CVE-2021-41864", "CVE-2021-43056", "CVE-2021-43389"], "modified": "2022-01-12T00:00:00", "id": "USN-5210-2", "href": "https://ubuntu.com/security/notices/USN-5210-2", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T18:48:24", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n\n## Packages\n\n * linux-oem-5.10 \\- Linux kernel for OEM systems\n\nIlja Van Sprundel discovered that the SCTP implementation in the Linux \nkernel did not properly perform size validations on incoming packets in \nsome situations. An attacker could possibly use this to expose sensitive \ninformation (kernel memory). (CVE-2021-3655)\n\nIt was discovered that the AMD Cryptographic Coprocessor (CCP) driver in \nthe Linux kernel did not properly deallocate memory in some error \nconditions. A local attacker could use this to cause a denial of service \n(memory exhaustion). (CVE-2021-3744, CVE-2021-3764)\n\nIt was discovered that the NFC subsystem in the Linux kernel contained a \nuse-after-free vulnerability in its NFC Controller Interface (NCI) \nimplementation. A local attacker could possibly use this to cause a denial \nof service (system crash) or execute arbitrary code. (CVE-2021-3760)\n\nIt was discovered that an integer overflow could be triggered in the eBPF \nimplementation in the Linux kernel when preallocating objects for stack \nmaps. A privileged local attacker could use this to cause a denial of \nservice or possibly execute arbitrary code. (CVE-2021-41864)\n\nIt was discovered that the KVM implementation for POWER8 processors in the \nLinux kernel did not properly keep track if a wakeup event could be \nresolved by a guest. An attacker in a guest VM could possibly use this to \ncause a denial of service (host OS crash). (CVE-2021-43056)\n\nIt was discovered that the ISDN CAPI implementation in the Linux kernel \ncontained a race condition in certain situations that could trigger an \narray out-of-bounds bug. A privileged local attacker could possibly use \nthis to cause a denial of service or execute arbitrary code. \n(CVE-2021-43389)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-11T00:00:00", "type": "ubuntu", "title": "Linux kernel (OEM 5.10) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3655", "CVE-2021-3744", "CVE-2021-3760", "CVE-2021-3764", "CVE-2021-41864", "CVE-2021-43056", "CVE-2021-43389"], "modified": "2021-11-11T00:00:00", "id": "USN-5139-1", "href": "https://ubuntu.com/security/notices/USN-5139-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T18:39:59", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n * Ubuntu 18.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-aws-5.4 \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-azure \\- Linux kernel for Microsoft Azure Cloud systems\n * linux-azure-5.4 \\- Linux kernel for Microsoft Azure cloud systems\n * linux-azure-fde \\- Linux kernel for Microsoft Azure cloud systems\n * linux-gcp \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-gcp-5.4 \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-gke \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-gke-5.4 \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-gkeop \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-gkeop-5.4 \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-hwe-5.4 \\- Linux hardware enablement (HWE) kernel\n * linux-ibm \\- Linux kernel for IBM cloud systems\n * linux-ibm-5.4 \\- Linux kernel for IBM cloud systems\n * linux-kvm \\- Linux kernel for cloud environments\n * linux-oracle \\- Linux kernel for Oracle Cloud systems\n * linux-oracle-5.4 \\- Linux kernel for Oracle Cloud systems\n * linux-raspi \\- Linux kernel for Raspberry Pi systems\n * linux-raspi-5.4 \\- Linux kernel for Raspberry Pi systems\n\nIt was discovered that the UDF file system implementation in the Linux \nkernel could attempt to dereference a null pointer in some situations. An \nattacker could use this to construct a malicious UDF image that, when \nmounted and operated on, could cause a denial of service (system crash). \n(CVE-2022-0617)\n\nLyu Tao discovered that the NFS implementation in the Linux kernel did not \nproperly handle requests to open a directory on a regular file. A local \nattacker could use this to expose sensitive information (kernel memory). \n(CVE-2022-24448)\n\nIt was discovered that the YAM AX.25 device driver in the Linux kernel did \nnot properly deallocate memory in some error conditions. A local privileged \nattacker could use this to cause a denial of service (kernel memory \nexhaustion). (CVE-2022-24959)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-20T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0617", "CVE-2022-24448", "CVE-2022-24959"], "modified": "2022-04-20T00:00:00", "id": "USN-5384-1", "href": "https://ubuntu.com/security/notices/USN-5384-1", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-03T18:48:24", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n\n## Packages\n\n * linux-oem-5.14 \\- Linux kernel for OEM systems\n\nIt was discovered that the AMD Cryptographic Coprocessor (CCP) driver in \nthe Linux kernel did not properly deallocate memory in some error \nconditions. A local attacker could use this to cause a denial of service \n(memory exhaustion). (CVE-2021-3744, CVE-2021-3764)\n\nIt was discovered that an integer overflow could be triggered in the eBPF \nimplementation in the Linux kernel when preallocating objects for stack \nmaps. A privileged local attacker could use this to cause a denial of \nservice or possibly execute arbitrary code. (CVE-2021-41864)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-11T00:00:00", "type": "ubuntu", "title": "Linux kernel (OEM 5.14) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3744", "CVE-2021-3764", "CVE-2021-41864"], "modified": "2021-11-11T00:00:00", "id": "USN-5140-1", "href": "https://ubuntu.com/security/notices/USN-5140-1", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T18:44:18", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n * Ubuntu 18.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-aws-5.4 \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-azure \\- Linux kernel for Microsoft Azure Cloud systems\n * linux-azure-5.4 \\- Linux kernel for Microsoft Azure cloud systems\n * linux-bluefield \\- Linux kernel for NVIDIA BlueField platforms\n * linux-gcp \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-gcp-5.4 \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-gkeop \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-gkeop-5.4 \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-hwe-5.4 \\- Linux hardware enablement (HWE) kernel\n * linux-ibm \\- Linux kernel for IBM cloud systems\n * linux-kvm \\- Linux kernel for cloud environments\n * linux-oracle \\- Linux kernel for Oracle Cloud systems\n * linux-oracle-5.4 \\- Linux kernel for Oracle Cloud systems\n\nIt was discovered that the Bluetooth subsystem in the Linux kernel \ncontained a use-after-free vulnerability. A local attacker could use this \nto cause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2021-3640)\n\nLikang Luo discovered that a race condition existed in the Bluetooth \nsubsystem of the Linux kernel, leading to a use-after-free vulnerability. A \nlocal attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2021-3752)\n\nLuo Likang discovered that the FireDTV Firewire driver in the Linux kernel \ndid not properly perform bounds checking in some situations. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2021-42739)\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-03T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.9, "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3640", "CVE-2021-3752", "CVE-2021-42739"], "modified": "2022-02-03T00:00:00", "id": "USN-5267-1", "href": "https://ubuntu.com/security/notices/USN-5267-1", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T18:43:09", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n * Ubuntu 18.04 ESM\n\n## Packages\n\n * linux-raspi \\- Linux kernel for Raspberry Pi systems\n * linux-raspi-5.4 \\- Linux kernel for Raspberry Pi systems\n\nUSN-5267-1 fixed vulnerabilities in the Linux kernel. This update \nprovides the corresponding updates for the Linux kernel for Raspberry \nPi devices.\n\nOriginal advisory details:\n\nIt was discovered that the Bluetooth subsystem in the Linux kernel \ncontained a use-after-free vulnerability. A local attacker could use this \nto cause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2021-3640)\n\nLikang Luo discovered that a race condition existed in the Bluetooth \nsubsystem of the Linux kernel, leading to a use-after-free vulnerability. A \nlocal attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2021-3752)\n\nLuo Likang discovered that the FireDTV Firewire driver in the Linux kernel \ndid not properly perform bounds checking in some situations. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2021-42739)\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-17T00:00:00", "type": "ubuntu", "title": "Linux kernel (Raspberry Pi) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.9, "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3640", "CVE-2021-3752", "CVE-2021-42739"], "modified": "2022-02-17T00:00:00", "id": "USN-5267-3", "href": "https://ubuntu.com/security/notices/USN-5267-3", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T18:43:20", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n * Ubuntu 18.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-aws-5.4 \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-azure \\- Linux kernel for Microsoft Azure Cloud systems\n * linux-azure-5.4 \\- Linux kernel for Microsoft Azure cloud systems\n * linux-gcp \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-gcp-5.4 \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-gke \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-gke-5.4 \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-gkeop \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-gkeop-5.4 \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-hwe-5.4 \\- Linux hardware enablement (HWE) kernel\n * linux-ibm \\- Linux kernel for IBM cloud systems\n * linux-kvm \\- Linux kernel for cloud environments\n * linux-oracle \\- Linux kernel for Oracle Cloud systems\n * linux-oracle-5.4 \\- Linux kernel for Oracle Cloud systems\n\nUSN-5267-1 fixed vulnerabilities in the Linux kernel. Unfortunately, \nthat update introduced a regression that caused the kernel to freeze \nwhen accessing CIFS shares in some situations. This update fixes \nthe problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nIt was discovered that the Bluetooth subsystem in the Linux kernel \ncontained a use-after-free vulnerability. A local attacker could use this \nto cause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2021-3640)\n\nLikang Luo discovered that a race condition existed in the Bluetooth \nsubsystem of the Linux kernel, leading to a use-after-free vulnerability. A \nlocal attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2021-3752)\n\nLuo Likang discovered that the FireDTV Firewire driver in the Linux kernel \ndid not properly perform bounds checking in some situations. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2021-42739)\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-11T00:00:00", "type": "ubuntu", "title": "Linux kernel regression", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.9, "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3640", "CVE-2021-3752", "CVE-2021-42739"], "modified": "2022-02-11T00:00:00", "id": "USN-5267-2", "href": "https://ubuntu.com/security/notices/USN-5267-2", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T18:46:02", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n\n## Packages\n\n * linux-oem-5.13 \\- Linux kernel for OEM systems\n\nNadav Amit discovered that the hugetlb implementation in the Linux kernel \ndid not perform TLB flushes under certain conditions. A local attacker \ncould use this to leak or alter data from other processes that use huge \npages. (CVE-2021-4002)\n\nIt was discovered that the eBPF implementation in the Linux kernel did \nnot properly validate the memory size of certain ring buffer operation \narguments. A local attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2021-4204)\n\nIt was discovered that a race condition existed in the overlay file system \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash). (CVE-2021-20321)\n\nIt was discovered that the NFC subsystem in the Linux kernel contained a \nuse-after-free vulnerability in its NFC Controller Interface (NCI) \nimplementation. A local attacker could possibly use this to cause a denial \nof service (system crash) or execute arbitrary code. (CVE-2021-3760)\n\nIt was discovered that an integer overflow could be triggered in the eBPF \nimplementation in the Linux kernel when preallocating objects for stack \nmaps. A privileged local attacker could use this to cause a denial of \nservice or possibly execute arbitrary code. (CVE-2021-41864)\n\nIt was discovered that the KVM implementation for POWER8 processors in the \nLinux kernel did not properly keep track if a wakeup event could be \nresolved by a guest. An attacker in a guest VM could possibly use this to \ncause a denial of service (host OS crash). (CVE-2021-43056)\n\nIt was discovered that the TIPC Protocol implementation in the Linux kernel \ndid not properly validate MSG_CRYPTO messages in some situations. An \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2021-43267)\n\nIt was discovered that the ISDN CAPI implementation in the Linux kernel \ncontained a race condition in certain situations that could trigger an \narray out-of-bounds bug. A privileged local attacker could possibly use \nthis to cause a denial of service or execute arbitrary code. \n(CVE-2021-43389)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-11T00:00:00", "type": "ubuntu", "title": "Linux kernel (OEM) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20321", "CVE-2021-3760", "CVE-2021-4002", "CVE-2021-41864", "CVE-2021-4204", "CVE-2021-43056", "CVE-2021-43267", "CVE-2021-43389"], "modified": "2022-01-11T00:00:00", "id": "USN-5218-1", "href": "https://ubuntu.com/security/notices/USN-5218-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2023-12-03T17:03:43", "description": "## Severity\n\nMedium\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 16.04\n * Canonical Ubuntu 18.04\n\n## Description\n\nIt was discovered that the Packet network protocol implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-22600) J\u00fcrgen Gro\u00df discovered that the Xen subsystem within the Linux kernel did not adequately limit the number of events driver domains (unprivileged PV backends) could send to other guest VMs. An attacker in a driver domain could use this to cause a denial of service in other guest VMs. (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713) J\u00fcrgen Gro\u00df discovered that the Xen network backend driver in the Linux kernel did not adequately limit the amount of queued packets when a guest did not process them. An attacker in a guest VM can use this to cause a denial of service (excessive kernel memory consumption) in the network backend domain. (CVE-2021-28714, CVE-2021-28715) Szymon Heidrich discovered that the USB Gadget subsystem in the Linux kernel did not properly restrict the size of control requests for certain gadget types, leading to possible out of bounds reads or writes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-39685) Jann Horn discovered a race condition in the Unix domain socket implementation in the Linux kernel that could result in a read-after-free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-4083) Kirill Tkhai discovered that the XFS file system implementation in the Linux kernel did not calculate size correctly when pre-allocating space in some situations. A local attacker could use this to expose sensitive information. (CVE-2021-4155) Lin Ma discovered that the NFC Controller Interface (NCI) implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-4202) Sushma Venkatesh Reddy discovered that the Intel i915 graphics driver in the Linux kernel did not perform a GPU TLB flush in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-0330) It was discovered that the VMware Virtual GPU driver in the Linux kernel did not properly handle certain failure conditions, leading to a stale entry in the file descriptor table. A local attacker could use this to expose sensitive information or possibly gain administrative privileges. (CVE-2022-22942)\n\nCVEs contained in this USN include: CVE-2021-22600, CVE-2021-28713, CVE-2021-28714, CVE-2021-28715, CVE-2021-39685, CVE-2021-4083, CVE-2021-4155, CVE-2022-0330, CVE-2022-22942, CVE-2021-4202, CVE-2021-28711, CVE-2021-28712.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Bionic Stemcells \n * 1.x versions prior to 1.67\n * All other stemcells not listed.\n * cflinuxfs3 \n * All versions prior to 0.274.0\n * CF Deployment \n * All versions prior to 18.0.0, or later versions with Xenial Stemcells prior to 621.216\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * Bionic Stemcells \n * Upgrade 1.x versions to 1.67 or greater\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells>).\n * cflinuxfs3 \n * Upgrade all versions to 0.274.0 or greater\n * CF Deployment \n * Upgrade all versions to 18.0.0 or greater and upgrade Xenial Stemcells to 621.216 or greater\n\n## References\n\n * [USN Notice](<https://ubuntu.com/security/notices/USN-5298-1>)\n * [CVE-2021-22600](<https://ubuntu.com/security/CVE-2021-22600>)\n * [CVE-2021-28713](<https://ubuntu.com/security/CVE-2021-28713>)\n * [CVE-2021-28714](<https://ubuntu.com/security/CVE-2021-28714>)\n * [CVE-2021-28715](<https://ubuntu.com/security/CVE-2021-28715>)\n * [CVE-2021-39685](<https://ubuntu.com/security/CVE-2021-39685>)\n * [CVE-2021-4083](<https://ubuntu.com/security/CVE-2021-4083>)\n * [CVE-2021-4155](<https://ubuntu.com/security/CVE-2021-4155>)\n * [CVE-2022-0330](<https://ubuntu.com/security/CVE-2022-0330>)\n * [CVE-2022-22942](<https://ubuntu.com/security/CVE-2022-22942>)\n * [CVE-2021-4202](<https://ubuntu.com/security/CVE-2021-4202>)\n * [CVE-2021-28711](<https://ubuntu.com/security/CVE-2021-28711>)\n * [CVE-2021-28712](<https://ubuntu.com/security/CVE-2021-28712>)\n\n## History\n\n2022-04-21: Initial vulnerability report published.