The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5658 advisory.
A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege. (CVE-2023-2176)
Information exposure through microarchitectural state after transient execution from some register files for some Intel® Atom® Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2023-28746)
The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this could be exploited in a real world scenario. This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.
(CVE-2023-47233)
dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count. (CVE-2023-52429)
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential OOBs in smb2_parse_contexts() Validate offsets and lengths before dereferencing create contexts in smb2_parse_contexts(). This fixes following oops when accessing invalid create contexts from server: BUG:
unable to handle page fault for address: ffff8881178d8cc3 #PF: supervisor read access in kernel mode #PF:
error_code(0x0000) - not-present page PGD 4a01067 P4D 4a01067 PUD 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU:
3 PID: 1736 Comm: mount.cifs Not tainted 6.7.0-rc4 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014 RIP: 0010:smb2_parse_contexts+0xa0/0x3a0 [cifs] Code: f8 10 75 13 48 b8 93 ad 25 50 9c b4 11 e7 49 39 06 0f 84 d2 00 00 00 8b 45 00 85 c0 74 61 41 29 c5 48 01 c5 41 83 fd 0f 76 55 <0f> b7 7d 04 0f b7 45 06 4c 8d 74 3d 00 66 83 f8 04 75 bc ba 04 00 RSP:
0018:ffffc900007939e0 EFLAGS: 00010216 RAX: ffffc90000793c78 RBX: ffff8880180cc000 RCX: ffffc90000793c90 RDX: ffffc90000793cc0 RSI: ffff8880178d8cc0 RDI: ffff8880180cc000 RBP: ffff8881178d8cbf R08:
ffffc90000793c22 R09: 0000000000000000 R10: ffff8880180cc000 R11: 0000000000000024 R12: 0000000000000000 R13: 0000000000000020 R14: 0000000000000000 R15: ffffc90000793c22 FS: 00007f873753cbc0(0000) GS:ffff88806bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2:
ffff8881178d8cc3 CR3: 00000000181ca000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> ?
__die+0x23/0x70 ? page_fault_oops+0x181/0x480 ? search_module_extables+0x19/0x60 ? srso_alias_return_thunk+0x5/0xfbef5 ? exc_page_fault+0x1b6/0x1c0 ? asm_exc_page_fault+0x26/0x30 ? smb2_parse_contexts+0xa0/0x3a0 [cifs] SMB2_open+0x38d/0x5f0 [cifs] ? smb2_is_path_accessible+0x138/0x260 [cifs] smb2_is_path_accessible+0x138/0x260 [cifs] cifs_is_path_remote+0x8d/0x230 [cifs] cifs_mount+0x7e/0x350 [cifs] cifs_smb3_do_mount+0x128/0x780 [cifs] smb3_get_tree+0xd9/0x290 [cifs] vfs_get_tree+0x2c/0x100 ? capable+0x37/0x70 path_mount+0x2d7/0xb80 ? srso_alias_return_thunk+0x5/0xfbef5 ?
_raw_spin_unlock_irqrestore+0x44/0x60 __x64_sys_mount+0x11a/0x150 do_syscall_64+0x47/0xf0 entry_SYSCALL_64_after_hwframe+0x6f/0x77 RIP: 0033:0x7f8737657b1e (CVE-2023-52434)
In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in skb_segment() Once again syzbot is able to crash the kernel in skb_segment() [1] GSO_BY_FRAGS is a forbidden value, but unfortunately the following computation in skb_segment() can reach it quite easily :
mss = mss * partial_segs; 65535 = 3 * 5 * 17 * 257, so many initial values of mss can lead to a bad final result. Make sure to limit segmentation so that the new mss value is smaller than GSO_BY_FRAGS. [1] general protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077] CPU: 1 PID: 5079 Comm: syz- executor993 Not tainted 6.7.0-rc4-syzkaller-00141-g1ae4cd3cbdd0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 RIP: 0010:skb_segment+0x181d/0x3f30 net/core/skbuff.c:4551 Code: 83 e3 02 e9 fb ed ff ff e8 90 68 1c f9 48 8b 84 24 f8 00 00 00 48 8d 78 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 8a 21 00 00 48 8b 84 24 f8 00 RSP: 0018:ffffc900043473d0 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000010046 RCX:
ffffffff886b1597 RDX: 000000000000000e RSI: ffffffff886b2520 RDI: 0000000000000070 RBP: ffffc90004347578 R08: 0000000000000005 R09: 000000000000ffff R10: 000000000000ffff R11: 0000000000000002 R12:
ffff888063202ac0 R13: 0000000000010000 R14: 000000000000ffff R15: 0000000000000046 FS:
0000555556e7e380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033 CR2: 0000000020010000 CR3: 0000000027ee2000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400 Call Trace: <TASK> udp6_ufo_fragment+0xa0e/0xd00 net/ipv6/udp_offload.c:109 ipv6_gso_segment+0x534/0x17e0 net/ipv6/ip6_offload.c:120 skb_mac_gso_segment+0x290/0x610 net/core/gso.c:53
__skb_gso_segment+0x339/0x710 net/core/gso.c:124 skb_gso_segment include/net/gso.h:83 [inline] validate_xmit_skb+0x36c/0xeb0 net/core/dev.c:3626 __dev_queue_xmit+0x6f3/0x3d60 net/core/dev.c:4338 dev_queue_xmit include/linux/netdevice.h:3134 [inline] packet_xmit+0x257/0x380 net/packet/af_packet.c:276 packet_snd net/packet/af_packet.c:3087 [inline] packet_sendmsg+0x24c6/0x5220 net/packet/af_packet.c:3119 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0xd5/0x180 net/socket.c:745
__sys_sendto+0x255/0x340 net/socket.c:2190 __do_sys_sendto net/socket.c:2202 [inline] __se_sys_sendto net/socket.c:2198 [inline] __x64_sys_sendto+0xe0/0x1b0 net/socket.c:2198 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b RIP: 0033:0x7f8692032aa9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fff8d685418 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f8692032aa9 RDX:
0000000000010048 RSI: 00000000200000c0 RDI: 0000000000000003 RBP: 00000000000f4240 R08: 0000000020000540 R09: 0000000000000014 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff8d685480 R13:
0000000000000001 R14: 00007fff8d685480 R15: 0000000000000003 </TASK> Modules linked in: —[ end trace 0000000000000000 ]— RIP: 0010:skb_segment+0x181d/0x3f30 net/core/skbuff.c:4551 Code: 83 e3 02 e9 fb ed ff ff e8 90 68 1c f9 48 8b 84 24 f8 00 00 00 48 8d 78 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 8a 21 00 00 48 8b 84 24 f8 00 RSP: 0018:ffffc900043473d0 EFLAGS:
00010202 RAX: dffffc0000000000 RBX: 0000000000010046 RCX: ffffffff886b1597 RDX: 000000000000000e RSI:
ffffffff886b2520 RDI: 0000000000000070 RBP: ffffc90004347578 R0 —truncated— (CVE-2023-52435)
In the Linux kernel, the following vulnerability has been resolved: ceph: fix deadlock or deadcode of misusing dget() The lock order is incorrect between denty and its parent, we should always make sure that the parent get the lock first. But since this deadcode is never used and the parent dir will always be set from the callers, let’s just remove it. (CVE-2023-52583)
In the Linux kernel, the following vulnerability has been resolved: spmi: mediatek: Fix UAF on device remove The pmif driver data that contains the clocks is allocated along with spmi_controller. On device remove, spmi_controller will be freed first, and then devres , including the clocks, will be cleanup. This leads to UAF because putting the clocks will access the clocks in the pmif driver data, which is already freed along with spmi_controller. This can be reproduced by enabling DEBUG_TEST_DRIVER_REMOVE and building the kernel with KASAN. Fix the UAF issue by using unmanaged clk_bulk_get() and putting the clocks before freeing spmi_controller. (CVE-2023-52584)
In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv->lock
while iterating the priv->multicast_list
in ipoib_mcast_join_task()
opens a window for ipoib_mcast_dev_flush()
to remove the items while in the middle of iteration. If the mcast is removed while the lock was dropped, the for loop spins forever resulting in a hard lockup (as was reported on RHEL 4.18.0-372.75.1.el8_6 kernel): Task A (kworker/u72:2 below) | Task B (kworker/u72:0 below)
-----------------------------------±---------------------------------- ipoib_mcast_join_task(work) | ipoib_ib_dev_flush_light(work) spin_lock_irq(&priv->lock) | __ipoib_ib_dev_flush(priv, …) list_for_each_entry(mcast, | ipoib_mcast_dev_flush(dev = priv->dev) &priv->multicast_list, list) | ipoib_mcast_join(dev, mcast) | spin_unlock_irq(&priv->lock) | | spin_lock_irqsave(&priv->lock, flags) | list_for_each_entry_safe(mcast, tmcast, | &priv->multicast_list, list) | list_del(&mcast->list); | list_add_tail(&mcast->list, &remove_list) | spin_unlock_irqrestore(&priv->lock, flags) spin_lock_irq(&priv->lock) | | ipoib_mcast_remove_list(&remove_list) (Here, mcast
is no longer on the | list_for_each_entry_safe(mcast, tmcast, priv->multicast_list
and we keep | remove_list, list) spinning on the remove_list
of | >>> wait_for_completion(&mcast->done) the other thread which is blocked | and the list is still valid on | it’s stack.) Fix this by keeping the lock held and changing to GFP_ATOMIC to prevent eventual sleeps. Unfortunately we could not reproduce the lockup and confirm this fix but based on the code review I think this fix should address such lockups. crash> bc 31 PID: 747 TASK: ff1c6a1a007e8000 CPU: 31 COMMAND: kworker/u72:2 – [exception RIP: ipoib_mcast_join_task+0x1b1] RIP: ffffffffc0944ac1 RSP: ff646f199a8c7e00 RFLAGS: 00000002 RAX: 0000000000000000 RBX: ff1c6a1a04dc82f8 RCX: 0000000000000000 work (&priv->mcast_task{,.work}) RDX: ff1c6a192d60ac68 RSI: 0000000000000286 RDI: ff1c6a1a04dc8000 &mcast->list RBP: ff646f199a8c7e90 R8: ff1c699980019420 R9: ff1c6a1920c9a000 R10: ff646f199a8c7e00 R11:
ff1c6a191a7d9800 R12: ff1c6a192d60ac00 mcast R13: ff1c6a1d82200000 R14: ff1c6a1a04dc8000 R15:
ff1c6a1a04dc82d8 dev priv (&priv->lock) &priv->multicast_list (aka head) ORIG_RAX: ffffffffffffffff CS:
0010 SS: 0018 — <NMI exception stack> — #5 [ff646f199a8c7e00] ipoib_mcast_join_task+0x1b1 at ffffffffc0944ac1 [ib_ipoib] #6 [ff646f199a8c7e98] process_one_work+0x1a7 at ffffffff9bf10967 crash> rx ff646f199a8c7e68 ff646f199a8c7e68: ff1c6a1a04dc82f8 <<< work = &priv->mcast_task.work crash> list -hO ipoib_dev_priv.multicast_list ff1c6a1a04dc8000 (empty) crash> ipoib_dev_priv.mcast_task.work.func,mcast_mutex.owner.counter ff1c6a1a04dc8000 mcast_task.work.func = 0xffffffffc0944910 <ipoib_mcast_join_task>, mcast_mutex.owner.counter = 0xff1c69998efec000 crash> b 8 PID:
8 TASK: ff1c69998efec000 CPU: 33 COMMAND: kworker/u72:0 – #3 [ff646f1980153d50] wait_for_completion+0x96 at ffffffff9c7d7646 #4 [ff646f1980153d90] ipoib_mcast_remove_list+0x56 at ffffffffc0944dc6 [ib_ipoib] #5 [ff646f1980153de8] ipoib_mcast_dev_flush+0x1a7 at ffffffffc09455a7 [ib_ipoib] #6 [ff646f1980153e58] __ipoib_ib_dev_flush+0x1a4 at ffffffffc09431a4 [ib_ipoib] #7 [ff
—truncated— (CVE-2023-52587)
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to tag gcing flag on page during block migration It needs to add missing gcing flag on page during block migration, in order to garantee migrated data be persisted during checkpoint, otherwise out-of-order persistency between data and node may cause data corruption after SPOR. Similar issue was fixed by commit 2d1fe8a86bf5 (f2fs: fix to tag gcing flag on page during file defragment). (CVE-2023-52588)
In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ disable race issue In rkisp1_isp_stop() and rkisp1_csi_disable() the driver masks the interrupts and then apparently assumes that the interrupt handler won’t be running, and proceeds in the stop procedure. This is not the case, as the interrupt handler can already be running, which would lead to the ISP being disabled while the interrupt handler handling a captured frame. This brings up two issues: 1) the ISP could be powered off while the interrupt handler is still running and accessing registers, leading to board lockup, and 2) the interrupt handler code and the code that disables the streaming might do things that conflict. It is not clear to me if 2) causes a real issue, but 1) can be seen with a suitable delay (or printk in my case) in the interrupt handler, leading to board lockup. (CVE-2023-52589)
In the Linux kernel, the following vulnerability has been resolved: wifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap() Since ‘ieee80211_beacon_get()’ can return NULL, ‘wfx_set_mfp_ap()’ should check the return value before examining skb data. So convert the latter to return an appropriate error code and propagate it to return from ‘wfx_start_ap()’ as well. Compile tested only. (CVE-2023-52593)
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential array- index-out-of-bounds read in ath9k_htc_txstatus() Fix an array-index-out-of-bounds read in ath9k_htc_txstatus(). The bug occurs when txs->cnt, data from a URB provided by a USB device, is bigger than the size of the array txs->txstatus, which is HTC_MAX_TX_STATUS. WARN_ON() already checks it, but there is no bug handling code after the check. Make the function return if that is the case. Found by a modified version of syzkaller. UBSAN: array-index-out-of-bounds in htc_drv_txrx.c index 13 is out of range for type ‘__wmi_event_txstatus [12]’ Call Trace: ath9k_htc_txstatus ath9k_wmi_event_tasklet tasklet_action_common __do_softirq irq_exit_rxu sysvec_apic_timer_interrupt (CVE-2023-52594)
In the Linux kernel, the following vulnerability has been resolved: wifi: rt2x00: restart beacon queue when hardware reset When a hardware reset is triggered, all registers are reset, so all queues are forced to stop in hardware interface. However, mac80211 will not automatically stop the queue. If we don’t manually stop the beacon queue, the queue will be deadlocked and unable to start again. This patch fixes the issue where Apple devices cannot connect to the AP after calling ieee80211_restart_hw().
(CVE-2023-52595)
In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix setting of fpc register kvm_arch_vcpu_ioctl_set_fpu() allows to set the floating point control (fpc) register of a guest cpu. The new value is tested for validity by temporarily loading it into the fpc register. This may lead to corruption of the fpc register of the host process: if an interrupt happens while the value is temporarily loaded into the fpc register, and within interrupt context floating point or vector registers are used, the current fp/vx registers are saved with save_fpu_regs() assuming they belong to user space and will be loaded into fp/vx registers when returning to user space. test_fp_ctl() restores the original user space / host process fpc register value, however it will be discarded, when returning to user space. In result the host process will incorrectly continue to run with the value that was supposed to be used for a guest cpu.
Fix this by simply removing the test. There is another test right before the SIE context is entered which will handles invalid values. This results in a change of behaviour: invalid values will now be accepted instead of that the ioctl fails with -EINVAL. This seems to be acceptable, given that this interface is most likely not used anymore, and this is in addition the same behaviour implemented with the memory mapped interface (replace invalid values with zero) - see sync_regs() in kvm-s390.c. (CVE-2023-52597)
In the Linux kernel, the following vulnerability has been resolved: s390/ptrace: handle setting of fpc register correctly If the content of the floating point control (fpc) register of a traced process is modified with the ptrace interface the new value is tested for validity by temporarily loading it into the fpc register. This may lead to corruption of the fpc register of the tracing process: if an interrupt happens while the value is temporarily loaded into the fpc register, and within interrupt context floating point or vector registers are used, the current fp/vx registers are saved with save_fpu_regs() assuming they belong to user space and will be loaded into fp/vx registers when returning to user space.
test_fp_ctl() restores the original user space fpc register value, however it will be discarded, when returning to user space. In result the tracer will incorrectly continue to run with the value that was supposed to be used for the traced process. Fix this by saving fpu register contents with save_fpu_regs() before using test_fp_ctl(). (CVE-2023-52598)
In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in diNewExt [Syz report] UBSAN: array-index-out-of-bounds in fs/jfs/jfs_imap.c:2360:2 index -878706688 is out of range for type ‘struct iagctl[128]’ CPU: 1 PID: 5065 Comm: syz-executor282 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:217 [inline]
__ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348 diNewExt+0x3cf3/0x4000 fs/jfs/jfs_imap.c:2360 diAllocExt fs/jfs/jfs_imap.c:1949 [inline] diAllocAG+0xbe8/0x1e50 fs/jfs/jfs_imap.c:1666 diAlloc+0x1d3/0x1760 fs/jfs/jfs_imap.c:1587 ialloc+0x8f/0x900 fs/jfs/jfs_inode.c:56 jfs_mkdir+0x1c5/0xb90 fs/jfs/namei.c:225 vfs_mkdir+0x2f1/0x4b0 fs/namei.c:4106 do_mkdirat+0x264/0x3a0 fs/namei.c:4129
__do_sys_mkdir fs/namei.c:4149 [inline] __se_sys_mkdir fs/namei.c:4147 [inline] __x64_sys_mkdir+0x6e/0x80 fs/namei.c:4147 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x45/0x110 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x63/0x6b RIP: 0033:0x7fcb7e6a0b57 Code: ff ff 77 07 31 c0 c3 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP:
002b:00007ffd83023038 EFLAGS: 00000286 ORIG_RAX: 0000000000000053 RAX: ffffffffffffffda RBX:
00000000ffffffff RCX: 00007fcb7e6a0b57 RDX: 00000000000a1020 RSI: 00000000000001ff RDI: 0000000020000140 RBP: 0000000020000140 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11:
0000000000000286 R12: 00007ffd830230d0 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [Analysis] When the agstart is too large, it can cause agno overflow. [Fix] After obtaining agno, if the value is invalid, exit the subsequent process. Modified the test from agno > MAXAG to agno >= MAXAG based on linux-next report by kernel test robot (Dan Carpenter). (CVE-2023-52599)
In the Linux kernel, the following vulnerability has been resolved: jfs: fix uaf in jfs_evict_inode When the execution of diMount(ipimap) fails, the object ipimap that has been released may be accessed in diFreeSpecial(). Asynchronous ipimap release occurs when rcu_core() calls jfs_free_node(). Therefore, when diMount(ipimap) fails, sbi->ipimap should not be initialized as ipimap. (CVE-2023-52600)
In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in dbAdjTree Currently there is a bound check missing in the dbAdjTree while accessing the dmt_stree. To add the required check added the bool is_ctl which is required to determine the size as suggest in the following commit. https://lore.kernel.org/linux-kernel- mentees/[email protected]/ (CVE-2023-52601)
In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds Read in dtSearch Currently while searching for current page in the sorted entry table of the page there is a out of bound access. Added a bound check to fix the error. Dave: Set return code to -EIO (CVE-2023-52602)
In the Linux kernel, the following vulnerability has been resolved: UBSAN: array-index-out-of-bounds in dtSplitRoot Syzkaller reported the following issue: oop0: detected capacity change from 0 to 32768 UBSAN:
array-index-out-of-bounds in fs/jfs/jfs_dtree.c:1971:9 index -2 is out of range for type ‘struct dtslot [128]’ CPU: 0 PID: 3613 Comm: syz-executor270 Not tainted 6.0.0-syzkaller-09423-g493ffd6605b2 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Call Trace: <TASK>
__dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:151 [inline] __ubsan_handle_out_of_bounds+0xdb/0x130 lib/ubsan.c:283 dtSplitRoot+0x8d8/0x1900 fs/jfs/jfs_dtree.c:1971 dtSplitUp fs/jfs/jfs_dtree.c:985 [inline] dtInsert+0x1189/0x6b80 fs/jfs/jfs_dtree.c:863 jfs_mkdir+0x757/0xb00 fs/jfs/namei.c:270 vfs_mkdir+0x3b3/0x590 fs/namei.c:4013 do_mkdirat+0x279/0x550 fs/namei.c:4038 __do_sys_mkdirat fs/namei.c:4053 [inline] __se_sys_mkdirat fs/namei.c:4051 [inline] __x64_sys_mkdirat+0x85/0x90 fs/namei.c:4051 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fcdc0113fd9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffeb8bc67d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcdc0113fd9 RDX:
0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003 RBP: 00007fcdc00d37a0 R08: 0000000000000000 R09: 00007fcdc00d37a0 R10: 00005555559a72c0 R11: 0000000000000246 R12: 00000000f8008000 R13:
0000000000000000 R14: 00083878000000f8 R15: 0000000000000000 </TASK> The issue is caused when the value of fsi becomes less than -1. The check to break the loop when fsi value becomes -1 is present but syzbot was able to produce value less than -1 which cause the error. This patch simply add the change for the values less than 0. The patch is tested via syzbot. (CVE-2023-52603)
In the Linux kernel, the following vulnerability has been resolved: FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2867:6 index 196694 is out of range for type ‘s8[1365]’ (aka ‘signed char[1365]’) CPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:217 [inline]
__ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348 dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867 dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834 dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331 dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline] dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402 txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534 txUpdateMap+0x342/0x9e0 txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline] jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732 kthread+0x2d3/0x370 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 </TASK> ================================================================================ Kernel panic - not syncing: UBSAN: panic_on_warn set … CPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 Call Trace:
<TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 panic+0x30f/0x770 kernel/panic.c:340 check_panic_on_warn+0x82/0xa0 kernel/panic.c:236 ubsan_epilogue lib/ubsan.c:223 [inline] __ubsan_handle_out_of_bounds+0x13c/0x150 lib/ubsan.c:348 dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867 dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834 dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331 dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline] dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402 txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534 txUpdateMap+0x342/0x9e0 txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline] jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732 kthread+0x2d3/0x370 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 </TASK> Kernel Offset: disabled Rebooting in 86400 seconds… The issue is caused when the value of lp becomes greater than CTLTREESIZE which is the max size of stree. Adding a simple check solves this issue. Dave: As the function returns a void, good error handling would require a more intrusive code reorganization, so I modified Osama’s patch at use WARN_ON_ONCE for lack of a cleaner option. The patch is tested via syzbot. (CVE-2023-52604)
In the Linux kernel, the following vulnerability has been resolved: powerpc/lib: Validate size for vector operations Some of the fp/vmx code in sstep.c assume a certain maximum size for the instructions being emulated. The size of those operations however is determined separately in analyse_instr(). Add a check to validate the assumption on the maximum size of the operations, so as to prevent any unintended kernel stack corruption. (CVE-2023-52606)
In the Linux kernel, the following vulnerability has been resolved: powerpc/mm: Fix null-pointer dereference in pgtable_cache_add kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by checking the pointer validity.
(CVE-2023-52607)
In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init When the mpi_ec_ctx structure is initialized, some fields are not cleared, causing a crash when referencing the field when the structure was released. Initially, this issue was ignored because memory for mpi_ec_ctx is allocated with the __GFP_ZERO flag. For example, this error will be triggered when calculating the Za value for SM2 separately. (CVE-2023-52616)
In the Linux kernel, the following vulnerability has been resolved: PCI: switchtec: Fix stdev_release() crash after surprise hot remove A PCI device hot removal may occur while stdev->cdev is held open. The call to stdev_release() then happens during close or exit, at a point way past switchtec_pci_remove().