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-21T00:00:00", "type": "cloudfoundry", "title": "USN-5298-1: Linux kernel vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22600", "CVE-2021-28711", "CVE-2021-28712", "CVE-2021-28713", "CVE-2021-28714", "CVE-2021-28715", "CVE-2021-39685", "CVE-2021-4083", "CVE-2021-4155", "CVE-2021-4202", "CVE-2022-0330", "CVE-2022-22942"], "modified": "2022-04-21T00:00:00", "id": "CFOUNDRY:9170AF39C296B9726CD7B93B3A36EC22", "href": "https://www.cloudfoundry.org/blog/usn-5298-1-linux-kernel-vulnerabilities/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T17:03:55", "description": "**Severity**\n\nHigh\n\n**Vendor**\n\nCanonical Ubuntu\n\n**Versions Affected**\n\n * Canonical Ubuntu 18.04\n\n**Description**\n\nYiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. (CVE-2022-0492) J\u00fcrgen Gro\u00df discovered that the Xen subsystem within the Linux kernel did not adequately limit the number of events driver domains (unprivileged PV backends) could send to other guest VMs. An attacker in a driver domain could use this to cause a denial of service in other guest VMs. (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713) J\u00fcrgen Gro\u00df discovered that the Xen network backend driver in the Linux kernel did not adequately limit the amount of queued packets when a guest did not process them. An attacker in a guest VM can use this to cause a denial of service (excessive kernel memory consumption) in the network backend domain. (CVE-2021-28714, CVE-2021-28715) It was discovered that the simulated networking device driver for the Linux kernel did not properly initialize memory in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-4135) Brendan Dolan-Gavitt discovered that the Marvell WiFi-Ex USB device driver in the Linux kernel did not properly handle some error conditions. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2021-43976) It was discovered that the ARM Trusted Execution Environment (TEE) subsystem in the Linux kernel contained a race condition leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-44733) It was discovered that the Phone Network protocol (PhoNet) implementation in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2021-45095) It was discovered that the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2021-45480) Samuel Page discovered that the Transparent Inter-Process Communication (TIPC) protocol implementation in the Linux kernel contained a stack-based buffer overflow. A remote attacker could use this to cause a denial of service (system crash) for systems that have a TIPC bearer configured. (CVE-2022-0435) It was discovered that the KVM implementation for s390 systems in the Linux kernel did not properly prevent memory operations on PVM guests that were in non-protected mode. A local attacker could use this to obtain unauthorized memory write access. (CVE-2022-0516)\n\nCVEs contained in this USN include: CVE-2021-28713, CVE-2021-28714, CVE-2021-28715, CVE-2021-4135, CVE-2021-44733, CVE-2021-45095, CVE-2021-45480, CVE-2021-28711, CVE-2021-28712, CVE-2021-43976, CVE-2022-0435, CVE-2022-0492, CVE-2022-0516.\n\n**Affected Cloud Foundry Products and Versions**\n\n_Severity is high unless otherwise noted._\n\n * Bionic Stemcells\n * 1.x versions prior to 1.71\n * All other stemcells not listed.\n\n**Mitigation**\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * Bionic Stemcells\n * Upgrade 1.x versions to 1.71 or greater\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells>).\n\n**References**\n\n * [USN Notice](<https://ubuntu.com/security/notices/USN-5338-1>)\n * [CVE-2021-28713](<https://ubuntu.com/security/CVE-2021-28713>)\n * [CVE-2021-28714](<https://ubuntu.com/security/CVE-2021-28714>)\n * [CVE-2021-28715](<https://ubuntu.com/security/CVE-2021-28715>)\n * [CVE-2021-4135](<https://ubuntu.com/security/CVE-2021-4135>)\n * [CVE-2021-44733](<https://ubuntu.com/security/CVE-2021-44733>)\n * [CVE-2021-45095](<https://ubuntu.com/security/CVE-2021-45095>)\n * [CVE-2021-45480](<https://ubuntu.com/security/CVE-2021-45480>)\n * [CVE-2021-28711](<https://ubuntu.com/security/CVE-2021-28711>)\n * [CVE-2021-28712](<https://ubuntu.com/security/CVE-2021-28712>)\n * [CVE-2021-43976](<https://ubuntu.com/security/CVE-2021-43976>)\n * [CVE-2022-0435](<https://ubuntu.com/security/CVE-2022-0435>)\n * [CVE-2022-0492](<https://ubuntu.com/security/CVE-2022-0492>)\n * [CVE-2022-0516](<https://ubuntu.com/security/CVE-2022-0516>)\n\n**History**\n\n2022-04-14: Initial vulnerability report published.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-14T00:00:00", "type": "cloudfoundry", "title": "USN-5338-1: Linux kernel vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28711", "CVE-2021-28712", "CVE-2021-28713", "CVE-2021-28714", "CVE-2021-28715", "CVE-2021-4135", "CVE-2021-43976", "CVE-2021-44733", "CVE-2021-45095", "CVE-2021-45480", "CVE-2022-0435", "CVE-2022-0492", "CVE-2022-0516"], "modified": "2022-04-14T00:00:00", "id": "CFOUNDRY:1B101FB251EDFB9515B6EABF00F1012E", "href": "https://www.cloudfoundry.org/blog/usn-5338-1-linux-kernel-vulnerabilities/", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T17:04:29", "description": "## Severity\n\nMedium\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 18.04\n\n## Description\n\nIt was discovered that the Packet network protocol implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-22600) Szymon Heidrich discovered that the USB Gadget subsystem in the Linux kernel did not properly restrict the size of control requests for certain gadget types, leading to possible out of bounds reads or writes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-39685) Jann Horn discovered a race condition in the Unix domain socket implementation in the Linux kernel that could result in a read-after-free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-4083) Kirill Tkhai discovered that the XFS file system implementation in the Linux kernel did not calculate size correctly when pre-allocating space in some situations. A local attacker could use this to expose sensitive information. (CVE-2021-4155) Lin Ma discovered that the NFC Controller Interface (NCI) implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-4202) Brendan Dolan-Gavitt discovered that the aQuantia AQtion Ethernet device driver in the Linux kernel did not properly validate meta-data coming from the device. A local attacker who can control an emulated device can use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-43975) Sushma Venkatesh Reddy discovered that the Intel i915 graphics driver in the Linux kernel did not perform a GPU TLB flush in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-0330) It was discovered that the VMware Virtual GPU driver in the Linux kernel did not properly handle certain failure conditions, leading to a stale entry in the file descriptor table. A local attacker could use this to expose sensitive information or possibly gain administrative privileges. (CVE-2022-22942)\n\nCVEs contained in this USN include: CVE-2021-22600, CVE-2021-39685, CVE-2021-4083, CVE-2021-4155, CVE-2021-43975, CVE-2022-0330, CVE-2022-22942, CVE-2021-4202.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Bionic Stemcells \n * 1.x versions prior to 1.67\n * All other stemcells not listed.\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * Bionic Stemcells \n * Upgrade 1.x versions to 1.67 or greater\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells>).\n\n## References\n\n * [USN Notice](<https://ubuntu.com/security/notices/USN-5294-2>)\n * [CVE-2021-22600](<https://ubuntu.com/security/CVE-2021-22600>)\n * [CVE-2021-39685](<https://ubuntu.com/security/CVE-2021-39685>)\n * [CVE-2021-4083](<https://ubuntu.com/security/CVE-2021-4083>)\n * [CVE-2021-4155](<https://ubuntu.com/security/CVE-2021-4155>)\n * [CVE-2021-43975](<https://ubuntu.com/security/CVE-2021-43975>)\n * [CVE-2022-0330](<https://ubuntu.com/security/CVE-2022-0330>)\n * [CVE-2022-22942](<https://ubuntu.com/security/CVE-2022-22942>)\n * [CVE-2021-4202](<https://ubuntu.com/security/CVE-2021-4202>)\n\n## History\n\n2022-03-11: Initial vulnerability report published.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-11T00:00:00", "type": "cloudfoundry", "title": "USN-5294-2: Linux kernel vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22600", "CVE-2021-39685", "CVE-2021-4083", "CVE-2021-4155", "CVE-2021-4202", "CVE-2021-43975", "CVE-2022-0330", "CVE-2022-22942"], "modified": "2022-03-11T00:00:00", "id": "CFOUNDRY:C1D2F4D8A3F0384C89F6C8D93A4DCF97", "href": "https://www.cloudfoundry.org/blog/usn-5294-2-linux-kernel-vulnerabilities/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T17:05:27", "description": "## Severity\n\nHigh\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 16.04\n * Canonical Ubuntu 18.04\n\n## Description\n\nNadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. (CVE-2021-4002) It was discovered that a race condition existed in the timer implementation in the Linux kernel. A privileged attacker could use this cause a denial of service. (CVE-2021-20317) It was discovered that a race condition existed in the overlay file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-20321) It was discovered that the NFC subsystem in the Linux kernel contained a use-after-free vulnerability in its NFC Controller Interface (NCI) implementation. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-3760) It was discovered that an integer overflow could be triggered in the eBPF implementation in the Linux kernel when preallocating objects for stack maps. A privileged local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-41864) It was discovered that the ISDN CAPI implementation in the Linux kernel contained a race condition in certain situations that could trigger an array out-of-bounds bug. A privileged local attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2021-43389)\n\nCVEs contained in this USN include: CVE-2021-3760, CVE-2021-43389, CVE-2021-4002, CVE-2021-20317, CVE-2021-20321, CVE-2021-41864.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is high unless otherwise noted._\n\n * Bionic Stemcells \n * 1.x versions prior to 1.54\n * All other stemcells not listed.\n * cflinuxfs3 \n * All versions prior to 0.272.0\n * CF Deployment \n * All versions prior to 18.0.0, or later versions with Xenial Stemcells prior to 621.196\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * Bionic Stemcells \n * Upgrade 1.x versions to 1.54 or greater\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells>).\n * cflinuxfs3 \n * Upgrade all versions to 0.272.0 or greater\n * CF Deployment \n * Upgrade all versions to 18.0.0 or greater and upgrade Xenial Stemcells to 621.196 or greater\n\n## References\n\n * [USN Notice](<https://ubuntu.com/security/notices/USN-5209-1>)\n * [CVE-2021-3760](<https://ubuntu.com/security/CVE-2021-3760>)\n * [CVE-2021-43389](<https://ubuntu.com/security/CVE-2021-43389>)\n * [CVE-2021-4002](<https://ubuntu.com/security/CVE-2021-4002>)\n * [CVE-2021-20317](<https://ubuntu.com/security/CVE-2021-20317>)\n * [CVE-2021-20321](<https://ubuntu.com/security/CVE-2021-20321>)\n * [CVE-2021-41864](<https://ubuntu.com/security/CVE-2021-41864>)\n\n## History\n\n2022-03-08: Initial vulnerability report published.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-08T00:00:00", "type": "cloudfoundry", "title": "USN-5209-1: Linux kernel vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20317", "CVE-2021-20321", "CVE-2021-3760", "CVE-2021-4002", "CVE-2021-41864", "CVE-2021-43389"], "modified": "2022-03-08T00:00:00", "id": "CFOUNDRY:EFCCA8E89849350B3F5BDC16FFE250F8", "href": "https://www.cloudfoundry.org/blog/usn-5209-1-linux-kernel-vulnerabilities/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T17:05:07", "description": "## Severity\n\nMedium\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 16.04\n * Canonical Ubuntu 18.04\n\n## Description\n\nKeyu Man discovered that the ICMP implementation in the Linux kernel did not properly handle received ICMP error packets. A remote attacker could use this to facilitate attacks on UDP based services that depend on source port randomization. (CVE-2021-20322) It was discovered that the Bluetooth subsystem in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3640) Likang Luo discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3752) Luo Likang discovered that the FireDTV Firewire driver in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-42739)\n\nCVEs contained in this USN include: CVE-2021-42739, CVE-2021-20322, CVE-2021-3640, CVE-2021-3752.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Bionic Stemcells \n * 1.x versions prior to 1.61\n * All other stemcells not listed.\n * cflinuxfs3 \n * All versions prior to 0.274.0\n * CF Deployment \n * All versions prior to 18.0.0, or later versions with Xenial Stemcells prior to 621.208\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * Bionic Stemcells \n * Upgrade 1.x versions to 1.61 or greater\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells>).\n * cflinuxfs3 \n * Upgrade all versions to 0.274.0 or greater\n * CF Deployment \n * Upgrade all versions to 18.0.0 or greater and upgrade Xenial Stemcells to 621.208 or greater\n\n## References\n\n * [USN Notice](<https://ubuntu.com/security/notices/USN-5268-1>)\n * [CVE-2021-42739](<https://ubuntu.com/security/CVE-2021-42739>)\n * [CVE-2021-20322](<https://ubuntu.com/security/CVE-2021-20322>)\n * [CVE-2021-3640](<https://ubuntu.com/security/CVE-2021-3640>)\n * [CVE-2021-3752](<https://ubuntu.com/security/CVE-2021-3752>)\n\n## History\n\n2022-03-10: Initial vulnerability report published.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-03-10T00:00:00", "type": "cloudfoundry", "title": "USN-5268-1: Linux kernel vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.9, "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20322", "CVE-2021-3640", "CVE-2021-3752", "CVE-2021-42739"], "modified": "2022-03-10T00:00:00", "id": "CFOUNDRY:BD43D191F1913B0416A737C28EAC643D", "href": "https://www.cloudfoundry.org/blog/usn-5268-1-linux-kernel-vulnerabilities/", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T17:02:27", "description": "## Severity\n\nHigh\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 16.04\n * Canonical Ubuntu 18.04\n\n## Description\n\nYiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. (CVE-2022-0492) It was discovered that an out-of-bounds (OOB) memory access flaw existed in the f2fs module of the Linux kernel. A local attacker could use this issue to cause a denial of service (system crash). (CVE-2021-3506) Brendan Dolan-Gavitt discovered that the Marvell WiFi-Ex USB device driver in the Linux kernel did not properly handle some error conditions. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2021-43976) It was discovered that the ARM Trusted Execution Environment (TEE) subsystem in the Linux kernel contained a race condition leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-44733) It was discovered that the Phone Network protocol (PhoNet) implementation in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2021-45095) Samuel Page discovered that the Transparent Inter-Process Communication (TIPC) protocol implementation in the Linux kernel contained a stack-based buffer overflow. A remote attacker could use this to cause a denial of service (system crash) for systems that have a TIPC bearer configured. (CVE-2022-0435)\n\nCVEs contained in this USN include: CVE-2021-3506, CVE-2021-44733, CVE-2021-45095, CVE-2021-43976, CVE-2022-0435, CVE-2022-0492.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is high unless otherwise noted._\n\n * Bionic Stemcells \n * 1.x versions prior to 1.71\n * All other stemcells not listed.\n * cflinuxfs3 \n * All versions prior to 0.279.0\n * CF Deployment \n * All versions prior to 20.0.0, or later versions with Bionic Stemcells prior to 1.71 or Xenial Stemcells prior to 621.224\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * Bionic Stemcells \n * Upgrade 1.x versions to 1.71 or greater\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells>).\n * cflinuxfs3 \n * Upgrade all versions to 0.279.0 or greater\n * CF Deployment \n * Upgrade all versions to 20.0.0 or greater, upgrade Bionic Stemcells to 1.71 or greater, and upgrade Xenial Stemcells to 621.224 or greater\n\n## References\n\n * [USN Notice](<https://ubuntu.com/security/notices/USN-5339-1>)\n * [CVE-2021-3506](<https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3506>)\n * [CVE-2021-44733](<https://ubuntu.com/security/CVE-2021-44733>)\n * [CVE-2021-45095](<https://ubuntu.com/security/CVE-2021-45095>)\n * [CVE-2021-43976](<https://ubuntu.com/security/CVE-2021-43976>)\n * [CVE-2022-0435](<https://ubuntu.com/security/CVE-2022-0435>)\n * [CVE-2022-0492](<https://ubuntu.com/security/CVE-2022-0492>)\n\n## History\n\n2022-05-23: Initial vulnerability report published.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-23T00:00:00", "type": "cloudfoundry", "title": "USN-5339-1: Linux kernel vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3506", "CVE-2021-43976", "CVE-2021-44733", "CVE-2021-45095", "CVE-2022-0435", "CVE-2022-0492"], "modified": "2022-05-23T00:00:00", "id": "CFOUNDRY:73F8C8B872786F9D1C6842EE16AD1519", "href": "https://www.cloudfoundry.org/blog/usn-5339-1-linux-kernel-vulnerabilities/", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T17:06:03", "description": "## Severity\n\nUnknown\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 18.04\n\n## Description\n\nUSN-5210-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression that caused failures to boot in environments with AMD Secure Encrypted Virtualization (SEV) enabled. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. (CVE-2021-4002) It was discovered that the Linux kernel did not properly enforce certain types of entries in the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. An attacker could use this to bypass UEFI Secure Boot restrictions. (CVE-2020-26541) It was discovered that a race condition existed in the overlay file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-20321) It was discovered that the NFC subsystem in the Linux kernel contained a use-after-free vulnerability in its NFC Controller Interface (NCI) implementation. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-3760) It was discovered that an integer overflow could be triggered in the eBPF implementation in the Linux kernel when preallocating objects for stack maps. A privileged local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-41864) It was discovered that the KVM implementation for POWER8 processors in the Linux kernel did not properly keep track if a wakeup event could be resolved by a guest. An attacker in a guest VM could possibly use this to cause a denial of service (host OS crash). (CVE-2021-43056) It was discovered that the ISDN CAPI implementation in the Linux kernel contained a race condition in certain situations that could trigger an array out-of-bounds bug. A privileged local attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2021-43389)\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is unknown unless otherwise noted._\n\n * Bionic Stemcells \n * 1.x versions\n * All other stemcells not listed.\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * Bionic Stemcells \n * There are no fixed versions of this product\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells>).\n\n## References\n\n * [USN Notice](<https://ubuntu.com/security/notices/USN-5210-2>)\n\n## History\n\n2022-01-20: Initial vulnerability report published.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-20T00:00:00", "type": "cloudfoundry", "title": "USN-5210-2: Linux kernel regression | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-26541", "CVE-2021-20321", "CVE-2021-3760", "CVE-2021-4002", "CVE-2021-41864", "CVE-2021-43056", "CVE-2021-43389"], "modified": "2022-01-20T00:00:00", "id": "CFOUNDRY:53F8A02950D1071788BF2E23EFF823EF", "href": "https://www.cloudfoundry.org/blog/usn-5210-2-linux-kernel-regression/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T17:06:09", "description": "## Severity\n\nHigh\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 18.04\n\n## Description\n\nNadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. (CVE-2021-4002) It was discovered that the Linux kernel did not properly enforce certain types of entries in the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. An attacker could use this to bypass UEFI Secure Boot restrictions. (CVE-2020-26541) It was discovered that a race condition existed in the overlay file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-20321) It was discovered that the NFC subsystem in the Linux kernel contained a use-after-free vulnerability in its NFC Controller Interface (NCI) implementation. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-3760) It was discovered that an integer overflow could be triggered in the eBPF implementation in the Linux kernel when preallocating objects for stack maps. A privileged local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-41864) It was discovered that the KVM implementation for POWER8 processors in the Linux kernel did not properly keep track if a wakeup event could be resolved by a guest. An attacker in a guest VM could possibly use this to cause a denial of service (host OS crash). (CVE-2021-43056) It was discovered that the ISDN CAPI implementation in the Linux kernel contained a race condition in certain situations that could trigger an array out-of-bounds bug. A privileged local attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2021-43389)\n\nCVEs contained in this USN include: CVE-2020-26541, CVE-2021-3760, CVE-2021-43056, CVE-2021-43389, CVE-2021-4002, CVE-2021-20321, CVE-2021-41864.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is high unless otherwise noted._\n\n * Bionic Stemcells \n * 1.x versions prior to 1.54\n * All other stemcells not listed.\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * Bionic Stemcells \n * Upgrade 1.x versions to 1.54 or greater\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells>).\n\n## References\n\n * [USN Notice](<https://ubuntu.com/security/notices/USN-5210-1>)\n * [CVE-2020-26541](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-26541>)\n * [CVE-2021-3760](<https://ubuntu.com/security/CVE-2021-3760>)\n * [CVE-2021-43056](<https://ubuntu.com/security/CVE-2021-43056>)\n * [CVE-2021-43389](<https://ubuntu.com/security/CVE-2021-43389>)\n * [CVE-2021-4002](<https://ubuntu.com/security/CVE-2021-4002>)\n * [CVE-2021-20321](<https://ubuntu.com/security/CVE-2021-20321>)\n * [CVE-2021-41864](<https://ubuntu.com/security/CVE-2021-41864>)\n\n## History\n\n2022-01-20: Initial vulnerability report published.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-20T00:00:00", "type": "cloudfoundry", "title": "USN-5210-1: Linux kernel vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-26541", "CVE-2021-20321", "CVE-2021-3760", "CVE-2021-4002", "CVE-2021-41864", "CVE-2021-43056", "CVE-2021-43389"], "modified": "2022-01-20T00:00:00", "id": "CFOUNDRY:C7BE92CF45CB8F4FCBCEA8F043427BCF", "href": "https://www.cloudfoundry.org/blog/usn-5210-1-linux-kernel-vulnerabilities/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T17:04:53", "description": "## Severity\n\nMedium\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 18.04\n\n## Description\n\nIt was discovered that the Bluetooth subsystem in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3640) Likang Luo discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3752) Luo Likang discovered that the FireDTV Firewire driver in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-42739)\n\nCVEs contained in this USN include: CVE-2021-42739, CVE-2021-3640, CVE-2021-3752.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Bionic Stemcells \n * 1.x versions prior to 1.61\n * All other stemcells not listed.\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * Bionic Stemcells \n * Upgrade 1.x versions to 1.61 or greater\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells>).\n\n## References\n\n * [USN Notice](<https://ubuntu.com/security/notices/USN-5267-1>)\n * [CVE-2021-42739](<https://ubuntu.com/security/CVE-2021-42739>)\n * [CVE-2021-3640](<https://ubuntu.com/security/CVE-2021-3640>)\n * [CVE-2021-3752](<https://ubuntu.com/security/CVE-2021-3752>)\n\n## History\n\n2022-03-10: Initial vulnerability report published.\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-10T00:00:00", "type": "cloudfoundry", "title": "USN-5267-1: Linux kernel vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.9, "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3640", "CVE-2021-3752", "CVE-2021-42739"], "modified": "2022-03-10T00:00:00", "id": "CFOUNDRY:DBB07350F947C0F70F7FE502A4A24A35", "href": "https://www.cloudfoundry.org/blog/usn-5267-1-linux-kernel-vulnerabilities/", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T17:05:00", "description": "## Severity\n\nUnknown\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 18.04\n\n## Description\n\nUSN-5267-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression that caused the kernel to freeze when accessing CIFS shares in some situations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the Bluetooth subsystem in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3640) Likang Luo discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3752) Luo Likang discovered that the FireDTV Firewire driver in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-42739)\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is unknown unless otherwise noted._\n\n * Bionic Stemcells \n * 1.x versions prior to 1.61\n * All other stemcells not listed.\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * Bionic Stemcells \n * Upgrade 1.x versions to 1.61 or greater\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells>).\n\n## References\n\n * [USN Notice](<https://ubuntu.com/security/notices/USN-5267-2>)\n\n## History\n\n2022-03-10: Initial vulnerability report published.\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-10T00:00:00", "type": "cloudfoundry", "title": "USN-5267-2: Linux kernel regression | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.9, "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3640", "CVE-2021-3752", "CVE-2021-42739"], "modified": "2022-03-10T00:00:00", "id": "CFOUNDRY:E504C95A1FDEC99C8FA5C726FB6DEA76", "href": "https://www.cloudfoundry.org/blog/usn-5267-2-linux-kernel-regression/", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-10-18T14:44:39", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5298-1 advisory.\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (CVE-2021-22600)\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as driver domains.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default).\n Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time.\n (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714) (CVE-2021-28714, CVE-2021-28715)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-22T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 ESM / 18.04 LTS : Linux kernel vulnerabilities (USN-5298-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-22600", "CVE-2021-28711", "CVE-2021-28712", "CVE-2021-28713", "CVE-2021-28714", "CVE-2021-28715", "CVE-2021-39685", "CVE-2021-4083", "CVE-2021-4155", "CVE-2021-4202", "CVE-2022-0330", "CVE-2022-22942"], "modified": "2023-10-16T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1087-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1103-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1107-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1116-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1120-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1120-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1121-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1131-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-169-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-169-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-169-lowlatency", "cpe:/o:canonical:ubuntu_linux:16.04:-:esm", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1035-dell300x"], "id": "UBUNTU_USN-5298-1.NASL", "href": "https://www.tenable.com/plugins/nessus/158249", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5298-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158249);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/16\");\n\n script_cve_id(\n \"CVE-2021-4083\",\n \"CVE-2021-4155\",\n \"CVE-2021-4202\",\n \"CVE-2021-22600\",\n \"CVE-2021-28711\",\n \"CVE-2021-28712\",\n \"CVE-2021-28713\",\n \"CVE-2021-28714\",\n \"CVE-2021-28715\",\n \"CVE-2021-39685\",\n \"CVE-2022-0330\",\n \"CVE-2022-22942\"\n );\n script_xref(name:\"USN\", value:\"5298-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/02\");\n\n script_name(english:\"Ubuntu 16.04 ESM / 18.04 LTS : Linux kernel vulnerabilities (USN-5298-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-5298-1 advisory.\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket\n file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race\n condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through\n crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected\n versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (CVE-2021-22600)\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to\n multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the\n ability to run PV backends in regular unprivileged guests, typically referred to as driver domains.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets\n compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain\n could try to attack other guests via sending events at a high frequency leading to a Denial of Service in\n the guest due to trying to service interrupts for elongated amounts of time. There are three affected\n backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch\n 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record\n relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.]\n Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is\n ready to process them. There are some measures taken for avoiding to pile up too much data, but those can\n be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming\n new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default).\n Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time.\n (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in\n its RX queue ring page and the next package would require more than one free slot, which may be the case\n when using GSO, XDP, or software hashing. (CVE-2021-28714) (CVE-2021-28714, CVE-2021-28715)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5298-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-39685\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-0330\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'vmwgfx Driver File Descriptor Handling Priv Esc');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:esm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1035-dell300x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1087-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1103-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1107-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1116-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1120-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1120-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1121-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1131-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-169-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-169-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-169-lowlatency\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release || '18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '16.04': {\n '4.15.0': {\n 'generic': '4.15.0-169',\n 'lowlatency': '4.15.0-169',\n 'oracle': '4.15.0-1087',\n 'gcp': '4.15.0-1116',\n 'aws': '4.15.0-1120',\n 'azure': '4.15.0-1131'\n }\n },\n '18.04': {\n '4.15.0': {\n 'generic': '4.15.0-169',\n 'generic-lpae': '4.15.0-169',\n 'lowlatency': '4.15.0-169',\n 'dell300x': '4.15.0-1035',\n 'oracle': '4.15.0-1087',\n 'raspi2': '4.15.0-1103',\n 'kvm': '4.15.0-1107',\n 'gcp': '4.15.0-1116',\n 'snapdragon': '4.15.0-1120',\n 'aws': '4.15.0-1121',\n 'azure': '4.15.0-1131'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5298-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2021-4083', 'CVE-2021-4155', 'CVE-2021-4202', 'CVE-2021-22600', 'CVE-2021-28711', 'CVE-2021-28712', 'CVE-2021-28713', 'CVE-2021-28714', 'CVE-2021-28715', 'CVE-2021-39685', 'CVE-2022-0330', 'CVE-2022-22942');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5298-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T15:07:26", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5338-1 advisory.\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as driver domains.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default).\n Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time.\n (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714) (CVE-2021-28714, CVE-2021-28715)\n\n - In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).\n (CVE-2021-43976)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. (CVE-2021-44733)\n\n - pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.\n (CVE-2021-45095)\n\n - An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the\n __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances.\n (CVE-2021-45480)\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\n - A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4.\n (CVE-2022-0516)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-22T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5338-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28711", "CVE-2021-28712", "CVE-2021-28713", "CVE-2021-28714", "CVE-2021-28715", "CVE-2021-4135", "CVE-2021-43976", "CVE-2021-44733", "CVE-2021-45095", "CVE-2021-45480", "CVE-2022-0435", "CVE-2022-0492", "CVE-2022-0516"], "modified": "2023-10-16T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1018-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1037-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-105-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-105-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-105-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1056-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1059-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1066-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1067-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1068-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1069-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1073-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1073-azure-fde"], "id": "UBUNTU_USN-5338-1.NASL", "href": "https://www.tenable.com/plugins/nessus/159144", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5338-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159144);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/16\");\n\n script_cve_id(\n \"CVE-2021-4135\",\n \"CVE-2021-28711\",\n \"CVE-2021-28712\",\n \"CVE-2021-28713\",\n \"CVE-2021-28714\",\n \"CVE-2021-28715\",\n \"CVE-2021-43976\",\n \"CVE-2021-44733\",\n \"CVE-2021-45095\",\n \"CVE-2021-45480\",\n \"CVE-2022-0435\",\n \"CVE-2022-0492\",\n \"CVE-2022-0516\"\n );\n script_xref(name:\"USN\", value:\"5338-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5338-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-5338-1 advisory.\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to\n multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the\n ability to run PV backends in regular unprivileged guests, typically referred to as driver domains.