Otherwise the last ref would vanish with the trailing put_device(), just before return. At that later point in time, the devm cleanup has already removed the stdev->mmio_mrpc mapping. Also, the stdev->pdev reference was not a counted one. Therefore, in DMA mode, the iowrite32() in stdev_release() will cause a fatal page fault, and the subsequent dma_free_coherent(), if reached, would pass a stale &stdev->pdev->dev pointer. Fix by moving MRPC DMA shutdown into switchtec_pci_remove(), after stdev_kill(). Counting the stdev->pdev ref is now optional, but may prevent future accidents. Reproducible via the script at https://lore.kernel.org/r/[email protected] (CVE-2023-52617)
In the Linux kernel, the following vulnerability has been resolved: block/rnbd-srv: Check for unlikely string overflow Since dev_search_path can technically be as large as PATH_MAX, there was a risk of truncation when copying it and a second string into full_path since it was also PATH_MAX sized. The W=1 builds were reporting this warning: drivers/block/rnbd/rnbd-srv.c: In function ‘process_msg_open.isra’:
drivers/block/rnbd/rnbd-srv.c:616:51: warning: ‘%s’ directive output may be truncated writing up to 254 bytes into a region of size between 0 and 4095 [-Wformat-truncation=] 616 | snprintf(full_path, PATH_MAX, %s/%s, | ^~ In function ‘rnbd_srv_get_full_path’, inlined from ‘process_msg_open.isra’ at drivers/block/rnbd/rnbd-srv.c:721:14: drivers/block/rnbd/rnbd-srv.c:616:17: note: ‘snprintf’ output between 2 and 4351 bytes into a destination of size 4096 616 | snprintf(full_path, PATH_MAX, %s/%s, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 617 | dev_search_path, dev_name); | ~~~~~~~~~~~~~~~~~~~~~~~~~~ To fix this, unconditionally check for truncation (as was already done for the case where %SESSNAME% was present). (CVE-2023-52618)
In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Fix crash when setting number of cpus to an odd number When the number of cpu cores is adjusted to 7 or other odd numbers, the zone size will become an odd number. The address of the zone will become: addr of zone0 = BASE addr of zone1 = BASE + zone_size addr of zone2 = BASE + zone_size*2 … The address of zone1/3/5/7 will be mapped to non-alignment va. Eventually crashes will occur when accessing these va. So, use ALIGN_DOWN() to make sure the zone size is even to avoid this bug. (CVE-2023-52619)
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow timeout for anonymous sets Never used from userspace, disallow these parameters. (CVE-2023-52620)
In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers These three bpf_map_{lookup,update,delete}_elem() helpers are also available for sleepable bpf program, so add the corresponding lock assertion for sleepable bpf program, otherwise the following warning will be reported when a sleepable bpf program manipulates bpf map under interpreter mode (aka bpf_jit_enable=0): WARNING: CPU: 3 PID: 4985 at kernel/bpf/helpers.c:40 … CPU:
3 PID: 4985 Comm: test_progs Not tainted 6.6.0+ #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) … RIP: 0010:bpf_map_lookup_elem+0x54/0x60 … Call Trace: <TASK> ? __warn+0xa5/0x240 ? bpf_map_lookup_elem+0x54/0x60 ? report_bug+0x1ba/0x1f0 ? handle_bug+0x40/0x80 ? exc_invalid_op+0x18/0x50 ? asm_exc_invalid_op+0x1b/0x20 ? __pfx_bpf_map_lookup_elem+0x10/0x10 ? rcu_lockdep_current_cpu_online+0x65/0xb0 ? rcu_is_watching+0x23/0x50 ? bpf_map_lookup_elem+0x54/0x60 ?
__pfx_bpf_map_lookup_elem+0x10/0x10 ___bpf_prog_run+0x513/0x3b70 __bpf_prog_run32+0x9d/0xd0 ?
__bpf_prog_enter_sleepable_recur+0xad/0x120 ? __bpf_prog_enter_sleepable_recur+0x3e/0x120 bpf_trampoline_6442580665+0x4d/0x1000 __x64_sys_getpgid+0x5/0x30 ? do_syscall_64+0x36/0xb0 entry_SYSCALL_64_after_hwframe+0x6e/0x76 </TASK> (CVE-2023-52621)
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid online resizing failures due to oversized flex bg When we online resize an ext4 filesystem with a oversized flexbg_size, mkfs.ext4
-F -G 67108864 $dev -b 4096 100M mount $dev $dir resize2fs $dev 16G the following WARN_ON is triggered:
================================================================== WARNING: CPU: 0 PID: 427 at mm/page_alloc.c:4402 __alloc_pages+0x411/0x550 Modules linked in: sg(E) CPU: 0 PID: 427 Comm: resize2fs Tainted: G E 6.6.0-rc5+ #314 RIP: 0010:__alloc_pages+0x411/0x550 Call Trace: <TASK>
__kmalloc_large_node+0xa2/0x200 __kmalloc+0x16e/0x290 ext4_resize_fs+0x481/0xd80
__ext4_ioctl+0x1616/0x1d90 ext4_ioctl+0x12/0x20 __x64_sys_ioctl+0xf0/0x150 do_syscall_64+0x3b/0x90 ================================================================== This is because flexbg_size is too large and the size of the new_group_data array to be allocated exceeds MAX_ORDER. Currently, the minimum value of MAX_ORDER is 8, the minimum value of PAGE_SIZE is 4096, the corresponding maximum number of groups that can be allocated is: (PAGE_SIZE << MAX_ORDER) / sizeof(struct ext4_new_group_data) 21845 And the value that is down-aligned to the power of 2 is 16384. Therefore, this value is defined as MAX_RESIZE_BG, and the number of groups added each time does not exceed this value during resizing, and is added multiple times to complete the online resizing. The difference is that the metadata in a flex_bg may be more dispersed. (CVE-2023-52622)
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a suspicious RCU usage warning I received the following warning while running cthon against an ontap server running pNFS: [ 57.202521] ============================= [ 57.202522] WARNING: suspicious RCU usage [ 57.202523] 6.7.0-rc3-g2cc14f52aeb7 #41492 Not tainted [ 57.202525] ----------------------------- [ 57.202525] net/sunrpc/xprtmultipath.c:349 RCU-list traversed in non-reader section!! [ 57.202527] other info that might help us debug this: [ 57.202528] rcu_scheduler_active = 2, debug_locks = 1 [ 57.202529] no locks held by test5/3567. [ 57.202530] stack backtrace: [ 57.202532] CPU: 0 PID: 3567 Comm: test5 Not tainted 6.7.0-rc3-g2cc14f52aeb7 #41492 5b09971b4965c0aceba19f3eea324a4a806e227e [ 57.202534] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown 2/2/2022 [ 57.202536] Call Trace: [ 57.202537] <TASK> [ 57.202540] dump_stack_lvl+0x77/0xb0 [ 57.202551] lockdep_rcu_suspicious+0x154/0x1a0 [ 57.202556] rpc_xprt_switch_has_addr+0x17c/0x190 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6] [ 57.202596] rpc_clnt_setup_test_and_add_xprt+0x50/0x180 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6] [ 57.202621] ? rpc_clnt_add_xprt+0x254/0x300 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6] [ 57.202646] rpc_clnt_add_xprt+0x27a/0x300 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6] [ 57.202671] ?
__pfx_rpc_clnt_setup_test_and_add_xprt+0x10/0x10 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6] [ 57.202696] nfs4_pnfs_ds_connect+0x345/0x760 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9] [ 57.202728] ? __pfx_nfs4_test_session_trunk+0x10/0x10 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9] [ 57.202754] nfs4_fl_prepare_ds+0x75/0xc0 [nfs_layout_nfsv41_files e3a4187f18ae8a27b630f9feae6831b584a9360a] [ 57.202760] filelayout_write_pagelist+0x4a/0x200 [nfs_layout_nfsv41_files e3a4187f18ae8a27b630f9feae6831b584a9360a] [ 57.202765] pnfs_generic_pg_writepages+0xbe/0x230 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9] [ 57.202788] __nfs_pageio_add_request+0x3fd/0x520 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902] [ 57.202813] nfs_pageio_add_request+0x18b/0x390 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902] [ 57.202831] nfs_do_writepage+0x116/0x1e0 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902] [ 57.202849] nfs_writepages_callback+0x13/0x30 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902] [ 57.202866] write_cache_pages+0x265/0x450 [ 57.202870] ?
__pfx_nfs_writepages_callback+0x10/0x10 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902] [ 57.202891] nfs_writepages+0x141/0x230 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902] [ 57.202913] do_writepages+0xd2/0x230 [ 57.202917] ? filemap_fdatawrite_wbc+0x5c/0x80 [ 57.202921] filemap_fdatawrite_wbc+0x67/0x80 [ 57.202924] filemap_write_and_wait_range+0xd9/0x170 [ 57.202930] nfs_wb_all+0x49/0x180 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902] [ 57.202947] nfs4_file_flush+0x72/0xb0 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9] [ 57.202969]
__se_sys_close+0x46/0xd0 [ 57.202972] do_syscall_64+0x68/0x100 [ 57.202975] ? do_syscall_64+0x77/0x100 [ 57.202976] ? do_syscall_64+0x77/0x100 [ 57.202979] entry_SYSCALL_64_after_hwframe+0x6e/0x76 [ 57.202982] RIP: 0033:0x7fe2b12e4a94 [ 57.202985] Code: 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 80 3d d5 18 0e 00 00 74 13 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 44 c3 0f 1f 00 48 83 ec 18 89 7c 24 0c e8 c3 [ 57.202987] RSP: 002b:00007ffe857ddb38 EFLAGS: 00000202 ORIG_RAX:
0000000000000003 [ 57.202989] RAX: ffffffffffffffda RBX: 00007ffe857dfd68 RCX: 00007fe2b12e4a94 [ 57.202991] RDX: 0000000000002000 RSI: 00007ffe857ddc40 RDI: 0000000000000003 [ 57.202992] RBP:
00007ffe857dfc50 R08: 7fffffffffffffff R09: 0000000065650f49 [ 57.202993] R10: 00007f —truncated— (CVE-2023-52623)
In the Linux kernel, the following vulnerability has been resolved: blk-iocost: Fix an UBSAN shift-out-of- bounds warning When iocg_kick_delay() is called from a CPU different than the one which set the delay, @now may be in the past of @iocg->delay_at leading to the following warning: UBSAN: shift-out-of-bounds in block/blk-iocost.c:1359:23 shift exponent 18446744073709 is too large for 64-bit type ‘u64’ (aka ‘unsigned long long’) … Call Trace: <TASK> dump_stack_lvl+0x79/0xc0 __ubsan_handle_shift_out_of_bounds+0x2ab/0x300 iocg_kick_delay+0x222/0x230 ioc_rqos_merge+0x1d7/0x2c0 __rq_qos_merge+0x2c/0x80 bio_attempt_back_merge+0x83/0x190 blk_attempt_plug_merge+0x101/0x150 blk_mq_submit_bio+0x2b1/0x720 submit_bio_noacct_nocheck+0x320/0x3e0 __swap_writepage+0x2ab/0x9d0 The underflow itself doesn’t really affect the behavior in any meaningful way; however, the past timestamp may exaggerate the delay amount calculated later in the code, which shouldn’t be a material problem given the nature of the delay mechanism. If @now is in the past, this CPU is racing another CPU which recently set up the delay and there’s nothing this CPU can contribute w.r.t. the delay. Let’s bail early from iocg_kick_delay() in such cases. (CVE-2023-52630)
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix an NULL dereference bug The issue here is when this is called from ntfs_load_attr_list(). The size comes from le32_to_cpu(attr->res.data_size) so it can’t overflow on a 64bit systems but on 32bit systems the + 1023 can overflow and the result is zero. This means that the kmalloc will succeed by returning the ZERO_SIZE_PTR and then the memcpy() will crash with an Oops on the next line. (CVE-2023-52631)
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix lock dependency warning with srcu ====================================================== WARNING: possible circular locking dependency detected 6.5.0-kfd-yangp #2289 Not tainted
------------------------------------------------------ kworker/0:2/996 is trying to acquire lock:
(srcu){.+.+}-{0:0}, at: __synchronize_srcu+0x5/0x1a0 but task is already holding lock:
((work_completion)(&svms->deferred_list_work)){+.+.}-{0:0}, at: process_one_work+0x211/0x560 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 ((work_completion)(&svms->deferred_list_work)){+.+.}-{0:0}: __flush_work+0x88/0x4f0 svm_range_list_lock_and_flush_work+0x3d/0x110 [amdgpu] svm_range_set_attr+0xd6/0x14c0 [amdgpu] kfd_ioctl+0x1d1/0x630 [amdgpu] __x64_sys_ioctl+0x88/0xc0 -> #2 (&info->lock#2){+.+.}-{3:3}:
__mutex_lock+0x99/0xc70 amdgpu_amdkfd_gpuvm_restore_process_bos+0x54/0x740 [amdgpu] restore_process_helper+0x22/0x80 [amdgpu] restore_process_worker+0x2d/0xa0 [amdgpu] process_one_work+0x29b/0x560 worker_thread+0x3d/0x3d0 -> #1 ((work_completion)(&(&process->restore_work)->work)){+.+.}-{0:0}: __flush_work+0x88/0x4f0
__cancel_work_timer+0x12c/0x1c0 kfd_process_notifier_release_internal+0x37/0x1f0 [amdgpu]
__mmu_notifier_release+0xad/0x240 exit_mmap+0x6a/0x3a0 mmput+0x6a/0x120 do_exit+0x322/0xb90 do_group_exit+0x37/0xa0 __x64_sys_exit_group+0x18/0x20 do_syscall_64+0x38/0x80 -> #0 (srcu){.+.+}-{0:0}:
__lock_acquire+0x1521/0x2510 lock_sync+0x5f/0x90 __synchronize_srcu+0x4f/0x1a0
__mmu_notifier_release+0x128/0x240 exit_mmap+0x6a/0x3a0 mmput+0x6a/0x120 svm_range_deferred_list_work+0x19f/0x350 [amdgpu] process_one_work+0x29b/0x560 worker_thread+0x3d/0x3d0 other info that might help us debug this: Chain exists of: srcu –> &info->lock#2 –> (work_completion)(&svms->deferred_list_work) Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock((work_completion)(&svms->deferred_list_work)); lock(&info->lock#2);
lock((work_completion)(&svms->deferred_list_work)); sync(srcu); (CVE-2023-52632)
In the Linux kernel, the following vulnerability has been resolved: um: time-travel: fix time corruption In ‘basic’ time-travel mode (without =inf-cpu or =ext), we still get timer interrupts. These can happen at arbitrary points in time, i.e. while in timer_read(), which pushes time forward just a little bit. Then, if we happen to get the interrupt after calculating the new time to push to, but before actually finishing that, the interrupt will set the time to a value that’s incompatible with the forward, and we’ll crash because time goes backwards when we do the forwarding. Fix this by reading the time_travel_time, calculating the adjustment, and doing the adjustment all with interrupts disabled. (CVE-2023-52633)
In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreq_monitor_[start/stop] There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from cancel_delayed_work_sync() and followed by expire_timers() can be seen from the traces[1]. while true do echo simple_ondemand > /sys/class/devfreq/1d84000.ufshc/governor echo performance > /sys/class/devfreq/1d84000.ufshc/governor done It looks to be issue with devfreq driver where device_monitor_[start/stop] need to synchronized so that delayed work should get corrupted while it is either being queued or running or being cancelled.
Let’s use polling flag and devfreq lock to synchronize the queueing the timer instance twice and work data being corrupted. [1] … … <idle>-0 [003] 9436.209662: timer_cancel timer=0xffffff80444f0428 <idle>-0 [003] 9436.209664: timer_expire_entry timer=0xffffff80444f0428 now=0x10022da1c function=__typeid__ZTSFvP10timer_listE_global_addr baseclk=0x10022da1c <idle>-0 [003] 9436.209718:
timer_expire_exit timer=0xffffff80444f0428 kworker/u16:6-14217 [003] 9436.209863: timer_start timer=0xffffff80444f0428 function=__typeid__ZTSFvP10timer_listE_global_addr expires=0x10022da2b now=0x10022da1c flags=182452227 vendor.xxxyyy.ha-1593 [004] 9436.209888: timer_cancel timer=0xffffff80444f0428 vendor.xxxyyy.ha-1593 [004] 9436.216390: timer_init timer=0xffffff80444f0428 vendor.xxxyyy.ha-1593 [004] 9436.216392: timer_start timer=0xffffff80444f0428 function=__typeid__ZTSFvP10timer_listE_global_addr expires=0x10022da2c now=0x10022da1d flags=186646532 vendor.xxxyyy.ha-1593 [005] 9436.220992: timer_cancel timer=0xffffff80444f0428 xxxyyyTraceManag-7795 [004] 9436.261641: timer_cancel timer=0xffffff80444f0428 [2] 9436.261653][ C4] Unable to handle kernel paging request at virtual address dead00000000012a [ 9436.261664][ C4] Mem abort info: [ 9436.261666][ C4] ESR = 0x96000044 [ 9436.261669][ C4] EC = 0x25: DABT (current EL), IL = 32 bits [ 9436.261671][ C4] SET = 0, FnV = 0 [ 9436.261673][ C4] EA = 0, S1PTW = 0 [ 9436.261675][ C4] Data abort info: [ 9436.261677][ C4] ISV = 0, ISS = 0x00000044 [ 9436.261680][ C4] CM = 0, WnR = 1 [ 9436.261682][ C4] [dead00000000012a] address between user and kernel address ranges [ 9436.261685][ C4] Internal error: Oops: 96000044 [#1] PREEMPT SMP [ 9436.261701][ C4] Skip md ftrace buffer dump for: 0x3a982d0 … [ 9436.262138][ C4] CPU: 4 PID: 7795 Comm: TraceManag Tainted: G S W O 5.10.149-android12-9-o-g17f915d29d0c #1 [ 9436.262141][ C4] Hardware name: Qualcomm Technologies, Inc. (DT) [ 9436.262144][ C4] pstate: 22400085 (nzCv daIf +PAN -UAO +TCO BTYPE=–) [ 9436.262161][ C4] pc : expire_timers+0x9c/0x438 [ 9436.262164][ C4] lr :
expire_timers+0x2a4/0x438 [ 9436.262168][ C4] sp : ffffffc010023dd0 [ 9436.262171][ C4] x29:
ffffffc010023df0 x28: ffffffd0636fdc18 [ 9436.262178][ C4] x27: ffffffd063569dd0 x26: ffffffd063536008 [ 9436.262182][ C4] x25: 0000000000000001 x24: ffffff88f7c69280 [ 9436.262185][ C4] x23: 00000000000000e0 x22: dead000000000122 [ 9436.262188][ C4] x21: 000000010022da29 x20: ffffff8af72b4e80 [ 9436.262191][ C4] x19: ffffffc010023e50 x18: ffffffc010025038 [ 9436.262195][ C4] x17: 0000000000000240 x16:
0000000000000201 [ 9436.262199][ C4] x15: ffffffffffffffff x14: ffffff889f3c3100 [ 9436.262203][ C4] x13:
ffffff889f3c3100 x12: 00000000049f56b8 [ 9436.262207][ C4] x11: 00000000049f56b8 x10: 00000000ffffffff [ 9436.262212][ C4] x9 : ffffffc010023e50 x8 : dead000000000122 [ 9436.262216][ C4] x7 : ffffffffffffffff x6 : ffffffc0100239d8 [ 9436.262220][ C4] x5 : 0000000000000000 x4 : 0000000000000101 [ 9436.262223][ C4] x3 : 0000000000000080 x2 : ffffff8 —truncated— (CVE-2023-52635)
In the Linux kernel, the following vulnerability has been resolved: can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) Lock jsk->sk to prevent UAF when setsockopt(…, SO_J1939_FILTER, …) modifies jsk->filters while receiving packets. Following trace was seen on affected system: ================================================================== BUG: KASAN: slab-use-after-free in j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939] Read of size 4 at addr ffff888012144014 by task j1939/350 CPU: 0 PID: 350 Comm: j1939 Tainted: G W OE 6.5.0-rc5 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Call Trace: print_report+0xd3/0x620 ? kasan_complete_mode_report_info+0x7d/0x200 ? j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939] kasan_report+0xc2/0x100 ? j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939] __asan_load4+0x84/0xb0 j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939] j1939_sk_recv+0x20b/0x320 [can_j1939] ?
__kasan_check_write+0x18/0x20 ? __pfx_j1939_sk_recv+0x10/0x10 [can_j1939] ? j1939_simple_recv+0x69/0x280 [can_j1939] ? j1939_ac_recv+0x5e/0x310 [can_j1939] j1939_can_recv+0x43f/0x580 [can_j1939] ?
__pfx_j1939_can_recv+0x10/0x10 [can_j1939] ? raw_rcv+0x42/0x3c0 [can_raw] ? __pfx_j1939_can_recv+0x10/0x10 [can_j1939] can_rcv_filter+0x11f/0x350 [can] can_receive+0x12f/0x190 [can] ? __pfx_can_rcv+0x10/0x10 [can] can_rcv+0xdd/0x130 [can] ? __pfx_can_rcv+0x10/0x10 [can] __netif_receive_skb_one_core+0x13d/0x150 ?
__pfx___netif_receive_skb_one_core+0x10/0x10 ? __kasan_check_write+0x18/0x20 ?
_raw_spin_lock_irq+0x8c/0xe0 __netif_receive_skb+0x23/0xb0 process_backlog+0x107/0x260
__napi_poll+0x69/0x310 net_rx_action+0x2a1/0x580 ? __pfx_net_rx_action+0x10/0x10 ?
__pfx__raw_spin_lock+0x10/0x10 ? handle_irq_event+0x7d/0xa0 __do_softirq+0xf3/0x3f8 do_softirq+0x53/0x80 </IRQ> <TASK> __local_bh_enable_ip+0x6e/0x70 netif_rx+0x16b/0x180 can_send+0x32b/0x520 [can] ?
__pfx_can_send+0x10/0x10 [can] ? __check_object_size+0x299/0x410 raw_sendmsg+0x572/0x6d0 [can_raw] ?
__pfx_raw_sendmsg+0x10/0x10 [can_raw] ? apparmor_socket_sendmsg+0x2f/0x40 ? __pfx_raw_sendmsg+0x10/0x10 [can_raw] sock_sendmsg+0xef/0x100 sock_write_iter+0x162/0x220 ? __pfx_sock_write_iter+0x10/0x10 ?