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets\n compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain\n could try to attack other guests via sending events at a high frequency leading to a Denial of Service in\n the guest due to trying to service interrupts for elongated amounts of time. There are three affected\n backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch\n 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record\n relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.]\n Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is\n ready to process them. There are some measures taken for avoiding to pile up too much data, but those can\n be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming\n new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default).\n Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time.\n (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in\n its RX queue ring page and the next package would require more than one free slot, which may be the case\n when using GSO, XDP, or software hashing. (CVE-2021-28714) (CVE-2021-28714, CVE-2021-28715)\n\n - In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows\n an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).\n (CVE-2021-43976)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory\n object. (CVE-2021-44733)\n\n - pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.\n (CVE-2021-45095)\n\n - An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the\n __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances.\n (CVE-2021-45480)\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the\n kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups\n v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\n - A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for\n s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain\n unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4.\n (CVE-2022-0516)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5338-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0435\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1018-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1037-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-105-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-105-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-105-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1056-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1059-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1066-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1067-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1068-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1069-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1073-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1073-azure-fde\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '18.04': {\n '5.4.0': {\n 'generic': '5.4.0-105',\n 'generic-lpae': '5.4.0-105',\n 'lowlatency': '5.4.0-105',\n 'ibm': '5.4.0-1018',\n 'gkeop': '5.4.0-1037',\n 'raspi': '5.4.0-1056',\n 'gke': '5.4.0-1066',\n 'oracle': '5.4.0-1067',\n 'gcp': '5.4.0-1068',\n 'aws': '5.4.0-1069',\n 'azure': '5.4.0-1073'\n }\n },\n '20.04': {\n '5.4.0': {\n 'generic': '5.4.0-105',\n 'generic-lpae': '5.4.0-105',\n 'lowlatency': '5.4.0-105',\n 'ibm': '5.4.0-1018',\n 'gkeop': '5.4.0-1037',\n 'raspi': '5.4.0-1056',\n 'kvm': '5.4.0-1059',\n 'gke': '5.4.0-1066',\n 'oracle': '5.4.0-1067',\n 'gcp': '5.4.0-1068',\n 'aws': '5.4.0-1069',\n 'azure-fde': '5.4.0-1073'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5338-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2021-4135', 'CVE-2021-28711', 'CVE-2021-28712', 'CVE-2021-28713', 'CVE-2021-28714', 'CVE-2021-28715', 'CVE-2021-43976', 'CVE-2021-44733', 'CVE-2021-45095', 'CVE-2021-45480', 'CVE-2022-0435', 'CVE-2022-0492', 'CVE-2022-0516');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5338-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-18T15:21:09", "description": "The version of kernel installed on the remote host is prior to 4.14.262-135.489. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1563 advisory.\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as driver domains.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default).\n Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time.\n (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714) (CVE-2021-28714, CVE-2021-28715)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-07T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2022-1563)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-20322", "CVE-2021-28711", "CVE-2021-28712", "CVE-2021-28713", "CVE-2021-28714", "CVE-2021-28715", "CVE-2021-3772", "CVE-2021-4002", "CVE-2021-4155", "CVE-2022-0492"], "modified": "2023-11-17T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2022-1563.NASL", "href": "https://www.tenable.com/plugins/nessus/157410", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2022-1563.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157410);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/17\");\n\n script_cve_id(\n \"CVE-2021-3772\",\n \"CVE-2021-4002\",\n \"CVE-2021-4155\",\n \"CVE-2021-20322\",\n \"CVE-2021-28711\",\n \"CVE-2021-28712\",\n \"CVE-2021-28713\",\n \"CVE-2021-28714\",\n \"CVE-2021-28715\",\n \"CVE-2022-0492\"\n );\n script_xref(name:\"ALAS\", value:\"2022-1563\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2022-1563)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 4.14.262-135.489. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS-2022-1563 advisory.\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to\n multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the\n ability to run PV backends in regular unprivileged guests, typically referred to as driver domains.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets\n compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain\n could try to attack other guests via sending events at a high frequency leading to a Denial of Service in\n the guest due to trying to service interrupts for elongated amounts of time. There are three affected\n backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch\n 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record\n relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.]\n Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is\n ready to process them. There are some measures taken for avoiding to pile up too much data, but those can\n be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming\n new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default).\n Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time.\n (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in\n its RX queue ring page and the next package would require more than one free slot, which may be the case\n when using GSO, XDP, or software hashing. (CVE-2021-28714) (CVE-2021-28714, CVE-2021-28715)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2022-1563.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-20322.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-28711.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-28712.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-28713.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-28714.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-28715.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-3772.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-4002.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-4155.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0492.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0492\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2021-3772\", \"CVE-2021-4002\", \"CVE-2021-4155\", \"CVE-2021-20322\", \"CVE-2021-28711\", \"CVE-2021-28712\", \"CVE-2021-28713\", \"CVE-2021-28714\", \"CVE-2021-28715\", \"CVE-2022-0492\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALAS-2022-1563\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'kernel-4.14.262-135.489.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.14.262-135.489.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.14.262-135.489.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.14.262-135.489.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-i686-4.14.262-135.489.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-x86_64-4.14.262-135.489.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.262-135.489.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.262-135.489.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.262-135.489.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.262-135.489.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.262-135.489.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.262-135.489.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.14.262-135.489.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.14.262-135.489.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-4.14.262-135.489.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-4.14.262-135.489.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.262-135.489.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.262-135.489.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.14.262-135.489.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.14.262-135.489.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T15:08:09", "description": "The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5377-1 advisory.\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as driver domains.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default).\n Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time.\n (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714) (CVE-2021-28714, CVE-2021-28715)\n\n - In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).\n (CVE-2021-43976)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. (CVE-2021-44733)\n\n - pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.\n (CVE-2021-45095)\n\n - In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry. (CVE-2021-45469)\n\n - An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the\n __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances.\n (CVE-2021-45480)\n\n - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.\n This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. (CVE-2022-0435)\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\n - A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 (CVE-2022-1055)\n\n - A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat. (CVE-2022-27666)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-14T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : Linux kernel (BlueField) vulnerabilities (USN-5377-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28711", "CVE-2021-28712", "CVE-2021-28713", "CVE-2021-28714", "CVE-2021-28715", "CVE-2021-4135", "CVE-2021-43976", "CVE-2021-44733", "CVE-2021-45095", "CVE-2021-45469", "CVE-2021-45480", "CVE-2022-0435", "CVE-2022-0492", "CVE-2022-1055", "CVE-2022-27666"], "modified": "2023-10-20T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1032-bluefield", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts"], "id": "UBUNTU_USN-5377-1.NASL", "href": "https://www.tenable.com/plugins/nessus/159729", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5377-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159729);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2021-4135\",\n \"CVE-2021-28711\",\n \"CVE-2021-28712\",\n \"CVE-2021-28713\",\n \"CVE-2021-28714\",\n \"CVE-2021-28715\",\n \"CVE-2021-43976\",\n \"CVE-2021-44733\",\n \"CVE-2021-45095\",\n \"CVE-2021-45469\",\n \"CVE-2021-45480\",\n \"CVE-2022-0435\",\n \"CVE-2022-0492\",\n \"CVE-2022-1055\",\n \"CVE-2022-27666\"\n );\n script_xref(name:\"USN\", value:\"5377-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : Linux kernel (BlueField) vulnerabilities (USN-5377-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-5377-1 advisory.\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to\n multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the\n ability to run PV backends in regular unprivileged guests, typically referred to as driver domains.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets\n compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain\n could try to attack other guests via sending events at a high frequency leading to a Denial of Service in\n the guest due to trying to service interrupts for elongated amounts of time. There are three affected\n backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch\n 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record\n relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.]\n Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is\n ready to process them. There are some measures taken for avoiding to pile up too much data, but those can\n be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming\n new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default).\n Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time.\n (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in\n its RX queue ring page and the next package would require more than one free slot, which may be the case\n when using GSO, XDP, or software hashing. (CVE-2021-28714) (CVE-2021-28714, CVE-2021-28715)\n\n - In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows\n an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).\n (CVE-2021-43976)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory\n object. (CVE-2021-44733)\n\n - pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.\n (CVE-2021-45095)\n\n - In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds\n memory access when an inode has an invalid last xattr entry. (CVE-2021-45469)\n\n - An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the\n __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances.\n (CVE-2021-45480)\n\n - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends\n a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.\n This flaw allows a remote user to crash the system or possibly escalate their privileges if they have\n access to the TIPC network. (CVE-2022-0435)\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the\n kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups\n v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\n - A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain\n privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past\n commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 (CVE-2022-1055)\n\n - A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and\n net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap\n objects and may cause a local privilege escalation threat. (CVE-2022-27666)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5377-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0435\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1032-bluefield\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '20.04': {\n '5.4.0': {\n 'bluefield': '5.4.0-1032'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5377-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2021-4135', 'CVE-2021-28711', 'CVE-2021-28712', 'CVE-2021-28713', 'CVE-2021-28714', 'CVE-2021-28715', 'CVE-2021-43976', 'CVE-2021-44733', 'CVE-2021-45095', 'CVE-2021-45469', 'CVE-2021-45480', 'CVE-2022-0435', 'CVE-2022-0492', 'CVE-2022-1055', 'CVE-2022-27666');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5377-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-18T14:44:39", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5294-2 advisory.\n\n - A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (CVE-2021-22600)\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem. (CVE-2021-4202)\n\n - In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210292376References: Upstream kernel (CVE-2021-39685)\n\n - In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (CVE-2021-43975)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-22T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5294-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-22600", "CVE-2021-39685", "CVE-2021-4083", "CVE-2021-4155", "CVE-2021-4202", "CVE-2021-43975", "CVE-2022-0330", "CVE-2022-22942"], "modified": "2023-10-16T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-100-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-100-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-100-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1015-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1028-bluefield", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1034-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1053-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1056-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1064-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1065-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1066-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1070-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1070-azure-fde"], "id": "UBUNTU_USN-5294-2.NASL", "href": "https://www.tenable.com/plugins/nessus/158253", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5294-2. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158253);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/16\");\n\n script_cve_id(\n \"CVE-2021-4083\",\n \"CVE-2021-4155\",\n \"CVE-2021-4202\",\n \"CVE-2021-22600\",\n \"CVE-2021-39685\",\n \"CVE-2021-43975\",\n \"CVE-2022-0330\",\n \"CVE-2022-22942\"\n );\n script_xref(name:\"USN\", value:\"5294-2\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/02\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5294-2)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-5294-2 advisory.\n\n - A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through\n crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected\n versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (CVE-2021-22600)\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket\n file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race\n condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in\n the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem\n while the device is getting removed, leading to a privilege escalation problem. (CVE-2021-4202)\n\n - In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an\n incorrect flag check. This could lead to local escalation of privilege with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-210292376References: Upstream kernel (CVE-2021-39685)\n\n - In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in\n drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a\n crafted device) to trigger an out-of-bounds write via a crafted length value. (CVE-2021-43975)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5294-2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-39685\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-0330\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'vmwgfx Driver File Descriptor Handling Priv Esc');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-100-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-100-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-100-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1015-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1028-bluefield\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1034-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1053-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1056-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1064-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1065-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1066-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1070-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1070-azure-fde\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '18.04': {\n '5.4.0': {\n 'generic': '5.4.0-100',\n 'generic-lpae': '5.4.0-100',\n 'lowlatency': '5.4.0-100',\n 'ibm': '5.4.0-1015',\n 'gkeop': '5.4.0-1034',\n 'raspi': '5.4.0-1053',\n 'oracle': '5.4.0-1064',\n 'gcp': '5.4.0-1065',\n 'aws': '5.4.0-1066',\n 'azure': '5.4.0-1070'\n }\n },\n '20.04': {\n '5.4.0': {\n 'ibm': '5.4.0-1015',\n 'bluefield': '5.4.0-1028',\n 'gkeop': '5.4.0-1034',\n 'raspi': '5.4.0-1053',\n 'kvm': '5.4.0-1056',\n 'oracle': '5.4.0-1064',\n 'gcp': '5.4.0-1065',\n 'aws': '5.4.0-1066',\n 'azure-fde': '5.4.0-1070'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5294-2');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2021-4083', 'CVE-2021-4155', 'CVE-2021-4202', 'CVE-2021-22600', 'CVE-2021-39685', 'CVE-2021-43975', 'CVE-2022-0330', 'CVE-2022-22942');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5294-2');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-04T14:33:00", "description": "The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5050 advisory.\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as driver domains.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default).\n Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time.\n (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714) (CVE-2021-28714, CVE-2021-28715)\n\n - pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.\n (CVE-2021-45095)\n\n - In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry. (CVE-2021-45469)\n\n - An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the\n __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances.\n (CVE-2021-45480)\n\n - kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types. (CVE-2022-23222)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-21T00:00:00", "type": "nessus", "title": "Debian DSA-5050-1 : linux - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28711", "CVE-2021-28712", "CVE-2021-28713", "CVE-2021-28714", "CVE-2021-28715", "CVE-2021-39685", "CVE-2021-4155", "CVE-2021-45095", "CVE-2021-45469", "CVE-2021-45480", "CVE-2022-0185", "CVE-2022-23222"], "modified": "2023-01-16T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-10-octeon-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-10-s390x-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-9-octeon-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-9-s390x-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-10-octeon-di", "p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-10-octeon-di", "p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-9-octeon-di", "p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:bpftool", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-10-octeon-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-10-s390x-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-9-octeon-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-9-s390x-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-10-octeon-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-10-s390x-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-9-octeon-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-9-s390x-di", "p-cpe:/a:debian:debian_linux:dasd-modules-5.10.0-9-s390x-di", "p-cpe:/a:debian:debian_linux:efi-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:efi-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-10-octeon-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-9-octeon-di", "p-cpe:/a:debian:debian_linux:event-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-10-octeon-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-10-s390x-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-9-octeon-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-9-s390x-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-10-s390x-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-9-octeon-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-9-s390x-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-10-octeon-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-10-s390x-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-10-octeon-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-10-s390x-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-9-octeon-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-9-s390x-di", "p-cpe:/a:debian:debian_linux:hyperv-daemons", "p-cpe:/a:debian:debian_linux:hypervisor-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:hypervisor-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-9-octeon-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-9-s390x-di", "p-cpe:/a:debian:debian_linux:dasd-extra-modules-5.10.0-10-s390x-di", "p-cpe:/a:debian:debian_linux:dasd-extra-modules-5.10.0-9-s390x-di", "p-cpe:/a:debian:debian_linux:dasd-modules-5.10.0-10-s390x-di", "p-cpe:/a:debian:debian_linux:linux-doc", "p-cpe:/a:debian:debian_linux:linux-doc-5.10", "p-cpe:/a:debian:debian_linux:linux-headers-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-4kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-5kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-686-dbg", "p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-10-octeon-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-9-octeon-di", "p-cpe:/a:debian:debian_linux:input-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:ipv6-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:ipv6-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-10-octeon-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-10-s390x-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-9-octeon-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-9-s390x-di", "p-cpe:/a:debian:debian_linux:jffs2-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:jffs2-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-10-octeon-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-9-octeon-di", "p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-10-octeon-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-10-s390x-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-9-octeon-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-9-s390x-di", "p-cpe:/a:debian:debian_linux:leds-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:leds-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:leds-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:leds-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:libcpupower-dev", "p-cpe:/a:debian:debian_linux:libcpupower1", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-10-arm", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-10-s390", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-10-x86", "p-cpe:/a:debian:debian_linux:linux-config-5.10", "p-cpe:/a:debian:debian_linux:linux-cpupower", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-686", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-armmp", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-686-pae-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-686-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-amd64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-arm64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-armmp", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-cloud-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-cloud-amd64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-rt-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-s390x", "p-cpe:/a:debian:debian_linux:linux-image-s390x-dbg", "p-cpe:/a:debian:debian_linux:linux-kbuild-5.10", "p-cpe:/a:debian:debian_linux:linux-libc-dev", "p-cpe:/a:debian:debian_linux:linux-perf", "p-cpe:/a:debian:debian_linux:linux-perf-5.10", "p-cpe:/a:debian:debian_linux:linux-source", "p-cpe:/a:debian:debian_linux:linux-source-5.10", "p-cpe:/a:debian:debian_linux:linux-support-5.10.0-10", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-cloud-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-cloud-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-common", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-loongson-3", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-marvell", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-octeon", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-rpi", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-rt-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-s390x", "p-cpe:/a:debian:debian_linux:linux-headers-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-loongson-3", "p-cpe:/a:debian:debian_linux:linux-headers-marvell", "p-cpe:/a:debian:debian_linux:linux-headers-octeon", "p-cpe:/a:debian:debian_linux:linux-headers-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-headers-rpi", "p-cpe:/a:debian:debian_linux:linux-headers-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-s390x", "p-cpe:/a:debian:debian_linux:linux-image-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-4kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-cloud-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-cloud-arm64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-loongson-3", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-loongson-3-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-marvell", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-marvell-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-octeon", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-octeon-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-powerpc64le-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-rpi", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-rpi-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-rt-686-pae-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-rt-amd64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-rt-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-rt-arm64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-rt-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-s390x", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-s390x-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-5kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-686-dbg", "p-cpe:/a:debian:debian_linux:linux-image-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-amd64-signed-template", "p-cpe:/a:debian:debian_linux:linux-image-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-arm64-signed-template", "p-cpe:/a:debian:debian_linux:linux-image-armmp", "p-cpe:/a:debian:debian_linux:linux-image-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-cloud-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-cloud-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-i386-signed-template", "p-cpe:/a:debian:debian_linux:linux-image-loongson-3", "p-cpe:/a:debian:debian_linux:linux-image-loongson-3-dbg", "p-cpe:/a:debian:debian_linux:linux-image-marvell", "p-cpe:/a:debian:debian_linux:linux-image-marvell-dbg", "p-cpe:/a:debian:debian_linux:linux-image-octeon", "p-cpe:/a:debian:debian_linux:linux-image-octeon-dbg", "p-cpe:/a:debian:debian_linux:linux-image-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-image-powerpc64le-dbg", "p-cpe:/a:debian:debian_linux:linux-image-rpi", "p-cpe:/a:debian:debian_linux:linux-image-rpi-dbg", "p-cpe:/a:debian:debian_linux:linux-image-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-rt-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-rt-armmp", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-9-octeon-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-9-s390x-di", "p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-10-octeon-di", "p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-10-octeon-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-10-s390x-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-9-octeon-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-9-s390x-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-9-octeon-di", "p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-10-s390x-di", "p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-9-s390x-di", "p-cpe:/a:debian:debian_linux:mtd-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:mtd-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:mtd-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:mtd-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-10-octeon-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-10-s390x-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-9-octeon-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-9-s390x-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-10-octeon-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-10-s390x-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-9-octeon-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-9-s390x-di", "p-cpe:/a:debian:debian_linux:nfs-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:nfs-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-10-octeon-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-10-s390x-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-10-octeon-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-10-s390x-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:md-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-10-s390x-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-9-octeon-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-9-s390x-di", "p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-9-octeon-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-9-s390x-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-10-octeon-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-9-octeon-di", "p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-10-octeon-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-9-octeon-di", "p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-10-octeon-di", "p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-9-octeon-di", "p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-10-octeon-di", "p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-9-octeon-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-10-octeon-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-9-octeon-di", "p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:rtc-modules-5.10.0-10-octeon-di", "p-cpe:/a:debian:debian_linux:rtc-modules-5.10.0-9-octeon-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-10-octeon-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-9-octeon-di", "p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-10-octeon-di", "p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-9-octeon-di", "p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:serial-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:serial-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-10-octeon-di", "p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-9-octeon-di", "p-cpe:/a:debian:debian_linux:speakup-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:speakup-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-10-octeon-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-9-octeon-di", "p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-10-octeon-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-10-s390x-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-9-octeon-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-9-s390x-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-10-octeon-di", "p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-10-octeon-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-9-octeon-di", "p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-10-octeon-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-9-octeon-di", "p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-10-octeon-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-9-octeon-di", "p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:usbip", "p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-10-octeon-di", "p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-10-s390x-di", "p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-9-octeon-di", "p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-9-s390x-di", "cpe:/o:debian:debian_linux:11.0", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-10-octeon-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-10-s390x-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-9-octeon-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-9-s390x-di", "p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-10-octeon-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-10-s390x-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-9-octeon-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-9-s390x-di", "p-cpe:/a:debian:debian_linux:fancontrol-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:fancontrol-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-10-octeon-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-10-s390x-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-9-octeon-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-9-s390x-di", "p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-10-armmp-di", "p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-10-marvell-di", "p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-9-4kc-malta-di", "p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-9-5kc-malta-di", "p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-9-armmp-di", "p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-9-marvell-di", "p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:firewire-core-modules-5.10.0-10-loongson-3-di", "p-cpe:/a:debian:debian_linux:firewire-core-modules-5.10.0-10-powerpc64le-di", "p-cpe:/a:debian:debian_linux:firewire-core-modules-5.10.0-9-loongson-3-di", "p-cpe:/a:debian:debian_linux:firewire-core-modules-5.10.0-9-powerpc64le-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-10-4kc-malta-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-10-5kc-malta-di", "p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-10-armmp-di"], "id": "DEBIAN_DSA-5050.NASL", "href": "https://www.tenable.com/plugins/nessus/156950", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5050. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156950);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/16\");\n\n script_cve_id(\n \"CVE-2021-4155\",\n \"CVE-2021-28711\",\n \"CVE-2021-28712\",\n \"CVE-2021-28713\",\n \"CVE-2021-28714\",\n \"CVE-2021-28715\",\n \"CVE-2021-39685\",\n \"CVE-2021-45095\",\n \"CVE-2021-45469\",\n \"CVE-2021-45480\",\n \"CVE-2022-0185\",\n \"CVE-2022-23222\"\n );\n\n script_name(english:\"Debian DSA-5050-1 : linux - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5050 advisory.\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to\n multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the\n ability to run PV backends in regular unprivileged guests, typically referred to as driver domains.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets\n compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain\n could try to attack other guests via sending events at a high frequency leading to a Denial of Service in\n the guest due to trying to service interrupts for elongated amounts of time. There are three affected\n backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch\n 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record\n relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.]\n Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is\n ready to process them. There are some measures taken for avoiding to pile up too much data, but those can\n be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming\n new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default).\n Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time.\n (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in\n its RX queue ring page and the next package would require more than one free slot, which may be the case\n when using GSO, XDP, or software hashing. (CVE-2021-28714) (CVE-2021-28714, CVE-2021-28715)\n\n - pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.\n (CVE-2021-45095)\n\n - In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds\n memory access when an inode has an invalid last xattr entry. (CVE-2021-45469)\n\n - An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the\n __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances.\n (CVE-2021-45480)\n\n - kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of\n the availability of pointer arithmetic via certain *_OR_NULL pointer types. (CVE-2022-23222)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988044\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/linux\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-28711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-28712\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-28713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-28714\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-28715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-39685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-45095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-45469\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-45480\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0185\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-23222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/linux\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the linux packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 5.10.92-1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23222\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-0185\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-10-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-9-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-10-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-10-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-9-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-9-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-10-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-10-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-9-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-9-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-10-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-10-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-9-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-9-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-10-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-10-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-9-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-9-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-10-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-10-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-9-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-9-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:dasd-extra-modules-5.10.0-10-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:dasd-extra-modules-5.10.0-9-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:dasd-modules-5.10.0-10-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:dasd-modules-5.10.0-9-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:efi-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:efi-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-10-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-9-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-10-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-10-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-9-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-9-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-10-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-10-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-9-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-9-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fancontrol-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fancontrol-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-10-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-10-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-9-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-9-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firewire-core-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firewire-core-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firewire-core-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firewire-core-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-10-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-10-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-9-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-9-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:hyperv-daemons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:hypervisor-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:hypervisor-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-10-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-9-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ipv6-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ipv6-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-10-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-10-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-9-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-9-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jffs2-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jffs2-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-10-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-9-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-10-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-10-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-9-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-9-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:leds-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:leds-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:leds-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:leds-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-10-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-10-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-10-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-config-5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-cpupower\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-cloud-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-cloud-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-rt-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-10-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-4kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-5kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-686-pae-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-686-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-amd64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-arm64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-cloud-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-cloud-amd64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-cloud-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-cloud-arm64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-loongson-3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-octeon-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-powerpc64le-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-rpi-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-rt-686-pae-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-rt-amd64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-rt-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-rt-arm64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-rt-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-10-s390x-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-amd64-signed-template\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-arm64-signed-template\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-cloud-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-cloud-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-i386-signed-template\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-loongson-3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-octeon-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-powerpc64le-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-rpi-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-rt-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-rt-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-s390x-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-5.10.0-10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-10-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-10-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-9-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-9-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-10-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-10-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-9-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-9-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-10-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-9-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-10-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-9-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-10-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-10-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-9-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-9-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-10-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-10-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-9-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-9-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nfs-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nfs-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-10-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-10-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-9-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-9-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-10-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-9-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-10-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-9-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-10-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-9-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-10-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-9-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-10-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-9-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:rtc-modules-5.10.0-10-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:rtc-modules-5.10.0-9-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-10-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-9-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-10-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-10-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-9-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-9-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-10-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-10-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-9-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-9-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-10-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-9-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:serial-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:serial-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-10-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-9-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:speakup-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:speakup-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-10-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-9-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-10-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-10-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-9-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-9-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-10-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-9-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-10-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-9-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-10-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-10-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-10-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-9-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-9-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-9-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usbip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-10-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-10-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-10-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-10-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-10-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-10-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-9-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-9-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-9-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-9-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-9-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-9-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'affs-modules-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'affs-modules-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'affs-modules-5.10.0-10-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'affs-modules-5.10.0-10-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'affs-modules-5.10.0-9-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'affs-modules-5.10.0-9-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'affs-modules-5.10.0-9-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'affs-modules-5.10.0-9-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-10-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-10-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-10-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-9-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-9-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-9-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