__rtnl_unlock+0x47/0x80 ? security_file_permission+0x54/0x320 vfs_write+0x6ba/0x750 ?
__pfx_vfs_write+0x10/0x10 ? __fget_light+0x1ca/0x1f0 ? __rcu_read_unlock+0x5b/0x280 ksys_write+0x143/0x170 ? __pfx_ksys_write+0x10/0x10 ? __kasan_check_read+0x15/0x20 ? fpregs_assert_state_consistent+0x62/0x70
__x64_sys_write+0x47/0x60 do_syscall_64+0x60/0x90 ? do_syscall_64+0x6d/0x90 ? irqentry_exit+0x3f/0x50 ? exc_page_fault+0x79/0xf0 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 Allocated by task 348:
kasan_save_stack+0x2a/0x50 kasan_set_track+0x29/0x40 kasan_save_alloc_info+0x1f/0x30
__kasan_kmalloc+0xb5/0xc0 __kmalloc_node_track_caller+0x67/0x160 j1939_sk_setsockopt+0x284/0x450 [can_j1939] __sys_setsockopt+0x15c/0x2f0 __x64_sys_setsockopt+0x6b/0x80 do_syscall_64+0x60/0x90 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 Freed by task 349: kasan_save_stack+0x2a/0x50 kasan_set_track+0x29/0x40 kasan_save_free_info+0x2f/0x50 __kasan_slab_free+0x12e/0x1c0
__kmem_cache_free+0x1b9/0x380 kfree+0x7a/0x120 j1939_sk_setsockopt+0x3b2/0x450 [can_j1939]
__sys_setsockopt+0x15c/0x2f0 __x64_sys_setsockopt+0x6b/0x80 do_syscall_64+0x60/0x90 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 (CVE-2023-52637)
In the Linux kernel, the following vulnerability has been resolved: can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock The following 3 locks would race against each other, causing the deadlock situation in the Syzbot bug report: - j1939_socks_lock - active_session_list_lock - sk_session_queue_lock A reasonable fix is to change j1939_socks_lock to an rwlock, since in the rare situations where a write lock is required for the linked list that j1939_socks_lock is protecting, the code does not attempt to acquire any more locks. This would break the circular lock dependency, where, for example, the current thread already locks j1939_socks_lock and attempts to acquire sk_session_queue_lock, and at the same time, another thread attempts to acquire j1939_socks_lock while holding sk_session_queue_lock. NOTE: This patch along does not fix the unregister_netdevice bug reported by Syzbot; instead, it solves a deadlock situation to prepare for one or more further patches to actually fix the Syzbot bug, which appears to be a reference counting problem within the j1939 codebase. [mkl: remove unrelated newline change] (CVE-2023-52638)
In the Linux kernel, the following vulnerability has been resolved: KVM: s390: vsie: fix race during shadow creation Right now it is possible to see gmap->private being zero in kvm_s390_vsie_gmap_notifier resulting in a crash. This is due to the fact that we add gmap->private == kvm after creation: static int acquire_gmap_shadow(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page) { […] gmap = gmap_shadow(vcpu->arch.gmap, asce, edat); if (IS_ERR(gmap)) return PTR_ERR(gmap); gmap->private = vcpu->kvm; Let children inherit the private field of the parent. (CVE-2023-52639)
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix oob in ntfs_listxattr The length of name cannot exceed the space occupied by ea. (CVE-2023-52640)
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame() It is preferable to exit through the out: label because internal debugging functions are located there. (CVE-2023-52641)
A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on struct net_device
, and a use-after-free can be triggered by racing between the free on the struct and the access through the skbtxq
global queue. This could lead to a denial of service condition or potential code execution. (CVE-2023-6270)
A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigger a denial of service. (CVE-2023-7042)
A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This issue can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. (CVE-2024-0340)
A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system. (CVE-2024-0841)
A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues. (CVE-2024-1151)
NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C. This issue affects Linux kernel: v2.6.12-rc2. (CVE-2024-22099)
In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation. (CVE-2024-23850)
copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing param_kernel->data_size check. This is related to ctl_ioctl. (CVE-2024-23851)
A race condition was found in the Linux kernel’s net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service. (CVE-2024-24857)
A race condition was found in the Linux kernel’s net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service. (CVE-2024-24858)
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip end interval element from gc rbtree lazy gc on insert might collect an end interval element that has been just added in this transactions, skip end interval elements that are not yet active. (CVE-2024-26581)
In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tls_decrypt_sg doesn’t take a reference on the pages from clear_skb, so the put_page() in tls_decrypt_done releases them, and we trigger a use-after-free in process_rx_list when we try to read from the partially-read skb. (CVE-2024-26582)
In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread (one which called recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete() so any code past that point risks touching already freed data. Try to avoid the locking and extra flags altogether. Have the main thread hold an extra reference, this way we can depend solely on the atomic ref counter for synchronization. Don’t futz with reiniting the completion, either, we are now tightly controlling when completion fires. (CVE-2024-26583)
In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we’re setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our requests to the crypto API, crypto_aead_{encrypt,decrypt} can return -EBUSY instead of -EINPROGRESS in valid situations. For example, when the cryptd queue for AESNI is full (easy to trigger with an artificially low cryptd.cryptd_max_cpu_qlen), requests will be enqueued to the backlog but still processed. In that case, the async callback will also be called twice: first with err == -EINPROGRESS, which it seems we can just ignore, then with err == 0. Compared to Sabrina’s original patch this version uses the new tls_*crypt_async_wait() helpers and converts the EBUSY to EINPROGRESS to avoid having to modify all the error handling paths. The handling is identical. (CVE-2024-26584)
In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread (recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete(). Reorder scheduling the work before calling complete(). This seems more logical in the first place, as it’s the inverse order of what the submitting thread will do. (CVE-2024-26585)
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix stack corruption When tc filters are first added to a net device, the corresponding local port gets bound to an ACL group in the device. The group contains a list of ACLs. In turn, each ACL points to a different TCAM region where the filters are stored. During forwarding, the ACLs are sequentially evaluated until a match is found. One reason to place filters in different regions is when they are added with decreasing priorities and in an alternating order so that two consecutive filters can never fit in the same region because of their key usage. In Spectrum-2 and newer ASICs the firmware started to report that the maximum number of ACLs in a group is more than 16, but the layout of the register that configures ACL groups (PAGT) was not updated to account for that. It is therefore possible to hit stack corruption [1] in the rare case where more than 16 ACLs in a group are required. Fix by limiting the maximum ACL group size to the minimum between what the firmware reports and the maximum ACLs that fit in the PAGT register. Add a test case to make sure the machine does not crash when this condition is hit. [1] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: mlxsw_sp_acl_tcam_group_update+0x116/0x120 […] dump_stack_lvl+0x36/0x50 panic+0x305/0x330 __stack_chk_fail+0x15/0x20 mlxsw_sp_acl_tcam_group_update+0x116/0x120 mlxsw_sp_acl_tcam_group_region_attach+0x69/0x110 mlxsw_sp_acl_tcam_vchunk_get+0x492/0xa20 mlxsw_sp_acl_tcam_ventry_add+0x25/0xe0 mlxsw_sp_acl_rule_add+0x47/0x240 mlxsw_sp_flower_replace+0x1a9/0x1d0 tc_setup_cb_add+0xdc/0x1c0 fl_hw_replace_filter+0x146/0x1f0 fl_change+0xc17/0x1360 tc_new_tfilter+0x472/0xb90 rtnetlink_rcv_msg+0x313/0x3b0 netlink_rcv_skb+0x58/0x100 netlink_unicast+0x244/0x390 netlink_sendmsg+0x1e4/0x440 ____sys_sendmsg+0x164/0x260 ___sys_sendmsg+0x9a/0xe0 __sys_sendmsg+0x7a/0xc0 do_syscall_64+0x40/0xe0 entry_SYSCALL_64_after_hwframe+0x63/0x6b (CVE-2024-26586)
In the Linux kernel, the following vulnerability has been resolved: erofs: fix inconsistent per-file compression format EROFS can select compression algorithms on a per-file basis, and each per-file compression algorithm needs to be marked in the on-disk superblock for initialization. However, syzkaller can generate inconsistent crafted images that use an unsupported algorithmtype for specific inodes, e.g.
use MicroLZMA algorithmtype even it’s not set in sbi->available_compr_algs
. This can lead to an unexpected BUG: kernel NULL pointer dereference if the corresponding decompressor isn’t built-in. Fix this by checking against sbi->available_compr_algs
for each m_algorithmformat request. Incorrect !erofs_sb_has_compr_cfgs preset bitmap is now fixed together since it was harmless previously.
(CVE-2024-26590)
In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Fix block process call transactions According to the Intel datasheets, software must reset the block buffer index twice for block process call transactions: once before writing the outgoing data to the buffer, and once again before reading the incoming data from the buffer. The driver is currently missing the second reset, causing the wrong portion of the block buffer to be read. (CVE-2024-26593)
In the Linux kernel, the following vulnerability has been resolved: phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP If the external phy working together with phy-omap-usb2 does not implement send_srp(), we may still attempt to call it. This can happen on an idle Ethernet gadget triggering a wakeup for example: configfs-gadget.g1 gadget.0: ECM Suspend configfs-gadget.g1 gadget.0: Port suspended.
Triggering wakeup … Unable to handle kernel NULL pointer dereference at virtual address 00000000 when execute … PC is at 0x0 LR is at musb_gadget_wakeup+0x1d4/0x254 [musb_hdrc] … musb_gadget_wakeup [musb_hdrc] from usb_gadget_wakeup+0x1c/0x3c [udc_core] usb_gadget_wakeup [udc_core] from eth_start_xmit+0x3b0/0x3d4 [u_ether] eth_start_xmit [u_ether] from dev_hard_start_xmit+0x94/0x24c dev_hard_start_xmit from sch_direct_xmit+0x104/0x2e4 sch_direct_xmit from __dev_queue_xmit+0x334/0xd88
__dev_queue_xmit from arp_solicit+0xf0/0x268 arp_solicit from neigh_probe+0x54/0x7c neigh_probe from
__neigh_event_send+0x22c/0x47c __neigh_event_send from neigh_resolve_output+0x14c/0x1c0 neigh_resolve_output from ip_finish_output2+0x1c8/0x628 ip_finish_output2 from ip_send_skb+0x40/0xd8 ip_send_skb from udp_send_skb+0x124/0x340 udp_send_skb from udp_sendmsg+0x780/0x984 udp_sendmsg from
__sys_sendto+0xd8/0x158 __sys_sendto from ret_fast_syscall+0x0/0x58 Let’s fix the issue by checking for send_srp() and set_vbus() before calling them. For USB peripheral only cases these both could be NULL.
(CVE-2024-26600)
In the Linux kernel, the following vulnerability has been resolved: ext4: regenerate buddy after block freeing failed if under fc replay This mostly reverts commit 6bd97bf273bd (ext4: remove redundant mb_regenerate_buddy()) and reintroduces mb_regenerate_buddy(). Based on code in mb_free_blocks(), fast commit replay can end up marking as free blocks that are already marked as such. This causes corruption of the buddy bitmap so we need to regenerate it in that case. (CVE-2024-26601)
In the Linux kernel, the following vulnerability has been resolved: sched/membarrier: reduce the ability to hammer on sys_membarrier On some systems, sys_membarrier can be very expensive, causing overall slowdowns for everything. So put a lock on the path in order to serialize the accesses to prevent the ability for this to be called at too high of a frequency and saturate the machine. (CVE-2024-26602)
In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Stop relying on userspace for info to fault in xsave buffer Before this change, the expected size of the user space buffer was taken from fx_sw->xstate_size. fx_sw->xstate_size can be changed from user-space, so it is possible construct a sigreturn frame where: * fx_sw->xstate_size is smaller than the size required by valid bits in fx_sw->xfeatures. * user-space unmaps parts of the sigrame fpu buffer so that not all of the buffer required by xrstor is accessible. In this case, xrstor tries to restore and accesses the unmapped area which results in a fault. But fault_in_readable succeeds because buf + fx_sw->xstate_size is within the still mapped area, so it goes back and tries xrstor again. It will spin in this loop forever. Instead, fault in the maximum size which can be touched by XRSTOR (taken from fpstate->user_size). [ dhansen: tweak subject / changelog ] (CVE-2024-26603)
In the Linux kernel, the following vulnerability has been resolved: binder: signal epoll threads of self- work In (e)poll mode, threads often depend on I/O events to determine when data is ready for consumption.
Within binder, a thread may initiate a command via BINDER_WRITE_READ without a read buffer and then make use of epoll_wait() or similar to consume any responses afterwards. It is then crucial that epoll threads are signaled via wakeup when they queue their own work. Otherwise, they risk waiting indefinitely for an event leaving their work unhandled. What is worse, subsequent commands won’t trigger a wakeup either as the thread has pending work. (CVE-2024-26606)
In the Linux kernel, the following vulnerability has been resolved: mm: huge_memory: don’t force huge page alignment on 32 bit commit efa7df3e3bb5 (mm: align larger anonymous mappings on THP boundaries) caused two issues [1] [2] reported on 32 bit system or compat userspace. It doesn’t make too much sense to force huge page alignment on 32 bit system due to the constrained virtual address space. [1] https://lore.kernel.org/linux-mm/[email protected]/ [2] https://lore.kernel.org/linux-mm/CAJuCfpHXLdQy1a2B6xN2d7quTYwg2OoZseYPZTRpU0eHHKD-sQ@mail.gmail.com/ (CVE-2024-26621)
In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyo_write_control() Since tomoyo_write_control() updates head->write_buf when write() of long lines is requested, we need to fetch head->write_buf after head->io_sem is held. Otherwise, concurrent write() requests can cause use-after-free-write and double-free problems. (CVE-2024-26622)
In the Linux kernel, the following vulnerability has been resolved: llc: call sock_orphan() at release time syzbot reported an interesting trace [1] caused by a stale sk->sk_wq pointer in a closed llc socket.
In commit ff7b11aa481f (net: socket: set sock->sk to NULL after calling proto_ops::release()) Eric Biggers hinted that some protocols are missing a sock_orphan(), we need to perform a full audit. In net- next, I plan to clear sock->sk from sock_orphan() and amend Eric patch to add a warning. [1] BUG: KASAN:
slab-use-after-free in list_empty include/linux/list.h:373 [inline] BUG: KASAN: slab-use-after-free in waitqueue_active include/linux/wait.h:127 [inline] BUG: KASAN: slab-use-after-free in sock_def_write_space_wfree net/core/sock.c:3384 [inline] BUG: KASAN: slab-use-after-free in sock_wfree+0x9a8/0x9d0 net/core/sock.c:2468 Read of size 8 at addr ffff88802f4fc880 by task ksoftirqd/1/27 CPU: 1 PID: 27 Comm: ksoftirqd/1 Not tainted 6.8.0-rc1-syzkaller-00049-g6098d87eaf31 #0 Hardware name:
QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 Call Trace: <TASK>
__dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:377 [inline] print_report+0xc4/0x620 mm/kasan/report.c:488 kasan_report+0xda/0x110 mm/kasan/report.c:601 list_empty include/linux/list.h:373 [inline] waitqueue_active include/linux/wait.h:127 [inline] sock_def_write_space_wfree net/core/sock.c:3384 [inline] sock_wfree+0x9a8/0x9d0 net/core/sock.c:2468 skb_release_head_state+0xa3/0x2b0 net/core/skbuff.c:1080 skb_release_all net/core/skbuff.c:1092 [inline] napi_consume_skb+0x119/0x2b0 net/core/skbuff.c:1404 e1000_unmap_and_free_tx_resource+0x144/0x200 drivers/net/ethernet/intel/e1000/e1000_main.c:1970 e1000_clean_tx_irq drivers/net/ethernet/intel/e1000/e1000_main.c:3860 [inline] e1000_clean+0x4a1/0x26e0 drivers/net/ethernet/intel/e1000/e1000_main.c:3801 __napi_poll.constprop.0+0xb4/0x540 net/core/dev.c:6576 napi_poll net/core/dev.c:6645 [inline] net_rx_action+0x956/0xe90 net/core/dev.c:6778
__do_softirq+0x21a/0x8de kernel/softirq.c:553 run_ksoftirqd kernel/softirq.c:921 [inline] run_ksoftirqd+0x31/0x60 kernel/softirq.c:913 smpboot_thread_fn+0x660/0xa10 kernel/smpboot.c:164 kthread+0x2c6/0x3a0 kernel/kthread.c:388 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242 </TASK> Allocated by task 5167:
kasan_save_stack+0x33/0x50 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:314 [inline] __kasan_slab_alloc+0x81/0x90 mm/kasan/common.c:340 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook mm/slub.c:3813 [inline] slab_alloc_node mm/slub.c:3860 [inline] kmem_cache_alloc_lru+0x142/0x6f0 mm/slub.c:3879 alloc_inode_sb include/linux/fs.h:3019 [inline] sock_alloc_inode+0x25/0x1c0 net/socket.c:308 alloc_inode+0x5d/0x220 fs/inode.c:260 new_inode_pseudo+0x16/0x80 fs/inode.c:1005 sock_alloc+0x40/0x270 net/socket.c:634
__sock_create+0xbc/0x800 net/socket.c:1535 sock_create net/socket.c:1622 [inline] __sys_socket_create net/socket.c:1659 [inline] __sys_socket+0x14c/0x260 net/socket.c:1706 __do_sys_socket net/socket.c:1720 [inline] __se_sys_socket net/socket.c:1718 [inline] __x64_sys_socket+0x72/0xb0 net/socket.c:1718 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd3/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Freed by task 0: kasan_save_stack+0x33/0x50 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 kasan_save_free_info+0x3f/0x60 mm/kasan/generic.c:640 poison_slab_object mm/kasan/common.c:241 [inline] __kasan_slab_free+0x121/0x1b0 mm/kasan/common.c:257 kasan_slab_free include/linux/kasan.h:184 [inline] slab_free_hook mm/slub.c:2121 [inlin —truncated— (CVE-2024-26625)
In the Linux kernel, the following vulnerability has been resolved: ipmr: fix kernel panic when forwarding mcast packets The stacktrace was: [ 86.305548] BUG: kernel NULL pointer dereference, address:
0000000000000092 [ 86.306815] #PF: supervisor read access in kernel mode [ 86.307717] #PF:
error_code(0x0000) - not-present page [ 86.308624] PGD 0 P4D 0 [ 86.309091] Oops: 0000 [#1] PREEMPT SMP NOPTI [ 86.309883] CPU: 2 PID: 3139 Comm: pimd Tainted: G U 6.8.0-6wind-knet #1 [ 86.311027] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.1-0-g0551a4be2c-prebuilt.qemu-project.org 04/01/2014 [ 86.312728] RIP: 0010:ip_mr_forward (/build/work/knet/net/ipv4/ipmr.c:1985) [ 86.313399] Code:
f9 1f 0f 87 85 03 00 00 48 8d 04 5b 48 8d 04 83 49 8d 44 c5 00 48 8b 40 70 48 39 c2 0f 84 d9 00 00 00 49 8b 46 58 48 83 e0 fe <80> b8 92 00 00 00 00 0f 84 55 ff ff ff 49 83 47 38 01 45 85 e4 0f [ 86.316565] RSP:
0018:ffffad21c0583ae0 EFLAGS: 00010246 [ 86.317497] RAX: 0000000000000000 RBX: 0000000000000000 RCX:
0000000000000000 [ 86.318596] RDX: ffff9559cb46c000 RSI: 0000000000000000 RDI: 0000000000000000 [ 86.319627] RBP: ffffad21c0583b30 R08: 0000000000000000 R09: 0000000000000000 [ 86.320650] R10:
0000000000000000 R11: 0000000000000000 R12: 0000000000000001 [ 86.321672] R13: ffff9559c093a000 R14:
ffff9559cc00b800 R15: ffff9559c09c1d80 [ 86.322873] FS: 00007f85db661980(0000) GS:ffff955a79d00000(0000) knlGS:0000000000000000 [ 86.324291] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 86.325314] CR2:
0000000000000092 CR3: 000000002f13a000 CR4: 0000000000350ef0 [ 86.326589] Call Trace: [ 86.327036] <TASK> [ 86.327434] ? show_regs (/build/work/knet/arch/x86/kernel/dumpstack.c:479) [ 86.328049] ? __die (/build/work/knet/arch/x86/kernel/dumpstack.c:421 /build/work/knet/arch/x86/kernel/dumpstack.c:434) [ 86.328508] ? page_fault_oops (/build/work/knet/arch/x86/mm/fault.c:707) [ 86.329107] ? do_user_addr_fault (/build/work/knet/arch/x86/mm/fault.c:1264) [ 86.329756] ? srso_return_thunk (/build/work/knet/arch/x86/lib/retpoline.S:223) [ 86.330350] ? __irq_work_queue_local (/build/work/knet/kernel/irq_work.c:111 (discriminator 1)) [ 86.331013] ? exc_page_fault (/build/work/knet/./arch/x86/include/asm/paravirt.h:693 /build/work/knet/arch/x86/mm/fault.c:1515 /build/work/knet/arch/x86/mm/fault.c:1563) [ 86.331702] ? asm_exc_page_fault (/build/work/knet/./arch/x86/include/asm/idtentry.h:570) [ 86.332468] ? ip_mr_forward (/build/work/knet/net/ipv4/ipmr.c:1985) [ 86.333183] ? srso_return_thunk (/build/work/knet/arch/x86/lib/retpoline.S:223) [ 86.333920] ipmr_mfc_add (/build/work/knet/./include/linux/rcupdate.h:782 /build/work/knet/net/ipv4/ipmr.c:1009 /build/work/knet/net/ipv4/ipmr.c:1273) [ 86.334583] ? __pfx_ipmr_hash_cmp (/build/work/knet/net/ipv4/ipmr.c:363) [ 86.335357] ip_mroute_setsockopt (/build/work/knet/net/ipv4/ipmr.c:1470) [ 86.336135] ? srso_return_thunk (/build/work/knet/arch/x86/lib/retpoline.S:223) [ 86.336854] ? ip_mroute_setsockopt (/build/work/knet/net/ipv4/ipmr.c:1470) [ 86.337679] do_ip_setsockopt (/build/work/knet/net/ipv4/ip_sockglue.c:944) [ 86.338408] ? __pfx_unix_stream_read_actor (/build/work/knet/net/unix/af_unix.c:2862) [ 86.339232] ? srso_return_thunk (/build/work/knet/arch/x86/lib/retpoline.S:223) [ 86.339809] ? aa_sk_perm (/build/work/knet/security/apparmor/include/cred.h:153 /build/work/knet/security/apparmor/net.c:181) [ 86.340342] ip_setsockopt (/build/work/knet/net/ipv4/ip_sockglue.c:1415) [ 86.340859] raw_setsockopt (/build/work/knet/net/ipv4/raw.c:836) [ 86.341408] ? security_socket_setsockopt (/build/work/knet/security/security.c:4561 (discriminator 13)) [ 86.342116] sock_common_setsockopt (/build/work/knet/net/core/sock.c:3716) [ 86.342747] do_sock_setsockopt (/build/work/knet/net/socket.c:2313) [ 86.343363] __sys_setsockopt (/build/work/knet/./include/linux/file.h:32 /build/work/kn —truncated— (CVE-2024-26626)
In the Linux kernel, the following vulnerability has been resolved: scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler Inside scsi_eh_wakeup(), scsi_host_busy() is called & checked with host lock every time for deciding if error handler kthread needs to be waken up. This can be too heavy in case of recovery, such as: - N hardware queues - queue depth is M for each hardware queue - each scsi_host_busy() iterates over (N * M) tag/requests If recovery is triggered in case that all requests are in-flight, each scsi_eh_wakeup() is strictly serialized, when scsi_eh_wakeup() is called for the last in- flight request, scsi_host_busy() has been run for (N * M - 1) times, and request has been iterated for (N*M - 1) * (N * M) times. If both N and M are big enough, hard lockup can be triggered on acquiring host lock, and it is observed on mpi3mr(128 hw queues, queue depth 8169). Fix the issue by calling scsi_host_busy() outside the host lock. We don’t need the host lock for getting busy count because host the lock never covers that. [mkp: Drop unnecessary ‘busy’ variables pointed out by Bart] (CVE-2024-26627)
In the Linux kernel, the following vulnerability has been resolved: nfsd: fix RELEASE_LOCKOWNER The test on so_count in nfsd4_release_lockowner() is nonsense and harmful. Revert to using check_for_locks(), changing that to not sleep. First: harmful. As is documented in the kdoc comment for nfsd4_release_lockowner(), the test on so_count can transiently return a false positive resulting in a return of NFS4ERR_LOCKS_HELD when in fact no locks are held. This is clearly a protocol violation and with the Linux NFS client it can cause incorrect behaviour. If RELEASE_LOCKOWNER is sent while some other thread is still processing a LOCK request which failed because, at the time that request was received, the given owner held a conflicting lock, then the nfsd thread processing that LOCK request can hold a reference (conflock) to the lock owner that causes nfsd4_release_lockowner() to return an incorrect error.
The Linux NFS client ignores that NFS4ERR_LOCKS_HELD error because it never sends NFS4_RELEASE_LOCKOWNER without first releasing any locks, so it knows that the error is impossible. It assumes the lock owner was in fact released so it feels free to use the same lock owner identifier in some later locking request.
When it does reuse a lock owner identifier for which a previous RELEASE failed, it will naturally use a lock_seqid of zero. However the server, which didn’t release the lock owner, will expect a larger lock_seqid and so will respond with NFS4ERR_BAD_SEQID. So clearly it is harmful to allow a false positive, which testing so_count allows. The test is nonsense because … well… it doesn’t mean anything. so_count is the sum of three different counts. 1/ the set of states listed on so_stateids 2/ the set of active vfs locks owned by any of those states 3/ various transient counts such as for conflicting locks. When it is tested against ‘2’ it is clear that one of these is the transient reference obtained by find_lockowner_str_locked(). It is not clear what the other one is expected to be. In practice, the count is often 2 because there is precisely one state on so_stateids. If there were more, this would fail. In my testing I see two circumstances when RELEASE_LOCKOWNER is called. In one case, CLOSE is called before RELEASE_LOCKOWNER. That results in all the lock states being removed, and so the lockowner being discarded (it is removed when there are no more references which usually happens when the lock state is discarded).