-9-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-9-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'bpftool', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-10-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-10-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-10-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-10-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-10-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-10-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-9-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-9-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-9-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-9-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-9-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-9-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-9-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-9-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-10-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-10-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-10-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-10-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-10-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-10-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-9-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-9-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-9-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-9-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-9-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-9-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-9-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-9-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-10-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-10-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-10-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-10-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-10-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-10-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-9-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-9-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-9-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-9-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-9-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-9-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-9-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-9-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-10-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-10-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-10-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-10-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-10-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-10-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-9-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-9-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-9-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-9-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-9-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-9-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-9-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-9-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-10-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-10-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-10-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-10-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-10-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-10-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-9-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-9-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-9-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-9-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-9-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-9-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-9-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-9-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'dasd-extra-modules-5.10.0-10-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'dasd-extra-modules-5.10.0-9-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'dasd-modules-5.10.0-10-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'dasd-modules-5.10.0-9-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'efi-modules-5.10.0-10-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'efi-modules-5.10.0-9-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-10-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-10-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-10-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-10-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-10-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-9-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-9-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-9-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-9-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-9-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-9-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-9-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-10-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-10-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-10-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-10-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-10-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-10-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-9-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-9-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-9-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-9-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-9-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-9-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-9-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-9-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-10-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-10-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-10-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-10-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-10-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-10-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-9-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-9-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-9-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-9-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-9-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-9-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-9-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-9-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fancontrol-modules-5.10.0-10-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fancontrol-modules-5.10.0-9-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-10-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-10-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-10-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-10-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-10-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-10-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-9-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-9-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-9-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-9-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-9-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-9-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-9-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-9-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-10-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-10-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-10-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-10-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-9-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-9-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-9-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-9-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-9-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-9-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'firewire-core-modules-5.10.0-10-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'firewire-core-modules-5.10.0-10-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'firewire-core-modules-5.10.0-9-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'firewire-core-modules-5.10.0-9-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-10-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-10-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-10-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-10-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-10-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-10-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-9-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-9-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-9-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-9-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-9-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-9-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-9-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-9-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'hyperv-daemons', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'hypervisor-modules-5.10.0-10-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'hypervisor-modules-5.10.0-9-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'i2c-modules-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'i2c-modules-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'i2c-modules-5.10.0-10-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'i2c-modules-5.10.0-10-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'i2c-modules-5.10.0-9-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'i2c-modules-5.10.0-9-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'i2c-modules-5.10.0-9-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'i2c-modules-5.10.0-9-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-10-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-10-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-10-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-10-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-10-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-9-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-9-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-9-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-9-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-9-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-9-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-9-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ipv6-modules-5.10.0-10-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ipv6-modules-5.10.0-9-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-10-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-10-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-10-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-10-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-10-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-10-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-9-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-9-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-9-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-9-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-9-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-9-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-9-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-9-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'jffs2-modules-5.10.0-10-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'jffs2-modules-5.10.0-9-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-10-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-10-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-10-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-10-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-10-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-9-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-9-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-9-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-9-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-9-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-9-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-9-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-10-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-10-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-10-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-10-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-10-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-10-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-9-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-9-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-9-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-9-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-9-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-9-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-9-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-9-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'leds-modules-5.10.0-10-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'leds-modules-5.10.0-10-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'leds-modules-5.10.0-9-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'leds-modules-5.10.0-9-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'libcpupower-dev', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'libcpupower1', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-compiler-gcc-10-arm', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-compiler-gcc-10-s390', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-compiler-gcc-10-x86', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-config-5.10', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-cpupower', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-doc', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-doc-5.10', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-headers-4kc-malta', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-10-4kc-malta', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-10-5kc-malta', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-10-686', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-10-686-pae', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-10-amd64', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-10-arm64', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-10-armmp', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-10-armmp-lpae', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-10-cloud-amd64', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-10-cloud-arm64', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-10-common', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-10-common-rt', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-10-loongson-3', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-10-marvell', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-10-octeon', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-10-powerpc64le', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-10-rpi', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-10-rt-686-pae', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-10-rt-amd64', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-10-rt-arm64', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-10-rt-armmp', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-10-s390x', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5kc-malta', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-headers-armmp', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-headers-armmp-lpae', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-headers-loongson-3', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-headers-marvell', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-headers-octeon', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-headers-powerpc64le', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-headers-rpi', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-headers-rt-armmp', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-headers-s390x', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-4kc-malta', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-4kc-malta-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-4kc-malta', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-4kc-malta-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-5kc-malta', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-5kc-malta-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-686-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-686-pae-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-686-pae-unsigned', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-686-unsigned', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-amd64-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-amd64-unsigned', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-arm64-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-arm64-unsigned', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-armmp', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-armmp-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-armmp-lpae', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-armmp-lpae-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-cloud-amd64-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-cloud-amd64-unsigned', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-cloud-arm64-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-cloud-arm64-unsigned', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