When nfsd4_release_lockowner() finds that the lock owner doesn’t exist, it returns success. The other case shows an so_count of ‘2’ and precisely one state listed in so_stateid. It appears that the Linux client uses a separate lock owner for each file resulting in one lock state per lock owner, so this test on ‘2’ is safe. For another client it might not be safe. So this patch changes check_for_locks() to use the (newish) find_any_file_locked() so that it doesn’t take a reference on the nfs4_file and so never calls nfsd_file_put(), and so never sleeps. With this check is it safe to restore the use of check_for_locks() rather than testing so_count against the mysterious ‘2’. (CVE-2024-26629)
In the Linux kernel, the following vulnerability has been resolved: mm, kmsan: fix infinite recursion due to RCU critical section Alexander Potapenko writes in [1]: For every memory access in the code instrumented by KMSAN we call kmsan_get_metadata() to obtain the metadata for the memory being accessed.
For virtual memory the metadata pointers are stored in the corresponding struct page
, therefore we need to call virt_to_page() to get them. According to the comment in arch/x86/include/asm/page.h, virt_to_page(kaddr) returns a valid pointer iff virt_addr_valid(kaddr) is true, so KMSAN needs to call virt_addr_valid() as well. To avoid recursion, kmsan_get_metadata() must not call instrumented code, therefore ./arch/x86/include/asm/kmsan.h forks parts of arch/x86/mm/physaddr.c to check whether a virtual address is valid or not. But the introduction of rcu_read_lock() to pfn_valid() added instrumented RCU API calls to virt_to_page_or_null(), which is called by kmsan_get_metadata(), so there is an infinite recursion now. I do not think it is correct to stop that recursion by doing kmsan_enter_runtime()/kmsan_exit_runtime() in kmsan_get_metadata(): that would prevent instrumented functions called from within the runtime from tracking the shadow values, which might introduce false positives. Fix the issue by switching pfn_valid() to the _sched() variant of rcu_read_lock/unlock(), which does not require calling into RCU. Given the critical section in pfn_valid() is very small, this is a reasonable trade-off (with preemptible RCU). KMSAN further needs to be careful to suppress calls into the scheduler, which would be another source of recursion. This can be done by wrapping the call to pfn_valid() into preempt_disable/enable_no_resched(). The downside is that this sacrifices breaking scheduling guarantees; however, a kernel compiled with KMSAN has already given up any performance guarantees due to being heavily instrumented. Note, KMSAN code already disables tracing via Makefile, and since mmzone.h is included, it is not necessary to use the notrace variant, which is generally preferred in all other cases. (CVE-2024-26639)
In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity checks to rx zerocopy TCP rx zerocopy intent is to map pages initially allocated from NIC drivers, not pages owned by a fs. This patch adds to can_map_frag() these additional checks: - Page must not be a compound one. - page->mapping must be NULL. This fixes the panic reported by ZhangPeng. syzbot was able to loopback packets built with sendfile(), mapping pages owned by an ext4 file to TCP rx zerocopy. r3 = socket$inet_tcp(0x2, 0x1, 0x0) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e24, @multicast1}, 0x10) connect$inet(r4, &(0x7f00000006c0)={0x2, 0x4e24, @empty}, 0x10) r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)=‘./file0\x00’, 0x181e42, 0x0) fallocate(r5, 0x0, 0x0, 0x85b8) sendfile(r4, r5, 0x0, 0x8ba0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000440)=0x40) r6 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)=‘./file0\x00’, 0x181e42, 0x0) (CVE-2024-26640)
In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() syzbot found __ip6_tnl_rcv() could access unitiliazed data [1]. Call pskb_inet_may_pull() to fix this, and initialize ipv6h variable after this call as it can change skb->head. [1] BUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] BUG:
KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] BUG: KMSAN: uninit-value in IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321 __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321 ip6ip6_dscp_ecn_decapsulate+0x178/0x1b0 net/ipv6/ip6_tunnel.c:727 __ip6_tnl_rcv+0xd4e/0x1590 net/ipv6/ip6_tunnel.c:845 ip6_tnl_rcv+0xce/0x100 net/ipv6/ip6_tunnel.c:888 gre_rcv+0x143f/0x1870 ip6_protocol_deliver_rcu+0xda6/0x2a60 net/ipv6/ip6_input.c:438 ip6_input_finish net/ipv6/ip6_input.c:483 [inline] NF_HOOK include/linux/netfilter.h:314 [inline] ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492 ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586 dst_input include/net/dst.h:461 [inline] ip6_rcv_finish+0x5db/0x870 net/ipv6/ip6_input.c:79 NF_HOOK include/linux/netfilter.h:314 [inline] ipv6_rcv+0xda/0x390 net/ipv6/ip6_input.c:310 __netif_receive_skb_one_core net/core/dev.c:5532 [inline]
__netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5646 netif_receive_skb_internal net/core/dev.c:5732 [inline] netif_receive_skb+0x58/0x660 net/core/dev.c:5791 tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555 tun_get_user+0x53af/0x66d0 drivers/net/tun.c:2002 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2084 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0x786/0x1200 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643
__do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline]
__x64_sys_write+0x93/0xd0 fs/read_write.c:652 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768 slab_alloc_node mm/slub.c:3478 [inline] kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560
__alloc_skb+0x318/0x740 net/core/skbuff.c:651 alloc_skb include/linux/skbuff.h:1286 [inline] alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334 sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2787 tun_alloc_skb drivers/net/tun.c:1531 [inline] tun_get_user+0x1e8a/0x66d0 drivers/net/tun.c:1846 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2084 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0x786/0x1200 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline]
__se_sys_write fs/read_write.c:652 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:652 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b CPU: 0 PID: 5034 Comm: syz-executor331 Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 (CVE-2024-26641)
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow anonymous set with timeout flag Anonymous sets are never used with timeout from userspace, reject this.
Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work. (CVE-2024-26642)
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout While the rhashtable set gc runs asynchronously, a race allows it to collect elements from anonymous sets with timeouts while it is being released from the commit path.
Mingi Cho originally reported this issue in a different path in 6.1.x with a pipapo set with low timeouts which is not possible upstream since 7395dfacfff6 (netfilter: nf_tables: use timestamp to check for set element timeout). Fix this by setting on the dead flag for anonymous sets to skip async gc in this case.
According to 08e4c8c5919f (netfilter: nf_tables: mark newset as dead on transaction abort), Florian plans to accelerate abort path by releasing objects via workqueue, therefore, this sets on the dead flag for abort path too. (CVE-2024-26643)
In the Linux kernel, the following vulnerability has been resolved: sr9800: Add check for usbnet_get_endpoints Add check for usbnet_get_endpoints() and return the error if it fails in order to transfer the error. (CVE-2024-26651)
In the Linux kernel, the following vulnerability has been resolved: ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs The dreamcastcard->timer could schedule the spu_dma_work and the spu_dma_work could also arm the dreamcastcard->timer. When the snd_pcm_substream is closing, the aica_channel will be deallocated. But it could still be dereferenced in the worker thread. The reason is that del_timer() will return directly regardless of whether the timer handler is running or not and the worker could be rescheduled in the timer handler. As a result, the UAF bug will happen. The racy situation is shown below:
(Thread 1) | (Thread 2) snd_aicapcm_pcm_close() | … | run_spu_dma() //worker | mod_timer() flush_work() | del_timer() | aica_period_elapsed() //timer kfree(dreamcastcard->channel) | schedule_work() | run_spu_dma() //worker … | dreamcastcard->channel-> //USE In order to mitigate this bug and other possible corner cases, call mod_timer() conditionally in run_spu_dma(), then implement PCM sync_stop op to cancel both the timer and worker. The sync_stop op will be called from PCM core appropriately when needed.
(CVE-2024-26654)
In the Linux kernel, the following vulnerability has been resolved: xhci: handle isoc Babble and Buffer Overrun events properly xHCI 4.9 explicitly forbids assuming that the xHC has released its ownership of a multi-TRB TD when it reports an error on one of the early TRBs. Yet the driver makes such assumption and releases the TD, allowing the remaining TRBs to be freed or overwritten by new TDs. The xHC should also report completion of the final TRB due to its IOC flag being set by us, regardless of prior errors. This event cannot be recognized if the TD has already been freed earlier, resulting in Transfer event TRB DMA ptr not part of current TD error message. Fix this by reusing the logic for processing isoc Transaction Errors. This also handles hosts which fail to report the final completion. Fix transfer length reporting on Babble errors. They may be caused by device malfunction, no guarantee that the buffer has been filled.
(CVE-2024-26659)
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Implement bounds check for stream encoder creation in DCN301 ‘stream_enc_regs’ array is an array of dcn10_stream_enc_registers structures. The array is initialized with four elements, corresponding to the four calls to stream_enc_regs() in the array initializer. This means that valid indices for this array are 0, 1, 2, and 3. The error message ‘stream_enc_regs’ 4 <= 5 below, is indicating that there is an attempt to access this array with an index of 5, which is out of bounds. This could lead to undefined behavior Here, eng_id is used as an index to access the stream_enc_regs array. If eng_id is 5, this would result in an out-of-bounds access on the stream_enc_regs array. Thus fixing Buffer overflow error in dcn301_stream_encoder_create reported by Smatch:
drivers/gpu/drm/amd/amdgpu/…/display/dc/resource/dcn301/dcn301_resource.c:1011 dcn301_stream_encoder_create() error: buffer overflow ‘stream_enc_regs’ 4 <= 5 (CVE-2024-26660)
In the Linux kernel, the following vulnerability has been resolved: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() syzbot reported the following general protection fault [1]: general protection fault, probably for non-canonical address 0xdffffc0000000010: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000080-0x0000000000000087] … RIP:
0010:tipc_udp_is_known_peer+0x9c/0x250 net/tipc/udp_media.c:291 … Call Trace: <TASK> tipc_udp_nl_bearer_add+0x212/0x2f0 net/tipc/udp_media.c:646 tipc_nl_bearer_add+0x21e/0x360 net/tipc/bearer.c:1089 genl_family_rcv_msg_doit+0x1fc/0x2e0 net/netlink/genetlink.c:972 genl_family_rcv_msg net/netlink/genetlink.c:1052 [inline] genl_rcv_msg+0x561/0x800 net/netlink/genetlink.c:1067 netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2544 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1076 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline] netlink_unicast+0x53b/0x810 net/netlink/af_netlink.c:1367 netlink_sendmsg+0x8b7/0xd70 net/netlink/af_netlink.c:1909 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0xd5/0x180 net/socket.c:745 ____sys_sendmsg+0x6ac/0x940 net/socket.c:2584 ___sys_sendmsg+0x135/0x1d0 net/socket.c:2638 __sys_sendmsg+0x117/0x1e0 net/socket.c:2667 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b The cause of this issue is that when tipc_nl_bearer_add() is called with the TIPC_NLA_BEARER_UDP_OPTS attribute, tipc_udp_nl_bearer_add() is called even if the bearer is not UDP. tipc_udp_is_known_peer() called by tipc_udp_nl_bearer_add() assumes that the media_ptr field of the tipc_bearer has an udp_bearer type object, so the function goes crazy for non-UDP bearers. This patch fixes the issue by checking the bearer type before calling tipc_udp_nl_bearer_add() in tipc_nl_bearer_add(). (CVE-2024-26663)
In the Linux kernel, the following vulnerability has been resolved: hwmon: (coretemp) Fix out-of-bounds memory access Fix a bug that pdata->cpu_map[] is set before out-of-bounds check. The problem might be triggered on systems with more than 128 cores per package. (CVE-2024-26664)
In the Linux kernel, the following vulnerability has been resolved: tunnels: fix out of bounds access when building IPv6 PMTU error If the ICMPv6 error is built from a non-linear skb we get the following splat, BUG: KASAN: slab-out-of-bounds in do_csum+0x220/0x240 Read of size 4 at addr ffff88811d402c80 by task netperf/820 CPU: 0 PID: 820 Comm: netperf Not tainted 6.8.0-rc1+ #543 … kasan_report+0xd8/0x110 do_csum+0x220/0x240 csum_partial+0xc/0x20 skb_tunnel_check_pmtu+0xeb9/0x3280 vxlan_xmit_one+0x14c2/0x4080 vxlan_xmit+0xf61/0x5c00 dev_hard_start_xmit+0xfb/0x510 __dev_queue_xmit+0x7cd/0x32a0 br_dev_queue_push_xmit+0x39d/0x6a0 Use skb_checksum instead of csum_partial who cannot deal with non- linear SKBs. (CVE-2024-26665)
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup The commit 8b45a26f2ba9 (drm/msm/dpu: reserve cdm blocks for writeback in case of YUV output) introduced a smatch warning about another conditional block in dpu_encoder_helper_phys_cleanup() which had assumed hw_pp will always be valid which may not necessarily be true. Lets fix the other conditional block by making sure hw_pp is valid before dereferencing it.
Patchwork: https://patchwork.freedesktop.org/patch/574878/ (CVE-2024-26667)
In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix IO hang from sbitmap wakeup race In blk_mq_mark_tag_wait(), __add_wait_queue() may be re-ordered with the following blk_mq_get_driver_tag() in case of getting driver tag failure. Then in __sbitmap_queue_wake_up(), waitqueue_active() may not observe the added waiter in blk_mq_mark_tag_wait() and wake up nothing, meantime blk_mq_mark_tag_wait() can’t get driver tag successfully. This issue can be reproduced by running the following test in loop, and fio hang can be observed in < 30min when running it on my test VM in laptop. modprobe -r scsi_debug modprobe scsi_debug delay=0 dev_size_mb=4096 max_queue=1 host_max_queue=1 submit_queues=4 dev=ls -d /sys/bus/pseudo/drivers/scsi_debug/adapter*/host*/target*/*/block/* | head -1 | xargs basename
fio --filename=/dev/$dev --direct=1 --rw=randrw --bs=4k --iodepth=1 \ –runtime=100
–numjobs=40 --time_based --name=test \ –ioengine=libaio Fix the issue by adding one explicit barrier in blk_mq_mark_tag_wait(), which is just fine in case of running out of tag. (CVE-2024-26671)
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations - Disallow families other than NFPROTO_{IPV4,IPV6,INET}. - Disallow layer 4 protocol with no ports, since destination port is a mandatory attribute for this object.
(CVE-2024-26673)
In the Linux kernel, the following vulnerability has been resolved: ppp_async: limit MRU to 64K syzbot triggered a warning [1] in __alloc_pages(): WARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp) Willem fixed a similar issue in commit c0a2a1b0d631 (ppp: limit MRU to 64K) Adopt the same sanity check for ppp_async_ioctl(PPPIOCSMRU) [1]: WARNING: CPU: 1 PID: 11 at mm/page_alloc.c:4543 __alloc_pages+0x308/0x698 mm/page_alloc.c:4543 Modules linked in: CPU: 1 PID: 11 Comm: kworker/u4:0 Not tainted 6.8.0-rc2-syzkaller-g41bccc98fb79 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 Workqueue: events_unbound flush_to_ldisc pstate: 204000c5 (nzCv daIF +PAN -UAO -TCO
-DIT -SSBS BTYPE=–) pc : __alloc_pages+0x308/0x698 mm/page_alloc.c:4543 lr : __alloc_pages+0xc8/0x698 mm/page_alloc.c:4537 sp : ffff800093967580 x29: ffff800093967660 x28: ffff8000939675a0 x27:
dfff800000000000 x26: ffff70001272ceb4 x25: 0000000000000000 x24: ffff8000939675c0 x23: 0000000000000000 x22: 0000000000060820 x21: 1ffff0001272ceb8 x20: ffff8000939675e0 x19: 0000000000000010 x18:
ffff800093967120 x17: ffff800083bded5c x16: ffff80008ac97500 x15: 0000000000000005 x14: 1ffff0001272cebc x13: 0000000000000000 x12: 0000000000000000 x11: ffff70001272cec1 x10: 1ffff0001272cec0 x9 :
0000000000000001 x8 : ffff800091c91000 x7 : 0000000000000000 x6 : 000000000000003f x5 : 00000000ffffffff x4 : 0000000000000000 x3 : 0000000000000020 x2 : 0000000000000008 x1 : 0000000000000000 x0 :
ffff8000939675e0 Call trace: __alloc_pages+0x308/0x698 mm/page_alloc.c:4543 __alloc_pages_node include/linux/gfp.h:238 [inline] alloc_pages_node include/linux/gfp.h:261 [inline]
__kmalloc_large_node+0xbc/0x1fc mm/slub.c:3926 __do_kmalloc_node mm/slub.c:3969 [inline]
__kmalloc_node_track_caller+0x418/0x620 mm/slub.c:4001 kmalloc_reserve+0x17c/0x23c net/core/skbuff.c:590
__alloc_skb+0x1c8/0x3d8 net/core/skbuff.c:651 __netdev_alloc_skb+0xb8/0x3e8 net/core/skbuff.c:715 netdev_alloc_skb include/linux/skbuff.h:3235 [inline] dev_alloc_skb include/linux/skbuff.h:3248 [inline] ppp_async_input drivers/net/ppp/ppp_async.c:863 [inline] ppp_asynctty_receive+0x588/0x186c drivers/net/ppp/ppp_async.c:341 tty_ldisc_receive_buf+0x12c/0x15c drivers/tty/tty_buffer.c:390 tty_port_default_receive_buf+0x74/0xac drivers/tty/tty_port.c:37 receive_buf drivers/tty/tty_buffer.c:444 [inline] flush_to_ldisc+0x284/0x6e4 drivers/tty/tty_buffer.c:494 process_one_work+0x694/0x1204 kernel/workqueue.c:2633 process_scheduled_works kernel/workqueue.c:2706 [inline] worker_thread+0x938/0xef4 kernel/workqueue.c:2787 kthread+0x288/0x310 kernel/kthread.c:388 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860 (CVE-2024-26675)
In the Linux kernel, the following vulnerability has been resolved: af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC. syzbot reported a warning [0] in __unix_gc() with a repro, which creates a socketpair and sends one socket’s fd to itself using the peer. socketpair(AF_UNIX, SOCK_STREAM, 0, [3, 4]) = 0 sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=\360, iov_len=1}], msg_iovlen=1, msg_control=[{cmsg_len=20, cmsg_level=SOL_SOCKET, cmsg_type=SCM_RIGHTS, cmsg_data=[3]}], msg_controllen=24, msg_flags=0}, MSG_OOB|MSG_PROBE|MSG_DONTWAIT|MSG_ZEROCOPY) = 1 This forms a self-cyclic reference that GC should finally untangle but does not due to lack of MSG_OOB handling, resulting in memory leak. Recently, commit 11498715f266 (af_unix: Remove io_uring code for GC.) removed io_uring’s dead code in GC and revealed the problem. The code was executed at the final stage of GC and unconditionally moved all GC candidates from gc_candidates to gc_inflight_list. That papered over the reported problem by always making the following WARN_ON_ONCE(!list_empty(&gc_candidates)) false. The problem has been there since commit 2aab4b969002 (af_unix: fix struct pid leaks in OOB support) added full scm support for MSG_OOB while fixing another bug. To fix this problem, we must call kfree_skb() for unix_sk(sk)->oob_skb if the socket still exists in gc_candidates after purging collected skb. Then, we need to set NULL to oob_skb before calling kfree_skb() because it calls last fput() and triggers unix_release_sock(), where we call duplicate kfree_skb(u->oob_skb) if not NULL. Note that the leaked socket remained being linked to a global list, so kmemleak also could not detect it. We need to check /proc/net/protocol to notice the unfreed socket. [0]: WARNING: CPU: 0 PID: 2863 at net/unix/garbage.c:345
__unix_gc+0xc74/0xe80 net/unix/garbage.c:345 Modules linked in: CPU: 0 PID: 2863 Comm: kworker/u4:11 Not tainted 6.8.0-rc1-syzkaller-00583-g1701940b1a02 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 Workqueue: events_unbound __unix_gc RIP: 0010:__unix_gc+0xc74/0xe80 net/unix/garbage.c:345 Code: 8b 5c 24 50 e9 86 f8 ff ff e8 f8 e4 22 f8 31 d2 48 c7 c6 30 6a 69 89 4c 89 ef e8 97 ef ff ff e9 80 f9 ff ff e8 dd e4 22 f8 90 <0f> 0b 90 e9 7b fd ff ff 48 89 df e8 5c e7 7c f8 e9 d3 f8 ff ff e8 RSP: 0018:ffffc9000b03fba0 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffffc9000b03fc10 RCX:
ffffffff816c493e RDX: ffff88802c02d940 RSI: ffffffff896982f3 RDI: ffffc9000b03fb30 RBP: ffffc9000b03fce0 R08: 0000000000000001 R09: fffff52001607f66 R10: 0000000000000003 R11: 0000000000000002 R12:
dffffc0000000000 R13: ffffc9000b03fc10 R14: ffffc9000b03fc10 R15: 0000000000000001 FS:
0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033 CR2: 00005559c8677a60 CR3: 000000000d57a000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400 Call Trace: <TASK> process_one_work+0x889/0x15e0 kernel/workqueue.c:2633 process_scheduled_works kernel/workqueue.c:2706 [inline] worker_thread+0x8b9/0x12a0 kernel/workqueue.c:2787 kthread+0x2c6/0x3b0 kernel/kthread.c:388 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:242 </TASK> (CVE-2024-26676)
In the Linux kernel, the following vulnerability has been resolved: inet: read sk->sk_family once in inet_recv_error() inet_recv_error() is called without holding the socket lock. IPv6 socket could mutate to IPv4 with IPV6_ADDRFORM socket option and trigger a KCSAN warning. (CVE-2024-26679)
In the Linux kernel, the following vulnerability has been resolved: net: atlantic: Fix DMA mapping for PTP hwts ring Function aq_ring_hwts_rx_alloc() maps extra AQ_CFG_RXDS_DEF bytes for PTP HWTS ring but then generic aq_ring_free() does not take this into account. Create and use a specific function to free HWTS ring to fix this issue. Trace: [ 215.351607] ------------[ cut here ]------------ [ 215.351612] DMA-API:
atlantic 0000:4b:00.0: device driver frees DMA memory with different size [device address=0x00000000fbdd0000] [map size=34816 bytes] [unmap size=32768 bytes] [ 215.351635] WARNING: CPU: 33 PID: 10759 at kernel/dma/debug.c:988 check_unmap+0xa6f/0x2360 … [ 215.581176] Call Trace: [ 215.583632] <TASK> [ 215.585745] ? show_trace_log_lvl+0x1c4/0x2df [ 215.590114] ? show_trace_log_lvl+0x1c4/0x2df [ 215.594497] ? debug_dma_free_coherent+0x196/0x210 [ 215.599305] ? check_unmap+0xa6f/0x2360 [ 215.603147] ?
__warn+0xca/0x1d0 [ 215.606391] ? check_unmap+0xa6f/0x2360 [ 215.610237] ? report_bug+0x1ef/0x370 [ 215.613921] ? handle_bug+0x3c/0x70 [ 215.617423] ? exc_invalid_op+0x14/0x50 [ 215.621269] ? asm_exc_invalid_op+0x16/0x20 [ 215.625480] ? check_unmap+0xa6f/0x2360 [ 215.629331] ? mark_lock.part.0+0xca/0xa40 [ 215.633445] debug_dma_free_coherent+0x196/0x210 [ 215.638079] ?
__pfx_debug_dma_free_coherent+0x10/0x10 [ 215.643242] ? slab_free_freelist_hook+0x11d/0x1d0 [ 215.648060] dma_free_attrs+0x6d/0x130 [ 215.651834] aq_ring_free+0x193/0x290 [atlantic] [ 215.656487] aq_ptp_ring_free+0x67/0x110 [atlantic] … [ 216.127540] —[ end trace 6467e5964dd2640b ]— [ 216.132160] DMA-API: Mapped at: [ 216.132162] debug_dma_alloc_coherent+0x66/0x2f0 [ 216.132165] dma_alloc_attrs+0xf5/0x1b0 [ 216.132168] aq_ring_hwts_rx_alloc+0x150/0x1f0 [atlantic] [ 216.132193] aq_ptp_ring_alloc+0x1bb/0x540 [atlantic] [ 216.132213] aq_nic_init+0x4a1/0x760 [atlantic] (CVE-2024-26680)
In the Linux kernel, the following vulnerability has been resolved: netdevsim: avoid potential loop in nsim_dev_trap_report_work() Many syzbot reports include the following trace [1] If nsim_dev_trap_report_work() can not grab the mutex, it should rearm itself at least one jiffie later. [1] Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 32383 Comm: kworker/0:2 Not tainted 6.8.0-rc2-syzkaller-00031-g861c0981648f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 Workqueue: events nsim_dev_trap_report_work RIP: 0010:bytes_is_nonzero mm/kasan/generic.c:89 [inline] RIP: 0010:memory_is_nonzero mm/kasan/generic.c:104 [inline] RIP:
0010:memory_is_poisoned_n mm/kasan/generic.c:129 [inline] RIP: 0010:memory_is_poisoned mm/kasan/generic.c:161 [inline] RIP: 0010:check_region_inline mm/kasan/generic.c:180 [inline] RIP:
0010:kasan_check_range+0x101/0x190 mm/kasan/generic.c:189 Code: 07 49 39 d1 75 0a 45 3a 11 b8 01 00 00 00 7c 0b 44 89 c2 e8 21 ed ff ff 83 f0 01 5b 5d 41 5c c3 48 85 d2 74 4f 48 01 ea eb 09 <48> 83 c0 01 48 39 d0 74 41 80 38 00 74 f2 eb b6 41 bc 08 00 00 00 RSP: 0018:ffffc90012dcf998 EFLAGS: 00000046 RAX:
fffffbfff258af1e RBX: fffffbfff258af1f RCX: ffffffff8168eda3 RDX: fffffbfff258af1f RSI: 0000000000000004 RDI: ffffffff92c578f0 RBP: fffffbfff258af1e R08: 0000000000000000 R09: fffffbfff258af1e R10:
ffffffff92c578f3 R11: ffffffff8acbcbc0 R12: 0000000000000002 R13: ffff88806db38400 R14: 1ffff920025b9f42 R15: ffffffff92c578e8 FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000c00994e078 CR3: 000000002c250000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6:
00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <NMI> </NMI> <TASK> instrument_atomic_read include/linux/instrumented.h:68 [inline] atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline] queued_spin_is_locked include/asm-generic/qspinlock.h:57 [inline] debug_spin_unlock kernel/locking/spinlock_debug.c:101 [inline] do_raw_spin_unlock+0x53/0x230 kernel/locking/spinlock_debug.c:141 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:150 [inline] _raw_spin_unlock_irqrestore+0x22/0x70 kernel/locking/spinlock.c:194 debug_object_activate+0x349/0x540 lib/debugobjects.c:726 debug_work_activate kernel/workqueue.c:578 [inline] insert_work+0x30/0x230 kernel/workqueue.c:1650 __queue_work+0x62e/0x11d0 kernel/workqueue.c:1802
__queue_delayed_work+0x1bf/0x270 kernel/workqueue.c:1953 queue_delayed_work_on+0x106/0x130 kernel/workqueue.c:1989 queue_delayed_work include/linux/workqueue.h:563 [inline] schedule_delayed_work include/linux/workqueue.h:677 [inline] nsim_dev_trap_report_work+0x9c0/0xc80 drivers/net/netdevsim/dev.c:842 process_one_work+0x886/0x15d0 kernel/workqueue.c:2633 process_scheduled_works kernel/workqueue.c:2706 [inline] worker_thread+0x8b9/0x1290 kernel/workqueue.c:2787 kthread+0x2c6/0x3a0 kernel/kthread.c:388 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242 </TASK> (CVE-2024-26681)
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: xgmac: fix handling of DPP safety error for DMA channels Commit 56e58d6c8a56 (net: stmmac: Implement Safety Features in XGMAC core) checks and reports safety errors, but leaves the Data Path Parity Errors for each channel in DMA unhandled at all, lead to a storm of interrupt. Fix it by checking and clearing the DMA_DPP_Interrupt_Status register. (CVE-2024-26684)
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential bug in end_buffer_async_write According to a syzbot report, end_buffer_async_write(), which handles the completion of block device writes, may detect abnormal condition of the buffer async_write flag and cause a BUG_ON failure when using nilfs2. Nilfs2 itself does not use end_buffer_async_write(). But, the async_write flag is now used as a marker by commit 7f42ec394156 (nilfs2: fix issue with race condition of competition between segments for dirty blocks) as a means of resolving double list insertion of dirty blocks in nilfs_lookup_dirty_data_buffers() and nilfs_lookup_node_buffers() and the resulting crash. This modification is safe as long as it is used for file data and b-tree node blocks where the page caches are independent. However, it was irrelevant and redundant to also introduce async_write for segment summary and super root blocks that share buffers with the backing device. This led to the possibility that the BUG_ON check in end_buffer_async_write would fail as described above, if independent writebacks of the backing device occurred in parallel. The use of async_write for segment summary buffers has already been removed in a previous change. Fix this issue by removing the manipulation of the async_write flag for the remaining super root block buffer. (CVE-2024-26685)
In the Linux kernel, the following vulnerability has been resolved: fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats lock_task_sighand() can trigger a hard lockup. If NR_CPUS threads call do_task_stat() at the same time and the process has NR_THREADS, it will spin with irqs disabled O(NR_CPUS * NR_THREADS) time. Change do_task_stat() to use sig->stats_lock to gather the statistics outside of ->siglock protected section, in the likely case this code will run lockless.
(CVE-2024-26686)
In the Linux kernel, the following vulnerability has been resolved: xen/events: close evtchn after mapping cleanup shutdown_pirq and startup_pirq are not taking the irq_mapping_update_lock because they can’t due to lock inversion. Both are called with the irq_desc->lock being taking. The lock order, however, is first irq_mapping_update_lock and then irq_desc->lock. This opens multiple races: - shutdown_pirq can be interrupted by a function that allocates an event channel: CPU0 CPU1 shutdown_pirq { xen_evtchn_close(e)
__startup_pirq { EVTCHNOP_bind_pirq -> returns just freed evtchn e set_evtchn_to_irq(e, irq) } xen_irq_info_cleanup() { set_evtchn_to_irq(e, -1) } } Assume here event channel e refers here to the same event channel number. After this race the evtchn_to_irq mapping for e is invalid (-1). - __startup_pirq races with __unbind_from_irq in a similar way. Because __startup_pirq doesn’t take irq_mapping_update_lock it can grab the evtchn that __unbind_from_irq is currently freeing and cleaning up. In this case even though the event channel is allocated, its mapping can be unset in evtchn_to_irq. The fix is to first cleanup the mappings and then close the event channel. In this way, when an event channel gets allocated it’s potential previous evtchn_to_irq mappings are guaranteed to be unset already. This is also the reverse order of the allocation where first the event channel is allocated and then the mappings are setup. On a 5.10 kernel prior to commit 3fcdaf3d7634 (xen/events: modify internal [un]bind interfaces), we hit a BUG like the following during probing of NVMe devices. The issue is that during nvme_setup_io_queues, pci_free_irq is called for every device which results in a call to shutdown_pirq.
With many nvme devices it’s therefore likely to hit this race during boot because there will be multiple calls to shutdown_pirq and startup_pirq are running potentially in parallel. ------------[ cut here ]------------ blkfront: xvda: barrier or flush: disabled; persistent grants: enabled; indirect descriptors: enabled; bounce buffer: enabled kernel BUG at drivers/xen/events/events_base.c:499! invalid opcode: 0000 [#1] SMP PTI CPU: 44 PID: 375 Comm: kworker/u257:23 Not tainted 5.10.201-191.748.amzn2.x86_64 #1 Hardware name: Xen HVM domU, BIOS 4.11.amazon 08/24/2006 Workqueue: nvme-reset-wq nvme_reset_work RIP:
0010:bind_evtchn_to_cpu+0xdf/0xf0 Code: 5d 41 5e c3 cc cc cc cc 44 89 f7 e8 2b 55 ad ff 49 89 c5 48 85 c0 0f 84 64 ff ff ff 4c 8b 68 30 41 83 fe ff 0f 85 60 ff ff ff <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 0f 1f 44 00 00 RSP: 0000:ffffc9000d533b08 EFLAGS: 00010046 RAX: 0000000000000000 RBX:
0000000000000000 RCX: 0000000000000006 RDX: 0000000000000028 RSI: 00000000ffffffff RDI: 00000000ffffffff RBP: ffff888107419680 R08: 0000000000000000 R09: ffffffff82d72b00 R10: 0000000000000000 R11:
0000000000000000 R12: 00000000000001ed R13: 0000000000000000 R14: 00000000ffffffff R15: 0000000000000002 FS: 0000000000000000(0000) GS:ffff88bc8b500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000002610001 CR4: 00000000001706e0 DR0:
0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ? show_trace_log_lvl+0x1c1/0x2d9 ? show_trace_log_lvl+0x1c1/0x2d9 ? set_affinity_irq+0xdc/0x1c0 ? __die_body.cold+0x8/0xd ? die+0x2b/0x50 ? do_trap+0x90/0x110 ? bind_evtchn_to_cpu+0xdf/0xf0 ? do_error_trap+0x65/0x80 ? bind_evtchn_to_cpu+0xdf/0xf0 ? exc_invalid_op+0x4e/0x70 ? bind_evtchn_to_cpu+0xdf/0xf0 ? asm_exc_invalid_op+0x12/0x20 ? bind_evtchn_to_cpu+0xdf/0x —truncated— (CVE-2024-26687)
In the Linux kernel, the following vulnerability has been resolved: fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super When configuring a hugetlb filesystem via the fsconfig() syscall, there is a possible NULL dereference in hugetlbfs_fill_super() caused by assigning NULL to ctx->hstate in hugetlbfs_parse_param() when the requested pagesize is non valid. E.g: Taking the following steps: fd = fsopen(hugetlbfs, FSOPEN_CLOEXEC); fsconfig(fd, FSCONFIG_SET_STRING, pagesize, 1024, 0);
fsconfig(fd, FSCONFIG_CMD_CREATE, NULL, NULL, 0); Given that the requested pagesize is invalid, ctxt->hstate will be replaced with NULL, losing its previous value, and we will print an error: … …
case Opt_pagesize: ps = memparse(param->string, &rest); ctx->hstate = h; if (!ctx->hstate) { pr_err(Unsupported page size %lu MB\n, ps / SZ_1M); return -EINVAL; } return 0; … … This is a problem because later on, we will dereference ctxt->hstate in hugetlbfs_fill_super() … …
sb->s_blocksize = huge_page_size(ctx->hstate); … … Causing below Oops. Fix this by replacing cxt->hstate value only when then pagesize is known to be valid. kernel: hugetlbfs: Unsupported page size 0 MB kernel: BUG: kernel NULL pointer dereference, address: 0000000000000028 kernel: #PF: supervisor read access in kernel mode kernel: #PF: error_code(0x0000) - not-present page kernel: PGD 800000010f66c067 P4D 800000010f66c067 PUD 1b22f8067 PMD 0 kernel: Oops: 0000 [#1] PREEMPT SMP PTI kernel: CPU: 4 PID: 5659 Comm: syscall Tainted: G E 6.8.0-rc2-default+ #22 5a47c3fef76212addcc6eb71344aabc35190ae8f kernel:
Hardware name: Intel Corp. GROVEPORT/GROVEPORT, BIOS GVPRCRB1.86B.0016.D04.1705030402 05/03/2017 kernel:
RIP: 0010:hugetlbfs_fill_super+0xb4/0x1a0 kernel: Code: 48 8b 3b e8 3e c6 ed ff 48 85 c0 48 89 45 20 0f 84 d6 00 00 00 48 b8 ff ff ff ff ff ff ff 7f 4c 89 e7 49 89 44 24 20 48 8b 03 <8b> 48 28 b8 00 10 00 00 48 d3 e0 49 89 44 24 18 48 8b 03 8b 40 28 kernel: RSP: 0018:ffffbe9960fcbd48 EFLAGS: 00010246 kernel: RAX:
0000000000000000 RBX: ffff9af5272ae780 RCX: 0000000000372004 kernel: RDX: ffffffffffffffff RSI:
ffffffffffffffff RDI: ffff9af555e9b000 kernel: RBP: ffff9af52ee66b00 R08: 0000000000000040 R09:
0000000000370004 kernel: R10: ffffbe9960fcbd48 R11: 0000000000000040 R12: ffff9af555e9b000 kernel: R13:
ffffffffa66b86c0 R14: ffff9af507d2f400 R15: ffff9af507d2f400 kernel: FS: 00007ffbc0ba4740(0000) GS:ffff9b0bd7000000(0000) knlGS:0000000000000000 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 kernel: CR2: 0000000000000028 CR3: 00000001b1ee0000 CR4: 00000000001506f0 kernel: Call Trace: kernel:
<TASK> kernel: ? __die_body+0x1a/0x60 kernel: ? page_fault_oops+0x16f/0x4a0 kernel: ? search_bpf_extables+0x65/0x70 kernel: ? fixup_exception+0x22/0x310 kernel: ? exc_page_fault+0x69/0x150 kernel: ? asm_exc_page_fault+0x22/0x30 kernel: ? __pfx_hugetlbfs_fill_super+0x10/0x10 kernel: ? hugetlbfs_fill_super+0xb4/0x1a0 kernel: ? hugetlbfs_fill_super+0x28/0x1a0 kernel: ?
__pfx_hugetlbfs_fill_super+0x10/0x10 kernel: vfs_get_super+0x40/0xa0 kernel: ?
__pfx_bpf_lsm_capable+0x10/0x10 kernel: vfs_get_tree+0x25/0xd0 kernel: vfs_cmd_create+0x64/0xe0 kernel:
__x64_sys_fsconfig+0x395/0x410 kernel: do_syscall_64+0x80/0x160 kernel: ? syscall_exit_to_user_mode+0x82/0x240 kernel: ? do_syscall_64+0x8d/0x160 kernel: ? syscall_exit_to_user_mode+0x82/0x240 kernel: ? do_syscall_64+0x8d/0x160 kernel: ? exc_page_fault+0x69/0x150 kernel: entry_SYSCALL_64_after_hwframe+0x6e/0x76 kernel: RIP:
0033:0x7ffbc0cb87c9 kernel: Code: 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 97 96 0d 00 f7 d8 64 89 01 48 kernel: RSP: 002b:00007ffc29d2f388 EFLAGS: 00000206 ORIG_RAX: 00000000000001af kernel: RAX:
fffffffffff —truncated— (CVE-2024-26688)
In the Linux kernel, the following vulnerability has been resolved: ceph: prevent use-after-free in encode_cap_msg() In fs/ceph/caps.c, in encode_cap_msg(), use after free error was caught by KASAN at this line - ‘ceph_buffer_get(arg->xattr_buf);’. This implies before the refcount could be increment here, it was freed. In same file, in handle_cap_grant() refcount is decremented by this line - ‘ceph_buffer_put(ci->i_xattrs.blob);’. It appears that a race occurred and resource was freed by the latter line before the former line could increment it. encode_cap_msg() is called by __send_cap() and
__send_cap() is called by ceph_check_caps() after calling __prep_cap(). __prep_cap() is where arg->xattr_buf is assigned to ci->i_xattrs.blob. This is the spot where the refcount must be increased to prevent use after free error. (CVE-2024-26689)
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked The SEV platform device can be shutdown with a null psp_master, e.g., using DEBUG_TEST_DRIVER_REMOVE. Found using KASAN: [ 137.148210] ccp 0000:23:00.1:
enabling device (0000 -> 0002) [ 137.162647] ccp 0000:23:00.1: no command queues available [ 137.170598] ccp 0000:23:00.1: sev enabled [ 137.174645] ccp 0000:23:00.1: psp enabled [ 137.178890] general protection fault, probably for non-canonical address 0xdffffc000000001e: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC KASAN NOPTI [ 137.182693] KASAN: null-ptr-deref in range [0x00000000000000f0-0x00000000000000f7] [ 137.182693] CPU: 93 PID: 1 Comm: swapper/0 Not tainted 6.8.0-rc1+ #311 [ 137.182693] RIP:
0010:__sev_platform_shutdown_locked+0x51/0x180 [ 137.182693] Code: 08 80 3c 08 00 0f 85 0e 01 00 00 48 8b 1d 67 b6 01 08 48 b8 00 00 00 00 00 fc ff df 48 8d bb f0 00 00 00 48 89 f9 48 c1 e9 03 <80> 3c 01 00 0f 85 fe 00 00 00 48 8b 9b f0 00 00 00 48 85 db 74 2c [ 137.182693] RSP: 0018:ffffc900000cf9b0 EFLAGS: 00010216 [ 137.182693] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 000000000000001e [ 137.182693] RDX:
0000000000000000 RSI: 0000000000000008 RDI: 00000000000000f0 [ 137.182693] RBP: ffffc900000cf9c8 R08:
0000000000000000 R09: fffffbfff58f5a66 [ 137.182693] R10: ffffc900000cf9c8 R11: ffffffffac7ad32f R12:
ffff8881e5052c28 [ 137.182693] R13: ffff8881e5052c28 R14: ffff8881758e43e8 R15: ffffffffac64abf8 [ 137.182693] FS: 0000000000000000(0000) GS:ffff889de7000000(0000) knlGS:0000000000000000 [ 137.182693] CS:
0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 137.182693] CR2: 0000000000000000 CR3: 0000001cf7c7e000 CR4: 0000000000350ef0 [ 137.182693] Call Trace: [ 137.182693] <TASK> [ 137.182693] ? show_regs+0x6c/0x80 [ 137.182693] ? __die_body+0x24/0x70 [ 137.182693] ? die_addr+0x4b/0x80 [ 137.182693] ? exc_general_protection+0x126/0x230 [ 137.182693] ? asm_exc_general_protection+0x2b/0x30 [ 137.182693] ?
__sev_platform_shutdown_locked+0x51/0x180 [ 137.182693] sev_firmware_shutdown.isra.0+0x1e/0x80 [ 137.182693] sev_dev_destroy+0x49/0x100 [ 137.182693] psp_dev_destroy+0x47/0xb0 [ 137.182693] sp_destroy+0xbb/0x240 [ 137.182693] sp_pci_remove+0x45/0x60 [ 137.182693] pci_device_remove+0xaa/0x1d0 [ 137.182693] device_remove+0xc7/0x170 [ 137.182693] really_probe+0x374/0xbe0 [ 137.182693] ? srso_return_thunk+0x5/0x5f [ 137.182693] __driver_probe_device+0x199/0x460 [ 137.182693] driver_probe_device+0x4e/0xd0 [ 137.182693] __driver_attach+0x191/0x3d0 [ 137.182693] ?
__pfx___driver_attach+0x10/0x10 [ 137.182693] bus_for_each_dev+0x100/0x190 [ 137.182693] ?
__pfx_bus_for_each_dev+0x10/0x10 [ 137.182693] ? __kasan_check_read+0x15/0x20 [ 137.182693] ? srso_return_thunk+0x5/0x5f [ 137.182693] ? _raw_spin_unlock+0x27/0x50 [ 137.182693] driver_attach+0x41/0x60 [ 137.182693] bus_add_driver+0x2a8/0x580 [ 137.182693] driver_register+0x141/0x480 [ 137.182693] __pci_register_driver+0x1d6/0x2a0 [ 137.182693] ? srso_return_thunk+0x5/0x5f [ 137.182693] ? esrt_sysfs_init+0x1cd/0x5d0 [ 137.182693] ? __pfx_sp_mod_init+0x10/0x10 [ 137.182693] sp_pci_init+0x22/0x30 [ 137.182693] sp_mod_init+0x14/0x30 [ 137.182693] ? __pfx_sp_mod_init+0x10/0x10 [ 137.182693] do_one_initcall+0xd1/0x470 [ 137.182693] ? __pfx_do_one_initcall+0x10/0x10 [ 137.182693] ? parameq+0x80/0xf0 [ 137.182693] ? srso_return_thunk+0x5/0x5f [ 137.182693] ? __kmalloc+0x3b0/0x4e0 [ 137.182693] ? kernel_init_freeable+0x92d/0x1050 [ 137.182693] ? kasan_populate_vmalloc_pte+0x171/0x190 [ 137.182693] ? srso_return_thunk+0x5/0x5f [ 137.182693] kernel_init_freeable+0xa64/0x1050 [ 137.182693] ?
__pfx_kernel_init+0x10/0x10 [ 137.182693] kernel_init+0x24/0x160 [ 137.182693] ? __switch_to_asm+0x3e/0x70 [ 137.182693] ret_from_fork+0x40/0x80 [ 137.182693] ? __pfx_kernel_init+0x1 —truncated— (CVE-2024-26695)
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() Syzbot reported a hang issue in migrate_pages_batch() called by mbind() and nilfs_lookup_dirty_data_buffers() called in the log writer of nilfs2. While migrate_pages_batch() locks a folio and waits for the writeback to complete, the log writer thread that should bring the writeback to completion picks up the folio being written back in nilfs_lookup_dirty_data_buffers() that it calls for subsequent log creation and was trying to lock the folio. Thus causing a deadlock. In the first place, it is unexpected that folios/pages in the middle of writeback will be updated and become dirty.
Nilfs2 adds a checksum to verify the validity of the log being written and uses it for recovery at mount, so data changes during writeback are suppressed. Since this is broken, an unclean shutdown could potentially cause recovery to fail. Investigation revealed that the root cause is that the wait for writeback completion in nilfs_page_mkwrite() is conditional, and if the backing device does not require stable writes, data may be modified without waiting. Fix these issues by making nilfs_page_mkwrite() wait for writeback to finish regardless of the stable write requirement of the backing device. (CVE-2024-26696)
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix data corruption in dsync block recovery for small block sizes The helper function nilfs_recovery_copy_block() of nilfs_recovery_dsync_blocks(), which recovers data from logs created by data sync writes during a mount after an unclean shutdown, incorrectly calculates the on-page offset when copying repair data to the file’s page cache. In environments where the block size is smaller than the page size, this flaw can cause data corruption and leak uninitialized memory bytes during the recovery process. Fix these issues by correcting this byte offset calculation on the page. (CVE-2024-26697)
In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove In commit ac5047671758 (hv_netvsc: Disable NAPI before closing the VMBus channel), napi_disable was getting called for all channels, including all subchannels without confirming if they are enabled or not. This caused hv_netvsc getting hung at napi_disable, when netvsc_probe() has finished running but nvdev->subchan_work has not started yet. netvsc_subchan_work() -> rndis_set_subchannel() has not created the sub-channels and because of that netvsc_sc_open() is not running. netvsc_remove() calls cancel_work_sync(&nvdev->subchan_work), for which netvsc_subchan_work did not run. netif_napi_add() sets the bit NAPI_STATE_SCHED because it ensures NAPI cannot be scheduled. Then netvsc_sc_open() -> napi_enable will clear the NAPIF_STATE_SCHED bit, so it can be scheduled.
napi_disable() does the opposite. Now during netvsc_device_remove(), when napi_disable is called for those subchannels, napi_disable gets stuck on infinite msleep. This fix addresses this problem by ensuring that napi_disable() is not getting called for non-enabled NAPI struct. But netif_napi_del() is still necessary for these non-enabled NAPI struct for cleanup purpose. Call trace: [ 654.559417] task:modprobe state:D stack: 0 pid: 2321 ppid: 1091 flags:0x00004002 [ 654.568030] Call Trace: [ 654.571221] <TASK> [ 654.573790] __schedule+0x2d6/0x960 [ 654.577733] schedule+0x69/0xf0 [ 654.581214] schedule_timeout+0x87/0x140 [ 654.585463] ? __bpf_trace_tick_stop+0x20/0x20 [ 654.590291] msleep+0x2d/0x40 [ 654.593625] napi_disable+0x2b/0x80 [ 654.597437] netvsc_device_remove+0x8a/0x1f0 [hv_netvsc] [ 654.603935] rndis_filter_device_remove+0x194/0x1c0 [hv_netvsc] [ 654.611101] ? do_wait_intr+0xb0/0xb0 [ 654.615753] netvsc_remove+0x7c/0x120 [hv_netvsc] [ 654.621675] vmbus_remove+0x27/0x40 [hv_vmbus] (CVE-2024-26698)
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix MST Null Ptr for RV The change try to fix below error specific to RV platform: BUG: kernel NULL pointer dereference, address: 0000000000000008 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 4 PID: 917 Comm: sway Not tainted 6.3.9-arch1-1 #1 124dc55df4f5272ccb409f39ef4872fc2b3376a2 Hardware name: LENOVO 20NKS01Y00/20NKS01Y00, BIOS R12ET61W(1.31 ) 07/28/2022 RIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper] Code: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00 48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 <48> 8> RSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293 RAX:
0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224 RDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578 RDI: ffff8afb87e81280 RBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850 R10:
ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000 R13: ffff8afb8d7688a0 R14: ffff8afb8da1a578 R15: 0000000000000224 FS: 00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000008 CR3: 000000010ddc6000 CR4: 00000000003506e0 Call Trace: <TASK> ? __die+0x23/0x70 ? page_fault_oops+0x171/0x4e0 ? plist_add+0xbe/0x100 ? exc_page_fault+0x7c/0x180 ? asm_exc_page_fault+0x26/0x30 ? drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026] ? drm_dp_atomic_find_time_slots+0x28/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026] compute_mst_dsc_configs_for_link+0x2ff/0xa40 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054] ? fill_plane_buffer_attributes+0x419/0x510 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054] compute_mst_dsc_configs_for_state+0x1e1/0x250 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054] amdgpu_dm_atomic_check+0xecd/0x1190 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054] drm_atomic_check_only+0x5c5/0xa40 drm_mode_atomic_ioctl+0x76e/0xbc0 ? _copy_to_user+0x25/0x30 ? drm_ioctl+0x296/0x4b0 ?