-loongson-3', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-loongson-3-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-marvell', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-marvell-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-octeon', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-octeon-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-powerpc64le', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-powerpc64le-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-rpi', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-rpi-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-rt-686-pae-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-rt-686-pae-unsigned', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-rt-amd64-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-rt-amd64-unsigned', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-rt-arm64-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-rt-arm64-unsigned', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-rt-armmp', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-rt-armmp-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-s390x', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-10-s390x-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5kc-malta', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-5kc-malta-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-686-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-686-pae-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-amd64-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-amd64-signed-template', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-arm64-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-arm64-signed-template', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-armmp', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-armmp-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-armmp-lpae', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-armmp-lpae-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-cloud-amd64-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-cloud-arm64-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-i386-signed-template', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-loongson-3', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-loongson-3-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-marvell', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-marvell-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-octeon', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-octeon-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-powerpc64le', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-powerpc64le-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-rpi', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-rpi-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-rt-686-pae-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-rt-amd64-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-rt-arm64-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-rt-armmp', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-rt-armmp-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-s390x', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-image-s390x-dbg', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-kbuild-5.10', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-libc-dev', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-perf', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-perf-5.10', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-source', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-source-5.10', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'linux-support-5.10.0-10', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-10-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-10-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-10-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-10-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-10-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-10-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-9-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-9-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-9-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-9-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-9-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-9-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-9-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-9-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-10-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-10-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-10-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-10-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-10-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-10-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-9-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-9-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-9-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-9-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-9-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-9-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-9-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-9-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-10-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-10-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-10-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-9-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-9-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-9-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-9-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-9-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'mmc-core-modules-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'mmc-core-modules-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'mmc-core-modules-5.10.0-10-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'mmc-core-modules-5.10.0-9-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'mmc-core-modules-5.10.0-9-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'mmc-core-modules-5.10.0-9-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'mmc-modules-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'mmc-modules-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'mmc-modules-5.10.0-10-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'mmc-modules-5.10.0-10-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'mmc-modules-5.10.0-9-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'mmc-modules-5.10.0-9-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'mmc-modules-5.10.0-9-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'mmc-modules-5.10.0-9-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'mouse-modules-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'mouse-modules-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'mouse-modules-5.10.0-10-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'mouse-modules-5.10.0-10-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'mouse-modules-5.10.0-9-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'mouse-modules-5.10.0-9-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'mouse-modules-5.10.0-9-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'mouse-modules-5.10.0-9-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-10-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-10-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-10-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-10-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-9-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-9-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-9-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-9-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-9-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-9-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'mtd-modules-5.10.0-10-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'mtd-modules-5.10.0-10-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'mtd-modules-5.10.0-9-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'mtd-modules-5.10.0-9-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-10-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-10-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-10-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-10-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-10-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-10-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-9-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-9-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-9-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-9-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-9-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-9-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-9-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-9-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-10-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-10-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-10-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-10-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-10-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-10-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-9-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-9-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-9-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-9-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-9-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-9-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-9-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-9-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nfs-modules-5.10.0-10-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nfs-modules-5.10.0-9-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-10-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-10-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-10-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-10-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-10-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-10-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-9-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-9-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-9-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-9-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-9-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-9-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-9-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-9-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-10-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-10-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-10-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-10-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-10-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-9-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-9-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-9-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-9-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-9-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-9-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-9-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-10-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-10-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-10-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-10-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-10-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-9-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-9-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-9-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-9-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-9-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-9-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-9-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-10-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-10-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-10-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-10-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-9-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-9-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-9-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-9-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-9-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-9-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-10-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-10-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-10-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-9-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-9-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-9-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-9-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-9-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-10-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-10-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-10-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-10-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-10-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-9-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-9-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-9-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-9-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-9-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-9-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-9-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'rtc-modules-5.10.0-10-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'rtc-modules-5.10.0-9-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-10-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-10-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-10-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-10-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-10-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-9-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-9-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-9-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-9-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-9-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-9-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-9-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-10-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-10-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-10-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-10-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-10-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-10-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-9-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-9-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-9-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-9-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-9-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-9-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-9-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-9-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-10-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-10-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-10-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-10-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-10-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-9-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-9-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-9-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-9-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-9-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-9-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-9-s390x-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-10-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-10-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-10-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-10-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-9-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-9-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-9-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-9-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-9-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-9-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'serial-modules-5.10.0-10-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'serial-modules-5.10.0-9-powerpc64le-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'sound-modules-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'sound-modules-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'sound-modules-5.10.0-10-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'sound-modules-5.10.0-10-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'sound-modules-5.10.0-9-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'sound-modules-5.10.0-9-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'sound-modules-5.10.0-9-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'sound-modules-5.10.0-9-octeon-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'speakup-modules-5.10.0-10-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'speakup-modules-5.10.0-9-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-10-4kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-10-5kc-malta-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-10-armmp-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-10-loongson-3-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-10-marvell-di', 'reference': '5.10.92-1'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-10-octeon-di', 'reference'

Debian DSA-5096-1 : linux - security update

Description

Related