__pfx_drm_mode_atomic_ioctl+0x10/0x10 drm_ioctl_kernel+0xcd/0x170 drm_ioctl+0x26d/0x4b0 ?
__pfx_drm_mode_atomic_ioctl+0x10/0x10 amdgpu_drm_ioctl+0x4e/0x90 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054] __x64_sys_ioctl+0x94/0xd0 do_syscall_64+0x60/0x90 ? do_syscall_64+0x6c/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f4dad17f76f Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c> RSP: 002b:00007ffd9ae859f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX:
ffffffffffffffda RBX: 000055e255a55900 RCX: 00007f4dad17f76f RDX: 00007ffd9ae85a90 RSI: 00000000c03864bc RDI: 000000000000000b RBP: 00007ffd9ae85a90 R08: 0000000000000003 R09: 0000000000000003 R10:
0000000000000000 R11: 0000000000000246 R12: 00000000c03864bc R13: 000000000000000b R14: 000055e255a7fc60 R15: 000055e255a01eb0 </TASK> Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device ccm cmac algif_hash algif_skcipher af_alg joydev mousedev bnep > typec libphy k10temp ipmi_msghandler roles i2c_scmi acpi_cpufreq mac_hid nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_mas> CR2:
0000000000000008 —[ end trace 0000000000000000 ]— RIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper] Code: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00 48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 <48> 8> RSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293 RAX:
0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224 RDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578 RDI: ffff8afb87e81280 RBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850 R10:
ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000 R13: ffff8afb8d7688a0 R14: ffff8afb8da1a578 R15: 0000000000000224 FS: 00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000 —truncated— (CVE-2024-26700)
In the Linux kernel, the following vulnerability has been resolved: iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC Recently, we encounter kernel crash in function rm3100_common_probe caused by out of bound access of array rm3100_samp_rates (because of underlying hardware failures). Add boundary check to prevent out of bound access. (CVE-2024-26702)
In the Linux kernel, the following vulnerability has been resolved: ext4: fix double-free of blocks due to wrong extents moved_len In ext4_move_extents(), moved_len is only updated when all moves are successfully executed, and only discards orig_inode and donor_inode preallocations when moved_len is not zero. When the loop fails to exit after successfully moving some extents, moved_len is not updated and remains at 0, so it does not discard the preallocations. If the moved extents overlap with the preallocated extents, the overlapped extents are freed twice in ext4_mb_release_inode_pa() and ext4_process_freed_data() (as described in commit 94d7c16cbbbd (ext4: Fix double-free of blocks with EXT4_IOC_MOVE_EXT)), and bb_free is incremented twice. Hence when trim is executed, a zero-division bug is triggered in mb_update_avg_fragment_size() because bb_free is not zero and bb_fragments is zero. Therefore, update move_len after each extent move to avoid the issue. (CVE-2024-26704)
In the Linux kernel, the following vulnerability has been resolved: parisc: Fix random data corruption from exception handler The current exception handler implementation, which assists when accessing user space memory, may exhibit random data corruption if the compiler decides to use a different register than the specified register %r29 (defined in ASM_EXCEPTIONTABLE_REG) for the error code. If the compiler choose another register, the fault handler will nevertheless store -EFAULT into %r29 and thus trash whatever this register is used for. Looking at the assembly I found that this happens sometimes in emulate_ldd(). To solve the issue, the easiest solution would be if it somehow is possible to tell the fault handler which register is used to hold the error code. Using %0 or %1 in the inline assembly is not posssible as it will show up as e.g. %r29 (with the %r prefix), which the GNU assembler can not convert to an integer. This patch takes another, better and more flexible approach: We extend the __ex_table (which is out of the execution path) by one 32-word. In this word we tell the compiler to insert the assembler instruction or %r0,%r0,%reg, where %reg references the register which the compiler choosed for the error return code. In case of an access failure, the fault handler finds the __ex_table entry and can examine the opcode. The used register is encoded in the lowest 5 bits, and the fault handler can then store -EFAULT into this register. Since we extend the __ex_table to 3 words we can’t use the BUILDTIME_TABLE_SORT config option any longer. (CVE-2024-26706)
In the Linux kernel, the following vulnerability has been resolved: net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame() Syzkaller reported [1] hitting a warning after failing to allocate resources for skb in hsr_init_skb(). Since a WARN_ONCE() call will not help much in this case, it might be prudent to switch to netdev_warn_once(). At the very least it will suppress syzkaller reports such as [1]. Just in case, use netdev_warn_once() in send_prp_supervision_frame() for similar reasons. [1] HSR: Could not send supervision frame WARNING: CPU: 1 PID: 85 at net/hsr/hsr_device.c:294 send_hsr_supervision_frame+0x60a/0x810 net/hsr/hsr_device.c:294 RIP:
0010:send_hsr_supervision_frame+0x60a/0x810 net/hsr/hsr_device.c:294 … Call Trace: <IRQ> hsr_announce+0x114/0x370 net/hsr/hsr_device.c:382 call_timer_fn+0x193/0x590 kernel/time/timer.c:1700 expire_timers kernel/time/timer.c:1751 [inline] __run_timers+0x764/0xb20 kernel/time/timer.c:2022 run_timer_softirq+0x58/0xd0 kernel/time/timer.c:2035 __do_softirq+0x21a/0x8de kernel/softirq.c:553 invoke_softirq kernel/softirq.c:427 [inline] __irq_exit_rcu kernel/softirq.c:632 [inline] irq_exit_rcu+0xb7/0x120 kernel/softirq.c:644 sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1076 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:649 … This issue is also found in older kernels (at least up to 5.10).
(CVE-2024-26707)
In the Linux kernel, the following vulnerability has been resolved: powerpc/kasan: Limit KASAN thread size increase to 32KB KASAN is seen to increase stack usage, to the point that it was reported to lead to stack overflow on some 32-bit machines (see link). To avoid overflows the stack size was doubled for KASAN builds in commit 3e8635fb2e07 (powerpc/kasan: Force thread size increase with KASAN). However with a 32KB stack size to begin with, the doubling leads to a 64KB stack, which causes build errors:
arch/powerpc/kernel/switch.S:249: Error: operand out of range (0x000000000000fe50 is not between 0xffffffffffff8000 and 0x0000000000007fff) Although the asm could be reworked, in practice a 32KB stack seems sufficient even for KASAN builds - the additional usage seems to be in the 2-3KB range for a 64-bit KASAN build. So only increase the stack for KASAN if the stack size is < 32KB. (CVE-2024-26710)
In the Linux kernel, the following vulnerability has been resolved: powerpc/kasan: Fix addr error caused by page alignment In kasan_init_region, when k_start is not page aligned, at the begin of for loop, k_cur = k_start & PAGE_MASK is less than k_start, and then va = block + k_cur - k_start
is less than block, the addr va is invalid, because the memory address space from va to block is not alloced by memblock_alloc, which will not be reserved by memblock_reserve later, it will be used by other places. As a result, memory overwriting occurs. for example: int __init __weak kasan_init_region(void start, size_t size) { […] / if say block(dcd97000) k_start(feef7400) k_end(feeff3fe) */ block = memblock_alloc(k_end
In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: sc8180x: Mark CO0 BCM keepalive The CO0 BCM needs to be up at all times, otherwise some hardware (like the UFS controller) loses its connection to the rest of the SoC, resulting in a hang of the platform, accompanied by a spectacular logspam. Mark it as keepalive to prevent such cases. (CVE-2024-26714)
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend In current scenario if Plug-out and Plug-In performed continuously there could be a chance while checking for dwc->gadget_driver in dwc3_gadget_suspend, a NULL pointer dereference may occur. Call Stack: CPU1: CPU2: gadget_unbind_driver dwc3_suspend_common dwc3_gadget_stop dwc3_gadget_suspend dwc3_disconnect_gadget CPU1 basically clears the variable and CPU2 checks the variable. Consider CPU1 is running and right before gadget_driver is cleared and in parallel CPU2 executes dwc3_gadget_suspend where it finds dwc->gadget_driver which is not NULL and resumes execution and then CPU1 completes execution. CPU2 executes dwc3_disconnect_gadget where it checks dwc->gadget_driver is already NULL because of which the NULL pointer deference occur. (CVE-2024-26715)
In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid-of: fix NULL-deref on failed power up A while back the I2C HID implementation was split in an ACPI and OF part, but the new OF driver never initialises the client pointer which is dereferenced on power-up failures. (CVE-2024-26717)
In the Linux kernel, the following vulnerability has been resolved: dm-crypt, dm-verity: disable tasklets Tasklets have an inherent problem with memory corruption. The function tasklet_action_common calls tasklet_trylock, then it calls the tasklet callback and then it calls tasklet_unlock. If the tasklet callback frees the structure that contains the tasklet or if it calls some code that may free it, tasklet_unlock will write into free memory. The commits 8e14f610159d and d9a02e016aaf try to fix it for dm-crypt, but it is not a sufficient fix and the data corruption can still happen [1]. There is no fix for dm-verity and dm-verity will write into free memory with every tasklet-processed bio. There will be atomic workqueues implemented in the kernel 6.9 [2]. They will have better interface and they will not suffer from the memory corruption problem. But we need something that stops the memory corruption now and that can be backported to the stable kernels. So, I’m proposing this commit that disables tasklets in both dm- crypt and dm-verity. This commit doesn’t remove the tasklet support, because the tasklet code will be reused when atomic workqueues will be implemented. [1] https://lore.kernel.org/all/[email protected]/T/ [2] https://lore.kernel.org/lkml/[email protected]/ (CVE-2024-26718)
In the Linux kernel, the following vulnerability has been resolved: mm/writeback: fix possible divide-by- zero in wb_dirty_limits(), again (struct dirty_throttle_control *)->thresh is an unsigned long, but is passed as the u32 divisor argument to div_u64(). On architectures where unsigned long is 64 bytes, the argument will be implicitly truncated. Use div64_u64() instead of div_u64() so that the value used in the is this a safe division check is the same as the divisor. Also, remove redundant cast of the numerator to u64, as that should happen implicitly. This would be difficult to exploit in memcg domain, given the ratio-based arithmetic domain_drity_limits() uses, but is much easier in global writeback domain with a BDI_CAP_STRICTLIMIT-backing device, using e.g. vm.dirty_bytes=(1<<32)*PAGE_SIZE so that dtc->thresh == (1<<32) (CVE-2024-26720)
In the Linux kernel, the following vulnerability has been resolved: ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() There is a path in rt5645_jack_detect_work(), where rt5645->jd_mutex is left locked forever. That may lead to deadlock when rt5645_jack_detect_work() is called for the second time.
Found by Linux Verification Center (linuxtesting.org) with SVACE. (CVE-2024-26722)
In the Linux kernel, the following vulnerability has been resolved: lan966x: Fix crash when adding interface under a lag There is a crash when adding one of the lan966x interfaces under a lag interface.
The issue can be reproduced like this: ip link add name bond0 type bond miimon 100 mode balance-xor ip link set dev eth0 master bond0 The reason is because when adding a interface under the lag it would go through all the ports and try to figure out which other ports are under that lag interface. And the issue is that lan966x can have ports that are NULL pointer as they are not probed. So then iterating over these ports it would just crash as they are NULL pointers. The fix consists in actually checking for NULL pointers before accessing something from the ports. Like we do in other places. (CVE-2024-26723)
In the Linux kernel, the following vulnerability has been resolved: btrfs: don’t drop extent_map for free space inode on write error While running the CI for an unrelated change I hit the following panic with generic/648 on btrfs_holes_spacecache. assertion failed: block_start != EXTENT_MAP_HOLE, in fs/btrfs/extent_io.c:1385 ------------[ cut here ]------------ kernel BUG at fs/btrfs/extent_io.c:1385! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 1 PID: 2695096 Comm: fsstress Kdump: loaded Tainted: G W 6.8.0-rc2+ #1 RIP: 0010:__extent_writepage_io.constprop.0+0x4c1/0x5c0 Call Trace: <TASK> extent_write_cache_pages+0x2ac/0x8f0 extent_writepages+0x87/0x110 do_writepages+0xd5/0x1f0 filemap_fdatawrite_wbc+0x63/0x90 __filemap_fdatawrite_range+0x5c/0x80 btrfs_fdatawrite_range+0x1f/0x50 btrfs_write_out_cache+0x507/0x560 btrfs_write_dirty_block_groups+0x32a/0x420 commit_cowonly_roots+0x21b/0x290 btrfs_commit_transaction+0x813/0x1360 btrfs_sync_file+0x51a/0x640
__x64_sys_fdatasync+0x52/0x90 do_syscall_64+0x9c/0x190 entry_SYSCALL_64_after_hwframe+0x6e/0x76 This happens because we fail to write out the free space cache in one instance, come back around and attempt to write it again. However on the second pass through we go to call btrfs_get_extent() on the inode to get the extent mapping. Because this is a new block group, and with the free space inode we always search the commit root to avoid deadlocking with the tree, we find nothing and return a EXTENT_MAP_HOLE for the requested range. This happens because the first time we try to write the space cache out we hit an error, and on an error we drop the extent mapping. This is normal for normal files, but the free space cache inode is special. We always expect the extent map to be correct. Thus the second time through we end up with a bogus extent map. Since we’re deprecating this feature, the most straightforward way to fix this is to simply skip dropping the extent map range for this failed range. I shortened the test by using error injection to stress the area to make it easier to reproduce. With this patch in place we no longer panic with my error injection test. (CVE-2024-26726)
In the Linux kernel, the following vulnerability has been resolved: btrfs: do not ASSERT() if the newly created subvolume already got read [BUG] There is a syzbot crash, triggered by the ASSERT() during subvolume creation: assertion failed: !anon_dev, in fs/btrfs/disk-io.c:1319 ------------[ cut here ]------------ kernel BUG at fs/btrfs/disk-io.c:1319! invalid opcode: 0000 [#1] PREEMPT SMP KASAN RIP:
0010:btrfs_get_root_ref.part.0+0x9aa/0xa60 <TASK> btrfs_get_new_fs_root+0xd3/0xf0 create_subvol+0xd02/0x1650 btrfs_mksubvol+0xe95/0x12b0 __btrfs_ioctl_snap_create+0x2f9/0x4f0 btrfs_ioctl_snap_create+0x16b/0x200 btrfs_ioctl+0x35f0/0x5cf0 __x64_sys_ioctl+0x19d/0x210 do_syscall_64+0x3f/0xe0 entry_SYSCALL_64_after_hwframe+0x63/0x6b —[ end trace 0000000000000000 ]— [CAUSE] During create_subvol(), after inserting root item for the newly created subvolume, we would trigger btrfs_get_new_fs_root() to get the btrfs_root of that subvolume. The idea here is, we have preallocated an anonymous device number for the subvolume, thus we can assign it to the new subvolume. But there is really nothing preventing things like backref walk to read the new subvolume. If that happens before we call btrfs_get_new_fs_root(), the subvolume would be read out, with a new anonymous device number assigned already. In that case, we would trigger ASSERT(), as we really expect no one to read out that subvolume (which is not yet accessible from the fs). But things like backref walk is still possible to trigger the read on the subvolume. Thus our assumption on the ASSERT() is not correct in the first place. [FIX] Fix it by removing the ASSERT(), and just free the @anon_dev, reset it to 0, and continue. If the subvolume tree is read out by something else, it should have already get a new anon_dev assigned thus we only need to free the preallocated one. (CVE-2024-26727)
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready() syzbot reported the following NULL pointer dereference issue [1]: BUG: kernel NULL pointer dereference, address: 0000000000000000 […] RIP: 0010:0x0 […] Call Trace:
<TASK> sk_psock_verdict_data_ready+0x232/0x340 net/core/skmsg.c:1230 unix_stream_sendmsg+0x9b4/0x1230 net/unix/af_unix.c:2293 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x221/0x270 net/socket.c:745 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584 ___sys_sendmsg net/socket.c:2638 [inline]
__sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667 do_syscall_64+0xf9/0x240 entry_SYSCALL_64_after_hwframe+0x6f/0x77 If sk_psock_verdict_data_ready() and sk_psock_stop_verdict() are called concurrently, psock->saved_data_ready can be NULL, causing the above issue. This patch fixes this issue by calling the appropriate data ready function using the sk_psock_data_ready() helper and protecting it from concurrency with sk->sk_callback_lock. (CVE-2024-26731)
In the Linux kernel, the following vulnerability has been resolved: arp: Prevent overflow in arp_req_get(). syzkaller reported an overflown write in arp_req_get(). [0] When ioctl(SIOCGARP) is issued, arp_req_get() looks up an neighbour entry and copies neigh->ha to struct arpreq.arp_ha.sa_data. The arp_ha here is struct sockaddr, not struct sockaddr_storage, so the sa_data buffer is just 14 bytes. In the splat below, 2 bytes are overflown to the next int field, arp_flags. We initialise the field just after the memcpy(), so it’s not a problem. However, when dev->addr_len is greater than 22 (e.g. MAX_ADDR_LEN), arp_netmask is overwritten, which could be set as htonl(0xFFFFFFFFUL) in arp_ioctl() before calling arp_req_get(). To avoid the overflow, let’s limit the max length of memcpy(). Note that commit b5f0de6df6dc (net: dev: Convert sa_data to flexible array in struct sockaddr) just silenced syzkaller.
[0]: memcpy: detected field-spanning write (size 16) of single field r->arp_ha.sa_data at net/ipv4/arp.c:1128 (size 14) WARNING: CPU: 0 PID: 144638 at net/ipv4/arp.c:1128 arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128 Modules linked in: CPU: 0 PID: 144638 Comm: syz-executor.4 Not tainted 6.1.74 #31 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 04/01/2014 RIP:
0010:arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128 Code: fd ff ff e8 41 42 de fb b9 0e 00 00 00 4c 89 fe 48 c7 c2 20 6d ab 87 48 c7 c7 80 6d ab 87 c6 05 25 af 72 04 01 e8 5f 8d ad fb <0f> 0b e9 6c fd ff ff e8 13 42 de fb be 03 00 00 00 4c 89 e7 e8 a6 RSP: 0018:ffffc900050b7998 EFLAGS: 00010286 RAX: 0000000000000000 RBX:
ffff88803a815000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8641a44a RDI: 0000000000000001 RBP: ffffc900050b7a98 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11:
203a7970636d656d R12: ffff888039c54000 R13: 1ffff92000a16f37 R14: ffff88803a815084 R15: 0000000000000010 FS: 00007f172bf306c0(0000) GS:ffff88805aa00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f172b3569f0 CR3: 0000000057f12005 CR4: 0000000000770ef0 DR0:
0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> arp_ioctl+0x33f/0x4b0 net/ipv4/arp.c:1261 inet_ioctl+0x314/0x3a0 net/ipv4/af_inet.c:981 sock_do_ioctl+0xdf/0x260 net/socket.c:1204 sock_ioctl+0x3ef/0x650 net/socket.c:1321 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x18e/0x220 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x37/0x90 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x64/0xce RIP: 0033:0x7f172b262b8d Code: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f172bf300b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f172b3abf80 RCX: 00007f172b262b8d RDX:
0000000020000000 RSI: 0000000000008954 RDI: 0000000000000003 RBP: 00007f172b2d3493 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13:
000000000000000b R14: 00007f172b3abf80 R15: 00007f172bf10000 </TASK> (CVE-2024-26733)
In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix possible use-after-free and null-ptr-deref The pernet operations structure for the subsystem must be registered before registering the generic netlink family. (CVE-2024-26735)
In the Linux kernel, the following vulnerability has been resolved: afs: Increase buffer size in afs_update_volume_status() The max length of volume->vid value is 20 characters. So increase idbuf[] size up to 24 to avoid overflow. Found by Linux Verification Center (linuxtesting.org) with SVACE. [DH:
Actually, it’s 20 + NUL, so increase it to 24 and use snprintf()] (CVE-2024-26736)
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel The following race is possible between bpf_timer_cancel_and_free and bpf_timer_cancel. It will lead a UAF on the timer->timer.
bpf_timer_cancel(); spin_lock(); t = timer->time; spin_unlock(); bpf_timer_cancel_and_free(); spin_lock();
t = timer->timer; timer->timer = NULL; spin_unlock(); hrtimer_cancel(&t->timer); kfree(t); /* UAF on t */ hrtimer_cancel(&t->timer); In bpf_timer_cancel_and_free, this patch frees the timer->timer after a rcu grace period. This requires a rcu_head addition to the struct bpf_hrtimer. Another kfree(t) happens in bpf_timer_init, this does not need a kfree_rcu because it is still under the spin_lock and timer->timer has not been visible by others yet. In bpf_timer_cancel, rcu_read_lock() is added because this helper can be used in a non rcu critical section context (e.g. from a sleepable bpf prog). Other timer->timer usages in helpers.c have been audited, bpf_timer_cancel() is the only place where timer->timer is used outside of the spin_lock. Another solution considered is to mark a t->flag in bpf_timer_cancel and clear it after hrtimer_cancel() is done. In bpf_timer_cancel_and_free, it busy waits for the flag to be cleared before kfree(t). This patch goes with a straight forward solution and frees timer->timer after a rcu grace period. (CVE-2024-26737)
In the Linux kernel, the following vulnerability has been resolved: dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished(). syzkaller reported a warning [0] in inet_csk_destroy_sock() with no repro. WARN_ON(inet_sk(sk)->inet_num && !inet_csk(sk)->icsk_bind_hash); However, the syzkaller’s log hinted that connect() failed just before the warning due to FAULT_INJECTION. [1] When connect() is called for an unbound socket, we search for an available ephemeral port. If a bhash bucket exists for the port, we call __inet_check_established() or __inet6_check_established() to check if the bucket is reusable. If reusable, we add the socket into ehash and set inet_sk(sk)->inet_num. Later, we look up the corresponding bhash2 bucket and try to allocate it if it does not exist. Although it rarely occurs in real use, if the allocation fails, we must revert the changes by check_established(). Otherwise, an unconnected socket could illegally occupy an ehash entry. Note that we do not put tw back into ehash because sk might have already responded to a packet for tw and it would be better to free tw earlier under such memory presure.
[0]: WARNING: CPU: 0 PID: 350830 at net/ipv4/inet_connection_sock.c:1193 inet_csk_destroy_sock (net/ipv4/inet_connection_sock.c:1193) Modules linked in: Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 RIP: 0010:inet_csk_destroy_sock (net/ipv4/inet_connection_sock.c:1193) Code: 41 5c 41 5d 41 5e e9 2d 4a 3d fd e8 28 4a 3d fd 48 89 ef e8 f0 cd 7d ff 5b 5d 41 5c 41 5d 41 5e e9 13 4a 3d fd e8 0e 4a 3d fd <0f> 0b e9 61 fe ff ff e8 02 4a 3d fd 4c 89 e7 be 03 00 00 00 e8 05 RSP: 0018:ffffc9000b21fd38 EFLAGS: 00010293 RAX: 0000000000000000 RBX:
0000000000009e78 RCX: ffffffff840bae40 RDX: ffff88806e46c600 RSI: ffffffff840bb012 RDI: ffff88811755cca8 RBP: ffff88811755c880 R08: 0000000000000003 R09: 0000000000000000 R10: 0000000000009e78 R11:
0000000000000000 R12: ffff88811755c8e0 R13: ffff88811755c892 R14: ffff88811755c918 R15: 0000000000000000 FS: 00007f03e5243800(0000) GS:ffff88811ae00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b32f21000 CR3: 0000000112ffe001 CR4: 0000000000770ef0 PKRU: 55555554 Call Trace: <TASK> ? inet_csk_destroy_sock (net/ipv4/inet_connection_sock.c:1193) dccp_close (net/dccp/proto.c:1078) inet_release (net/ipv4/af_inet.c:434) __sock_release (net/socket.c:660) sock_close (net/socket.c:1423) __fput (fs/file_table.c:377) __fput_sync (fs/file_table.c:462) __x64_sys_close (fs/open.c:1557 fs/open.c:1539 fs/open.c:1539) do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129) RIP:
0033:0x7f03e53852bb Code: 03 00 00 00 0f 05 48 3d 00 f0 ff ff 77 41 c3 48 83 ec 18 89 7c 24 0c e8 43 c9 f5 ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 c9 f5 ff 8b 44 RSP: 002b:00000000005dfba0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: ffffffffffffffda RBX:
0000000000000004 RCX: 00007f03e53852bb RDX: 0000000000000002 RSI: 0000000000000002 RDI: 0000000000000003 RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000167c R10: 0000000008a79680 R11:
0000000000000293 R12: 00007f03e4e43000 R13: 00007f03e4e43170 R14: 00007f03e4e43178 R15: 00007f03e4e43170 </TASK> [1]: FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 350833 Comm: syz-executor.1 Not tainted 6.7.0-12272-g2121c43f88f5 #9 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 Call Trace: <TASK> dump_stack_lvl (lib/dump_stack.c:107 (discriminator 1)) should_fail_ex (lib/fault- inject.c:52 lib/fault-inject.c:153) should_failslab (mm/slub.c:3748) kmem_cache_alloc (mm/slub.c:3763 mm/slub.c:3842 mm/slub.c:3867) inet_bind2_bucket_create —truncated— (CVE-2024-26741)
In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Fix disable_managed_interrupts Correct blk-mq registration issue with module parameter disable_managed_interrupts enabled. When we turn off the default PCI_IRQ_AFFINITY flag, the driver needs to register with blk-mq using blk_mq_map_queues(). The driver is currently calling blk_mq_pci_map_queues() which results in a stack trace and possibly undefined behavior. Stack Trace: [ 7.860089] scsi host2:
smartpqi [ 7.871934] WARNING: CPU: 0 PID: 238 at block/blk-mq-pci.c:52 blk_mq_pci_map_queues+0xca/0xd0 [ 7.889231] Modules linked in: sd_mod t10_pi sg uas smartpqi(+) crc32c_intel scsi_transport_sas usb_storage dm_mirror dm_region_hash dm_log dm_mod ipmi_devintf ipmi_msghandler fuse [ 7.924755] CPU: 0 PID: 238 Comm:
kworker/0:3 Not tainted 4.18.0-372.88.1.el8_6_smartpqi_test.x86_64 #1 [ 7.944336] Hardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 03/08/2022 [ 7.963026] Workqueue: events work_for_cpu_fn [ 7.978275] RIP: 0010:blk_mq_pci_map_queues+0xca/0xd0 [ 7.978278] Code: 48 89 de 89 c7 e8 f6 0f 4f 00 3b 05 c4 b7 8e 01 72 e1 5b 31 c0 5d 41 5c 41 5d 41 5e 41 5f e9 7d df 73 00 31 c0 e9 76 df 73 00 <0f> 0b eb bc 90 90 0f 1f 44 00 00 41 57 49 89 ff 41 56 41 55 41 54 [ 7.978280] RSP:
0018:ffffa95fc3707d50 EFLAGS: 00010216 [ 7.978283] RAX: 00000000ffffffff RBX: 0000000000000000 RCX:
0000000000000010 [ 7.978284] RDX: 0000000000000004 RSI: 0000000000000000 RDI: ffff9190c32d4310 [ 7.978286] RBP: 0000000000000000 R08: ffffa95fc3707d38 R09: ffff91929b81ac00 [ 7.978287] R10: 0000000000000001 R11:
ffffa95fc3707ac0 R12: 0000000000000000 [ 7.978288] R13: ffff9190c32d4000 R14: 00000000ffffffff R15:
ffff9190c4c950a8 [ 7.978290] FS: 0000000000000000(0000) GS:ffff9193efc00000(0000) knlGS:0000000000000000 [ 7.978292] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 8.172814] CR2: 000055d11166c000 CR3:
00000002dae10002 CR4: 00000000007706f0 [ 8.172816] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000 [ 8.172817] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 8.172818] PKRU: 55555554 [ 8.172819] Call Trace: [ 8.172823] blk_mq_alloc_tag_set+0x12e/0x310 [ 8.264339] scsi_add_host_with_dma.cold.9+0x30/0x245 [ 8.279302] pqi_ctrl_init+0xacf/0xc8e [smartpqi] [ 8.294085] ? pqi_pci_probe+0x480/0x4c8 [smartpqi] [ 8.309015] pqi_pci_probe+0x480/0x4c8 [smartpqi] [ 8.323286] local_pci_probe+0x42/0x80 [ 8.337855] work_for_cpu_fn+0x16/0x20 [ 8.351193] process_one_work+0x1a7/0x360 [ 8.364462] ? create_worker+0x1a0/0x1a0 [ 8.379252] worker_thread+0x1ce/0x390 [ 8.392623] ? create_worker+0x1a0/0x1a0 [ 8.406295] kthread+0x10a/0x120 [ 8.418428] ? set_kthread_struct+0x50/0x50 [ 8.431532] ret_from_fork+0x1f/0x40 [ 8.444137] —[ end trace 1bf0173d39354506 ]— (CVE-2024-26742)
In the Linux kernel, the following vulnerability has been resolved: RDMA/qedr: Fix qedr_create_user_qp error flow Avoid the following warning by making sure to free the allocated resources in case that qedr_init_user_queue() fail. -----------[ cut here ]----------- WARNING: CPU: 0 PID: 143192 at drivers/infiniband/core/rdma_core.c:874 uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs] Modules linked in:
tls target_core_user uio target_core_pscsi target_core_file target_core_iblock ib_srpt ib_srp scsi_transport_srp nfsd nfs_acl rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs 8021q garp mrp stp llc ext4 mbcache jbd2 opa_vnic ib_umad ib_ipoib sunrpc rdma_ucm ib_isert iscsi_target_mod target_core_mod ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm hfi1 intel_rapl_msr intel_rapl_common mgag200 qedr sb_edac drm_shmem_helper rdmavt x86_pkg_temp_thermal drm_kms_helper intel_powerclamp ib_uverbs coretemp i2c_algo_bit kvm_intel dell_wmi_descriptor ipmi_ssif sparse_keymap kvm ib_core rfkill syscopyarea sysfillrect video sysimgblt irqbypass ipmi_si ipmi_devintf fb_sys_fops rapl iTCO_wdt mxm_wmi iTCO_vendor_support intel_cstate pcspkr dcdbas intel_uncore ipmi_msghandler lpc_ich acpi_power_meter mei_me mei fuse drm xfs libcrc32c qede sd_mod ahci libahci t10_pi sg crct10dif_pclmul crc32_pclmul crc32c_intel qed libata tg3 ghash_clmulni_intel megaraid_sas crc8 wmi [last unloaded: ib_srpt] CPU: 0 PID: 143192 Comm: fi_rdm_tagged_p Kdump: loaded Not tainted 5.14.0-408.el9.x86_64 #1 Hardware name: Dell Inc. PowerEdge R430/03XKDV, BIOS 2.14.0 01/25/2022 RIP:
0010:uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs] Code: 5d 41 5c 41 5d 41 5e e9 0f 26 1b dd 48 89 df e8 67 6a ff ff 49 8b 86 10 01 00 00 48 85 c0 74 9c 4c 89 e7 e8 83 c0 cb dd eb 92 <0f> 0b eb be 0f 0b be 04 00 00 00 48 89 df e8 8e f5 ff ff e9 6d ff RSP: 0018:ffffb7c6cadfbc60 EFLAGS: 00010286 RAX: ffff8f0889ee3f60 RBX: ffff8f088c1a5200 RCX: 00000000802a0016 RDX: 00000000802a0017 RSI: 0000000000000001 RDI:
ffff8f0880042600 RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 R10: ffff8f11fffd5000 R11: 0000000000039000 R12: ffff8f0d5b36cd80 R13: ffff8f088c1a5250 R14: ffff8f1206d91000 R15:
0000000000000000 FS: 0000000000000000(0000) GS:ffff8f11d7c00000(0000) knlGS:0000000000000000 CS: 0010 DS:
0000 ES: 0000 CR0: 0000000080050033 CR2: 0000147069200e20 CR3: 00000001c7210002 CR4: 00000000001706f0 Call Trace: <TASK> ? show_trace_log_lvl+0x1c4/0x2df ? show_trace_log_lvl+0x1c4/0x2df ? ib_uverbs_close+0x1f/0xb0 [ib_uverbs] ? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs] ? __warn+0x81/0x110 ? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs] ? report_bug+0x10a/0x140 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x14/0x70 ? asm_exc_invalid_op+0x16/0x20 ? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs] ib_uverbs_close+0x1f/0xb0 [ib_uverbs] __fput+0x94/0x250 task_work_run+0x5c/0x90 do_exit+0x270/0x4a0 do_group_exit+0x2d/0x90 get_signal+0x87c/0x8c0 arch_do_signal_or_restart+0x25/0x100 ? ib_uverbs_ioctl+0xc2/0x110 [ib_uverbs] exit_to_user_mode_loop+0x9c/0x130 exit_to_user_mode_prepare+0xb6/0x100 syscall_exit_to_user_mode+0x12/0x40 do_syscall_64+0x69/0x90 ? syscall_exit_work+0x103/0x130 ? syscall_exit_to_user_mode+0x22/0x40 ? do_syscall_64+0x69/0x90 ? syscall_exit_work+0x103/0x130 ? syscall_exit_to_user_mode+0x22/0x40 ? do_syscall_64+0x69/0x90 ? do_syscall_64+0x69/0x90 ? common_interrupt+0x43/0xa0 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP:
0033:0x1470abe3ec6b Code: Unable to access opcode bytes at RIP 0x1470abe3ec41. RSP: 002b:00007fff13ce9108 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: fffffffffffffffc RBX: 00007fff13ce9218 RCX:
00001470abe3ec6b RDX: 00007fff13ce9200 RSI: 00000000c0181b01 RDI: 0000000000000004 RBP: 00007fff13ce91e0 R08: 0000558d9655da10 R09: 0000558d9655dd00 R10: 00007fff13ce95c0 R11: 0000000000000246 R12:
00007fff13ce9358 R13: 0000000000000013 R14: 0000558d9655db50 R15: 00007fff13ce9470 </TASK> --[ end trace 888a9b92e04c5c97 ]-- (CVE-2024-26743)
In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Support specifying the srpt_service_guid parameter Make loading ib_srpt with this parameter set work. The current behavior is that setting that parameter while loading the ib_srpt kernel module triggers the following kernel crash:
BUG: kernel NULL pointer dereference, address: 0000000000000000 Call Trace: <TASK> parse_one+0x18c/0x1d0 parse_args+0xe1/0x230 load_module+0x8de/0xa60 init_module_from_file+0x8b/0xd0 idempotent_init_module+0x181/0x240 __x64_sys_finit_module+0x5a/0xb0 do_syscall_64+0x5f/0xe0 entry_SYSCALL_64_after_hwframe+0x6e/0x76 (CVE-2024-26744)
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV When kdump kernel tries to copy dump data over SR-IOV, LPAR panics due to NULL pointer exception: Kernel attempted to read user page (0) - exploit attempt? (uid: 0) BUG:
Kernel NULL pointer dereference on read at 0x00000000 Faulting instruction address: 0xc000000020847ad4 Oops: Kernel access of bad area, sig: 11 [#1] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries Modules linked in: mlx5_core(+) vmx_crypto pseries_wdt papr_scm libnvdimm mlxfw tls psample sunrpc fuse overlay squashfs loop CPU: 12 PID: 315 Comm: systemd-udevd Not tainted 6.4.0-Test102+ #12 Hardware name:
IBM,9080-HEX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NH1060_008) hv:phyp pSeries NIP:
c000000020847ad4 LR: c00000002083b2dc CTR: 00000000006cd18c REGS: c000000029162ca0 TRAP: 0300 Not tainted (6.4.0-Test102+) MSR: 800000000280b033 <SF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE> CR: 48288244 XER: 00000008 CFAR:
c00000002083b2d8 DAR: 0000000000000000 DSISR: 40000000 IRQMASK: 1 … NIP _find_next_zero_bit+0x24/0x110 LR bitmap_find_next_zero_area_off+0x5c/0xe0 Call Trace: dev_printk_emit+0x38/0x48 (unreliable) iommu_area_alloc+0xc4/0x180 iommu_range_alloc+0x1e8/0x580 iommu_alloc+0x60/0x130 iommu_alloc_coherent+0x158/0x2b0 dma_iommu_alloc_coherent+0x3c/0x50 dma_alloc_attrs+0x170/0x1f0 mlx5_cmd_init+0xc0/0x760 [mlx5_core] mlx5_function_setup+0xf0/0x510 [mlx5_core] mlx5_init_one+0x84/0x210 [mlx5_core] probe_one+0x118/0x2c0 [mlx5_core] local_pci_probe+0x68/0x110 pci_call_probe+0x68/0x200 pci_device_probe+0xbc/0x1a0 really_probe+0x104/0x540 __driver_probe_device+0xb4/0x230 driver_probe_device+0x54/0x130 __driver_attach+0x158/0x2b0 bus_for_each_dev+0xa8/0x130 driver_attach+0x34/0x50 bus_add_driver+0x16c/0x300 driver_register+0xa4/0x1b0
__pci_register_driver+0x68/0x80 mlx5_init+0xb8/0x100 [mlx5_core] do_one_initcall+0x60/0x300 do_init_module+0x7c/0x2b0 At the time of LPAR dump, before kexec hands over control to kdump kernel, DDWs (Dynamic DMA Windows) are scanned and added to the FDT. For the SR-IOV case, default DMA window ibm,dma- window is removed from the FDT and DDW added, for the device. Now, kexec hands over control to the kdump kernel. When the kdump kernel initializes, PCI busses are scanned and IOMMU group/tables created, in pci_dma_bus_setup_pSeriesLP(). For the SR-IOV case, there is no ibm,dma-window. The original commit:
b1fc44eaa9ba, fixes the path where memory is pre-mapped (direct mapped) to the DDW. When TCEs are direct mapped, there is no need to initialize IOMMU tables. iommu_table_setparms_lpar() only considers ibm,dma- window property when initiallizing IOMMU table. In the scenario where TCEs are dynamically allocated for SR-IOV, newly created IOMMU table is not initialized. Later, when the device driver tries to enter TCEs for the SR-IOV device, NULL pointer execption is thrown from iommu_area_alloc(). The fix is to initialize the IOMMU table with DDW property stored in the FDT. There are 2 points to remember: 1. For the dedicated adapter, kdump kernel would encounter both default and DDW in FDT. In this case, DDW property is used to initialize the IOMMU table. 2. A DDW could be direct or dynamic mapped. kdump kernel would initialize IOMMU table and mark the existing DDW as dynamic. This works fine since, at the time of table initialization, iommu_table_clear() makes some space in the DDW, for some predefined number of TCEs which are needed for kdump to succeed. (CVE-2024-26745)
In the Linux kernel, the following vulnerability has been resolved: usb: roles: fix NULL pointer issue when put module’s reference In current design, usb role class driver will get usb_role_switch parent’s module reference after the user get usb_role_switch device and put the reference after the user put the usb_role_switch device. However, the parent device of usb_role_switch may be removed before the user put the usb_role_switch. If so, then, NULL pointer issue will be met when the user put the parent module’s reference. This will save the module pointer in structure of usb_role_switch. Then, we don’t need to find module by iterating long relations. (CVE-2024-26747)
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix memory double free when handle zero packet 829 if (request->complete) { 830 spin_unlock(&priv_dev->lock); 831 usb_gadget_giveback_request(&priv_ep->endpoint, 832 request); 833 spin_lock(&priv_dev->lock); 834 } 835 836 if (request->buf == priv_dev->zlp_buf) 837 cdns3_gadget_ep_free_request(&priv_ep->endpoint, request);
Driver append an additional zero packet request when queue a packet, which length mod max packet size is 0. When transfer complete, run to line 831, usb_gadget_giveback_request() will free this requestion. 836 condition is true, so cdns3_gadget_ep_free_request() free this request again. Log: [ 1920.140696][ T150] BUG: KFENCE: use-after-free read in cdns3_gadget_giveback+0x134/0x2c0 [cdns3] [ 1920.140696][ T150] [ 1920.151837][ T150] Use-after-free read at 0x000000003d1cd10b (in kfence-#36): [ 1920.159082][ T150] cdns3_gadget_giveback+0x134/0x2c0 [cdns3] [ 1920.164988][ T150] cdns3_transfer_completed+0x438/0x5f8 [cdns3] Add check at line 829, skip call usb_gadget_giveback_request() if it is additional zero length packet request. Needn’t call usb_gadget_giveback_request() because it is allocated in this driver.
(CVE-2024-26748)
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() … cdns3_gadget_ep_free_request(&priv_ep->endpoint, &priv_req->request); list_del_init(&priv_req->list); … ‘priv_req’ actually free at cdns3_gadget_ep_free_request(). But list_del_init() use priv_req->list after it. [ 1542.642868][ T534] BUG: KFENCE: use-after-free read in __list_del_entry_valid+0x10/0xd4 [ 1542.642868][ T534] [ 1542.653162][ T534] Use-after-free read at 0x000000009ed0ba99 (in kfence-#3): [ 1542.660311][ T534]
__list_del_entry_valid+0x10/0xd4 [ 1542.665375][ T534] cdns3_gadget_ep_disable+0x1f8/0x388 [cdns3] [ 1542.671571][ T534] usb_ep_disable+0x44/0xe4 [ 1542.675948][ T534] ffs_func_eps_disable+0x64/0xc8 [ 1542.680839][ T534] ffs_func_set_alt+0x74/0x368 [ 1542.685478][ T534] ffs_func_disable+0x18/0x28 Move list_del_init() before cdns3_gadget_ep_free_request() to resolve this problem. (CVE-2024-26749)
In the Linux kernel, the following vulnerability has been resolved: af_unix: Drop oob_skb ref before purging queue in GC. syzbot reported another task hung in __unix_gc(). [0] The current while loop assumes that all of the left candidates have oob_skb and calling kfree_skb(oob_skb) releases the remaining candidates. However, I missed a case that oob_skb has self-referencing fd and another fd and the latter sk is placed before the former in the candidate list. Then, the while loop never proceeds, resulting the task hung. __unix_gc() has the same loop just before purging the collected skb, so we can call kfree_skb(oob_skb) there and let __skb_queue_purge() release all inflight sockets. [0]: Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 2784 Comm: kworker/u4:8 Not tainted 6.8.0-rc4-syzkaller-01028-g71b605d32017 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 Workqueue: events_unbound __unix_gc RIP:
0010:__sanitizer_cov_trace_pc+0x0/0x70 kernel/kcov.c:200 Code: 89 fb e8 23 00 00 00 48 8b 3d 84 f5 1a 0c 48 89 de 5b e9 43 26 57 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 48 8b 04 24 65 48 8b 0d 90 52 70 7e 65 8b 15 91 52 70 RSP: 0018:ffffc9000a17fa78 EFLAGS: 00000287 RAX:
ffffffff8a0a6108 RBX: ffff88802b6c2640 RCX: ffff88802c0b3b80 RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000 RBP: ffffc9000a17fbf0 R08: ffffffff89383f1d R09: 1ffff1100ee5ff84 R10:
dffffc0000000000 R11: ffffed100ee5ff85 R12: 1ffff110056d84ee R13: ffffc9000a17fae0 R14: 0000000000000000 R15: ffffffff8f47b840 FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffef5687ff8 CR3: 0000000029b34000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6:
00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <NMI> </NMI> <TASK> __unix_gc+0xe69/0xf40 net/unix/garbage.c:343 process_one_work kernel/workqueue.c:2633 [inline] process_scheduled_works+0x913/0x1420 kernel/workqueue.c:2706 worker_thread+0xa5f/0x1000 kernel/workqueue.c:2787 kthread+0x2ef/0x390 kernel/kthread.c:388 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:242 </TASK> (CVE-2024-26750)
In the Linux kernel, the following vulnerability has been resolved: ARM: ep93xx: Add terminator to gpiod_lookup_table Without the terminator, if a con_id is passed to gpio_find() that does not exist in the lookup table the function will not stop looping correctly, and eventually cause an oops. (CVE-2024-26751)
In the Linux kernel, the following vulnerability has been resolved: l2tp: pass correct message length to ip6_append_data l2tp_ip6_sendmsg needs to avoid accounting for the transport header twice when splicing more data into an already partially-occupied skbuff. To manage this, we check whether the skbuff contains data using skb_queue_empty when deciding how much data to append using ip6_append_data. However, the code which performed the calculation was incorrect: ulen = len + skb_queue_empty(&sk->sk_write_queue) ? transhdrlen : 0; …due to C operator precedence, this ends up setting ulen to transhdrlen for messages with a non-zero length, which results in corrupted packets on the wire. Add parentheses to correct the calculation in line with the original intent. (CVE-2024-26752)
In the Linux kernel, the following vulnerability has been resolved: crypto: virtio/akcipher - Fix stack overflow on memcpy sizeof(struct virtio_crypto_akcipher_session_para) is less than sizeof(struct virtio_crypto_op_ctrl_req::u), copying more bytes from stack variable leads stack overflow. Clang reports this issue by commands: make -j CC=clang-14 mrproper >/dev/null 2>&1 make -j O=/tmp/crypto-build CC=clang-14 allmodconfig >/dev/null 2>&1 make -j O=/tmp/crypto-build W=1 CC=clang-14 drivers/crypto/virtio/ virtio_crypto_akcipher_algs.o (CVE-2024-26753)
In the Linux kernel, the following vulnerability has been resolved: gtp: fix use-after-free and null-ptr- deref in gtp_genl_dump_pdp() The gtp_net_ops pernet operations structure for the subsystem must be registered before registering the generic netlink family. Syzkaller hit ‘general protection fault in gtp_genl_dump_pdp’ bug: general protection fault, probably for non-canonical address 0xdffffc0000000002:
0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] CPU: 1 PID: 5826 Comm: gtp Not tainted 6.8.0-rc3-std-def-alt1 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-alt1 04/01/2014 RIP: 0010:gtp_genl_dump_pdp+0x1be/0x800 [gtp] Code: c6 89 c6 e8 64 e9 86 df 58 45 85 f6 0f 85 4e 04 00 00 e8 c5 ee 86 df 48 8b 54 24 18 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 de 05 00 00 48 8b 44 24 18 4c 8b 30 4c 39 f0 74 RSP: 0018:ffff888014107220 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09:
0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: ffff88800fcda588 R14: 0000000000000001 R15: 0000000000000000 FS: 00007f1be4eb05c0(0000) GS:ffff88806ce80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f1be4e766cf CR3:
000000000c33e000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> ? show_regs+0x90/0xa0 ? die_addr+0x50/0xd0 ? exc_general_protection+0x148/0x220 ? asm_exc_general_protection+0x22/0x30 ? gtp_genl_dump_pdp+0x1be/0x800 [gtp] ? __alloc_skb+0x1dd/0x350 ? __pfx___alloc_skb+0x10/0x10 genl_dumpit+0x11d/0x230 netlink_dump+0x5b9/0xce0 ? lockdep_hardirqs_on_prepare+0x253/0x430 ?
__pfx_netlink_dump+0x10/0x10 ? kasan_save_track+0x10/0x40 ? __kasan_kmalloc+0x9b/0xa0 ? genl_start+0x675/0x970 __netlink_dump_start+0x6fc/0x9f0 genl_family_rcv_msg_dumpit+0x1bb/0x2d0 ?
__pfx_genl_family_rcv_msg_dumpit+0x10/0x10 ? genl_op_from_small+0x2a/0x440 ? cap_capable+0x1d0/0x240 ?
__pfx_genl_start+0x10/0x10 ? __pfx_genl_dumpit+0x10/0x10 ? __pfx_genl_done+0x10/0x10 ? security_capable+0x9d/0xe0 (CVE-2024-26754)
In the Linux kernel, the following vulnerability has been resolved: mm/swap: fix race when skipping swapcache When skipping swapcache for SWP_SYNCHRONOUS_IO, if two or more threads swapin the same entry at the same time, they get different pages (A, B). Before one thread (T0) finishes the swapin and installs page (A) to the PTE, another thread (T1) could finish swapin of page (B), swap_free the entry, then swap out the possibly modified page reusing the same entry. It breaks the pte_same check in (T0) because PTE value is unchanged, causing ABA problem. Thread (T0) will install a stalled page (A) into the PTE and cause data corruption. One possible callstack is like this: CPU0 CPU1 ---- ---- do_swap_page() do_swap_page() with same entry <direct swapin path> <direct swapin path> <alloc page A> <alloc page B> swap_read_folio() <- read to page A swap_read_folio() <- read to page B <slow on later locks or interrupt> <finished swapin first> … set_pte_at() swap_free() <- entry is free <write to page B, now page A stalled> <swap out page B to same swap entry> pte_same() <- Check pass, PTE seems unchanged, but page A is stalled! swap_free() <- page B content lost! set_pte_at() <- staled page A installed! And besides, for ZRAM, swap_free() allows the swap device to discard the entry content, so even if page (B) is not modified, if swap_read_folio() on CPU0 happens later than swap_free() on CPU1, it may also cause data loss. To fix this, reuse swapcache_prepare which will pin the swap entry using the cache flag, and allow only one thread to swap it in, also prevent any parallel code from putting the entry in the cache. Release the pin after PT unlocked. Racers just loop and wait since it’s a rare and very short event. A schedule_timeout_uninterruptible(1) call is added to avoid repeated page faults wasting too much CPU, causing livelock or adding too much noise to perf statistics. A similar livelock issue was described in commit 029c4628b2eb (mm: swap: get rid of livelock in swapin readahead) Reproducer: This race issue can be triggered easily using a well constructed reproducer and patched brd (with a delay in read path) [1]:
With latest 6.8 mainline, race caused data loss can be observed easily: $ gcc -g -lpthread test-thread- swap-race.c && ./a.out Polulating 32MB of memory region… Keep swapping out… Starting round 0…
Spawning 65536 workers… 32746 workers spawned, wait for done… Round 0: Error on 0x5aa00, expected 32746, got 32743, 3 data loss! Round 0: Error on 0x395200, expected 32746, got 32743, 3 data loss! Round 0: Error on 0x3fd000, expected 32746, got 32737, 9 data loss! Round 0 Failed, 15 data loss! This reproducer spawns multiple threads sharing the same memory region using a small swap device. Every two threads updates mapped pages one by one in opposite direction trying to create a race, with one dedicated thread keep swapping out the data out using madvise. The reproducer created a reproduce rate of about once every 5 minutes, so the race should be totally possible in production. After this patch, I ran the reproducer for over a few hundred rounds and no data loss observed. Performance overhead is minimal, microbenchmark swapin 10G from 32G zram: Before: 10934698 us After: 11157121 us Cached: 13155355 us (Dropping SWP_SYNCHRONOUS_IO flag) [[email protected]: v4] Link:
https://lkml.kernel.org/r/[email protected] (CVE-2024-26759)
In the Linux kernel, the following vulnerability has been resolved: scsi: target: pscsi: Fix bio_put() for error case As of commit 066ff571011d (block: turn bio_kmalloc into a simple kmalloc wrapper), a bio allocated by bio_kmalloc() must be freed by bio_uninit() and kfree(). That is not done properly for the error case, hitting WARN and NULL pointer dereference in bio_free(). (CVE-2024-26760)
In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window The Linux CXL subsystem is built on the assumption that HPA == SPA. That is, the host physical address (HPA) the HDM decoder registers are programmed with are system physical addresses (SPA). During HDM decoder setup, the DVSEC CXL range registers (cxl-3.1, 8.1.3.8) are checked if the memory is enabled and the CXL range is in a HPA window that is described in a CFMWS structure of the CXL host bridge (cxl-3.1, 9.18.1.3). Now, if the HPA is not an SPA, the CXL range does not match a CFMWS window and the CXL memory range will be disabled then. The HDM decoder stops working which causes system memory being disabled and further a system hang during HDM decoder initialization, typically when a CXL enabled kernel boots. Prevent a system hang and do not disable the HDM decoder if the decoder’s CXL range is not found in a CFMWS window. Note the change only fixes a hardware hang, but does not implement HPA/SPA translation. Support for this can be added in a follow on patch series.
(CVE-2024-26761)
In the Linux kernel, the following vulnerability has been resolved: dm-crypt: don’t modify the data when using authenticated encryption It was said that authenticated encryption could produce invalid tag when the data that is being encrypted is modified [1]. So, fix this problem by copying the data into the clone bio first and then encrypt them inside the clone bio. This may reduce performance, but it is needed to prevent the user from corrupting the device by writing data with O_DIRECT and modifying them at the same time. [1] https://lore.kernel.org/all/[email protected]/T/ (CVE-2024-26763)
In the Linux kernel, the following vulnerability has been resolved: fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio If kiocb_set_cancel_fn() is called for I/O submitted via io_uring, the following kernel warning appears: WARNING: CPU: 3 PID: 368 at fs/aio.c:598 kiocb_set_cancel_fn+0x9c/0xa8 Call trace: kiocb_set_cancel_fn+0x9c/0xa8 ffs_epfile_read_iter+0x144/0x1d0 io_read+0x19c/0x498 io_issue_sqe+0x118/0x27c io_submit_sqes+0x25c/0x5fc __arm64_sys_io_uring_enter+0x104/0xab0 invoke_syscall+0x58/0x11c el0_svc_common+0xb4/0xf4 do_el0_svc+0x2c/0xb0 el0_svc+0x2c/0xa4 el0t_64_sync_handler+0x68/0xb4 el0t_64_sync+0x1a4/0x1a8 Fix this by setting the IOCB_AIO_RW flag for read and write I/O that is submitted by libaio. (CVE-2024-26764)
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Disable IRQ before init_fn() for nonboot CPUs Disable IRQ before init_fn() for nonboot CPUs when hotplug, in order to silence such warnings (and also avoid potential errors due to unexpected interrupts): WARNING: CPU: 1 PID: 0 at kernel/rcu/tree.c:4503 rcu_cpu_starting+0x214/0x280 CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.6.17+ #1198 pc 90000000048e3334 ra 90000000047bd56c tp 900000010039c000 sp 900000010039fdd0 a0 0000000000000001 a1 0000000000000006 a2 900000000802c040 a3 0000000000000000 a4 0000000000000001 a5 0000000000000004 a6 0000000000000000 a7 90000000048e3f4c t0 0000000000000001 t1 9000000005c70968 t2 0000000004000000 t3 000000000005e56e t4 00000000000002e4 t5 0000000000001000 t6 ffffffff80000000 t7 0000000000040000 t8 9000000007931638 u0 0000000000000006 s9 0000000000000004 s0 0000000000000001 s1 9000000006356ac0 s2 9000000007244000 s3 0000000000000001 s4 0000000000000001 s5 900000000636f000 s6 7fffffffffffffff s7 9000000002123940 s8 9000000001ca55f8 ra: 90000000047bd56c tlb_init+0x24c/0x528 ERA: 90000000048e3334 rcu_cpu_starting+0x214/0x280 CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE) PRMD: 00000000 (PPLV0
-PIE -PWE) EUEN: 00000000 (-FPE -SXE -ASXE -BTE) ECFG: 00071000 (LIE=12 VS=7) ESTAT: 000c0000 [BRK] (IS= ECode=12 EsubCode=0) PRID: 0014c010 (Loongson-64bit, Loongson-3A5000) CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.6.17+ #1198 Stack : 0000000000000000 9000000006375000 9000000005b61878 900000010039c000 900000010039fa30 0000000000000000 900000010039fa38 900000000619a140 9000000006456888 9000000006456880 900000010039f950 0000000000000001 0000000000000001 cb0cb028ec7e52e1 0000000002b90000 9000000100348700 0000000000000000 0000000000000001 ffffffff916d12f1 0000000000000003 0000000000040000 9000000007930370 0000000002b90000 0000000000000004 9000000006366000 900000000619a140 0000000000000000 0000000000000004 0000000000000000 0000000000000009 ffffffffffc681f2 9000000002123940 9000000001ca55f8 9000000006366000 90000000047a4828 00007ffff057ded8 00000000000000b0 0000000000000000 0000000000000000 0000000000071000 …
Call Trace: [<90000000047a4828>] show_stack+0x48/0x1a0 [<9000000005b61874>] dump_stack_lvl+0x84/0xcc [<90000000047f60ac>] __warn+0x8c/0x1e0 [<9000000005b0ab34>] report_bug+0x1b4/0x280 [<9000000005b63110>] do_bp+0x2d0/0x480 [<90000000047a2e20>] handle_bp+0x120/0x1c0 [<90000000048e3334>] rcu_cpu_starting+0x214/0x280 [<90000000047bd568>] tlb_init+0x248/0x528 [<90000000047a4c44>] per_cpu_trap_init+0x124/0x160 [<90000000047a19f4>] cpu_probe+0x494/0xa00 [<90000000047b551c>] start_secondary+0x3c/0xc0 [<9000000005b66134>] smpboot_entry+0x50/0x58 (CVE-2024-26765)
In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix sdma.h tx->num_descs off- by-one error Unfortunately the commit fd8958efe877
introduced another error causing the descs
array to overflow. This reults in further crashes easily reproducible by sendmsg
system call. [ 1080.836473] general protection fault, probably for non-canonical address 0x400300015528b00a: 0000 [#1] PREEMPT SMP PTI [ 1080.869326] RIP: 0010:hfi1_ipoib_build_ib_tx_headers.constprop.0+0xe1/0x2b0 [hfi1] – [ 1080.974535] Call Trace: [ 1080.976990] <TASK> [ 1081.021929] hfi1_ipoib_send_dma_common+0x7a/0x2e0 [hfi1] [ 1081.027364] hfi1_ipoib_send_dma_list+0x62/0x270 [hfi1] [ 1081.032633] hfi1_ipoib_send+0x112/0x300 [hfi1] [ 1081.042001] ipoib_start_xmit+0x2a9/0x2d0 [ib_ipoib] [ 1081.046978] dev_hard_start_xmit+0xc4/0x210 – [ 1081.148347] __sys_sendmsg+0x59/0xa0 crash> ipoib_txreq 0xffff9cfeba229f00 struct ipoib_txreq { txreq = { list = { next = 0xffff9cfeba229f00, prev = 0xffff9cfeba229f00 }, descp = 0xffff9cfeba229f40, coalesce_buf = 0x0, wait = 0xffff9cfea4e69a48, complete = 0xffffffffc0fe0760 <hfi1_ipoib_sdma_complete>, packet_len = 0x46d, tlen = 0x0, num_desc = 0x0, desc_limit = 0x6, next_descq_idx = 0x45c, coalesce_idx = 0x0, flags = 0x0, descs = {{ qw = {0x8024000120dffb00, 0x4} # SDMA_DESC0_FIRST_DESC_FLAG (bit 63) }, { qw = { 0x3800014231b108, 0x4} }, { qw = { 0x310000e4ee0fcf0, 0x8} }, { qw = { 0x3000012e9f8000, 0x8} }, { qw = { 0x59000dfb9d0000, 0x8} }, { qw = { 0x78000e02e40000, 0x8} }} }, sdma_hdr = 0x400300015528b000, <<< invalid pointer in the tx request structure sdma_status = 0x0, SDMA_DESC0_LAST_DESC_FLAG (bit 62) complete = 0x0, priv = 0x0, txq = 0xffff9cfea4e69880, skb = 0xffff9d099809f400 } If an SDMA send consists of exactly 6 descriptors and requires dword padding (in the 7th descriptor), the sdma_txreq descriptor array is not properly expanded and the packet will overflow into the container structure. This results in a panic when the send completion runs. The exact panic varies depending on what elements of the container structure get corrupted. The fix is to use the correct expression in _pad_sdma_tx_descs() to test the need to expand the descriptor array. With this patch the crashes are no longer reproducible and the machine is stable.
(CVE-2024-26766)
In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: avoid deadlock on delete association path When deleting an association the shutdown path is deadlocking because we try to flush the nvmet_wq nested. Avoid this by deadlock by deferring the put work into its own work item. (CVE-2024-26769)
In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: edma: Add some null pointer checks to the edma_probe devm_kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by checking the pointer validity.
(CVE-2024-26771)
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Places the logic for checking if the group’s block bitmap is corrupt under the protection of the group lock to avoid allocating blocks from the group with a corrupted block bitmap. (CVE-2024-26772)
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() Determine if the group block bitmap is corrupted before using ac_b_ex in ext4_mb_try_best_found() to avoid allocating blocks from a group with a corrupted block bitmap in the following concurrency and making the situation worse. ext4_mb_regular_allocator ext4_lock_group(sb, group) ext4_mb_good_group // check if the group bbitmap is corrupted ext4_mb_complex_scan_group // Scan group gets ac_b_ex but doesn’t use it ext4_unlock_group(sb, group) ext4_mark_group_bitmap_corrupted(group) // The block bitmap was corrupted during // the group unlock gap. ext4_mb_try_best_found ext4_lock_group(ac->ac_sb, group) ext4_mb_use_best_found mb_mark_used // Allocating blocks in block bitmap corrupted group (CVE-2024-26773)
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt Determine if bb_fragments is 0 instead of determining bb_free to eliminate the risk of dividing by zero when the block bitmap is corrupted.
(CVE-2024-26774)
In the Linux kernel, the following vulnerability has been resolved: aoe: avoid potential deadlock at set_capacity Move set_capacity() outside of the section procected by (&d->lock). To avoid possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- [1] lock(&bdev->bd_size_lock); local_irq_disable();
[2] lock(&d->lock); [3] lock(&bdev->bd_size_lock); <Interrupt> [4] lock(&d->lock); *** DEADLOCK*** Where 1 hold by zram_add()->set_capacity(). [2]lock(&d->lock) hold by aoeblk_gdalloc().
And aoeblk_gdalloc() is trying to acquire 3 at set_capacity() call. In this situation an attempt to acquire [4]lock(&d->lock) from aoecmd_cfg_rsp() will lead to deadlock. So the simplest solution is breaking lock dependency 2 -> 3 by moving set_capacity() outside. (CVE-2024-26775)
In the Linux kernel, the following vulnerability has been resolved: spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected Return IRQ_NONE from the interrupt handler when no interrupt was detected.
Because an empty interrupt will cause a null pointer error: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 Call trace: complete+0x54/0x100 hisi_sfc_v3xx_isr+0x2c/0x40 [spi_hisi_sfc_v3xx] __handle_irq_event_percpu+0x64/0x1e0 handle_irq_event+0x7c/0x1cc (CVE-2024-26776)
In the Linux kernel, the following vulnerability has been resolved: fbdev: sis: Error out if pixclock equals zero The userspace program could pass any values to the driver through ioctl() interface. If the driver doesn’t check the value of pixclock, it may cause divide-by-zero error. In sisfb_check_var(), var->pixclock is used as a divisor to caculate drate before it is checked against zero. Fix this by checking it at the beginning. This is similar to CVE-2022-3061 in i740fb which was fixed by commit 15cf0b8. (CVE-2024-26777)
In the Linux kernel, the following vulnerability has been resolved: fbdev: savage: Error out if pixclock equals zero The userspace program could pass any values to the driver through ioctl() interface. If the driver doesn’t check the value of pixclock, it may cause divide-by-zero error. Although pixclock is checked in savagefb_decode_var(), but it is not checked properly in savagefb_probe(). Fix this by checking whether pixclock is zero in the function savagefb_check_var() before info->var.pixclock is used as the divisor. This is similar to CVE-2022-3061 in i740fb which was fixed by commit 15cf0b8. (CVE-2024-26778)
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix race condition on enabling fast-xmit fast-xmit must only be enabled after the sta has been uploaded to the driver, otherwise it could end up passing the not-yet-uploaded sta via drv_tx calls to the driver, leading to potential crashes because of uninitialized drv_priv data. Add a missing sta->uploaded check and re-check fast xmit after inserting a sta. (CVE-2024-26779)
In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix task hung while purging oob_skb in GC. syzbot reported a task hung; at the same time, GC was looping infinitely in list_for_each_entry_safe() for OOB skb. [0] syzbot demonstrated that the list_for_each_entry_safe() was not actually safe in this case. A single skb could have references for multiple sockets. If we free such a skb in the list_for_each_entry_safe(), the current and next sockets could be unlinked in a single iteration. unix_notinflight() uses list_del_init() to unlink the socket, so the prefetched next socket forms a loop itself and list_for_each_entry_safe() never stops. Here, we must use while() and make sure we always fetch the first socket. [0]: Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID:
5065 Comm: syz-executor236 Not tainted 6.8.0-rc3-syzkaller-00136-g1f719a2f3fa6 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 RIP: 0010:preempt_count arch/x86/include/asm/preempt.h:26 [inline] RIP: 0010:check_kcov_mode kernel/kcov.c:173 [inline] RIP:
0010:__sanitizer_cov_trace_pc+0xd/0x60 kernel/kcov.c:207 Code: cc cc cc cc 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 65 48 8b 14 25 40 c2 03 00 <65> 8b 05 b4 7c 78 7e a9 00 01 ff 00 48 8b 34 24 74 0f f6 c4 01 74 RSP: 0018:ffffc900033efa58 EFLAGS: 00000283 RAX:
ffff88807b077800 RBX: ffff88807b077800 RCX: 1ffffffff27b1189 RDX: ffff88802a5a3b80 RSI: ffffffff8968488d RDI: ffff88807b077f70 RBP: ffffc900033efbb0 R08: 0000000000000001 R09: fffffbfff27a900c R10:
ffffffff93d48067 R11: ffffffff8ae000eb R12: ffff88807b077800 R13: dffffc0000000000 R14: ffff88807b077e40 R15: 0000000000000001 FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000564f4fc1e3a8 CR3: 000000000d57a000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6:
00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <NMI> </NMI> <TASK> unix_gc+0x563/0x13b0 net/unix/garbage.c:319 unix_release_sock+0xa93/0xf80 net/unix/af_unix.c:683 unix_release+0x91/0xf0 net/unix/af_unix.c:1064 __sock_release+0xb0/0x270 net/socket.c:659 sock_close+0x1c/0x30 net/socket.c:1421
__fput+0x270/0xb80 fs/file_table.c:376 task_work_run+0x14f/0x250 kernel/task_work.c:180 exit_task_work include/linux/task_work.h:38 [inline] do_exit+0xa8a/0x2ad0 kernel/exit.c:871 do_group_exit+0xd4/0x2a0 kernel/exit.c:1020 __do_sys_exit_group kernel/exit.c:1031 [inline] __se_sys_exit_group kernel/exit.c:1029 [inline] __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1029 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd5/0x270 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x6f/0x77 RIP:
0033:0x7f9d6cbdac09 Code: Unable to access opcode bytes at 0x7f9d6cbdabdf. RSP: 002b:00007fff5952feb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 0000000000000000 RCX:
00007f9d6cbdac09 RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 RBP: 00007f9d6cc552b0 R08: ffffffffffffffb8 R09: 0000000000000006 R10: 0000000000000006 R11: 0000000000000246 R12:
00007f9d6cc552b0 R13: 0000000000000000 R14: 00007f9d6cc55d00 R15: 00007f9d6cbabe70 </TASK> (CVE-2024-26780)
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix possible deadlock in subflow diag Syzbot and Eric reported a lockdep splat in the subflow diag: WARNING: possible circular locking dependency detected 6.8.0-rc4-syzkaller-00212-g40b9385dd8e6 #0 Not tainted syz-executor.2/24141 is trying to acquire lock: ffff888045870130 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: tcp_diag_put_ulp net/ipv4/tcp_diag.c:100 [inline] ffff888045870130 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at:
tcp_diag_get_aux+0x738/0x830 net/ipv4/tcp_diag.c:137 but task is already holding lock: ffffc9000135e488 (&h->lhash2[i].lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline] ffffc9000135e488 (&h->lhash2[i].lock){+.+.}-{2:2}, at: inet_diag_dump_icsk+0x39f/0x1f80 net/ipv4/inet_diag.c:1038 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&h->lhash2[i].lock){+.+.}-{2:2}: lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] __inet_hash+0x335/0xbe0 net/ipv4/inet_hashtables.c:743 inet_csk_listen_start+0x23a/0x320 net/ipv4/inet_connection_sock.c:1261 __inet_listen_sk+0x2a2/0x770 net/ipv4/af_inet.c:217 inet_listen+0xa3/0x110 net/ipv4/af_inet.c:239 rds_tcp_listen_init+0x3fd/0x5a0 net/rds/tcp_listen.c:316 rds_tcp_init_net+0x141/0x320 net/rds/tcp.c:577 ops_init+0x352/0x610 net/core/net_namespace.c:136 __register_pernet_operations net/core/net_namespace.c:1214 [inline] register_pernet_operations+0x2cb/0x660 net/core/net_namespace.c:1283 register_pernet_device+0x33/0x80 net/core/net_namespace.c:1370 rds_tcp_init+0x62/0xd0 net/rds/tcp.c:735 do_one_initcall+0x238/0x830 init/main.c:1236 do_initcall_level+0x157/0x210 init/main.c:1298 do_initcalls+0x3f/0x80 init/main.c:1314 kernel_init_freeable+0x42f/0x5d0 init/main.c:1551 kernel_init+0x1d/0x2a0 init/main.c:1441 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:242 -> #0 (k-sk_lock-AF_INET6){+.+.}-{0:0}: check_prev_add kernel/locking/lockdep.c:3134 [inline] check_prevs_add kernel/locking/lockdep.c:3253 [inline] validate_chain+0x18ca/0x58e0 kernel/locking/lockdep.c:3869 __lock_acquire+0x1345/0x1fd0 kernel/locking/lockdep.c:5137 lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754 lock_sock_fast include/net/sock.h:1723 [inline] subflow_get_info+0x166/0xd20 net/mptcp/diag.c:28 tcp_diag_put_ulp net/ipv4/tcp_diag.c:100 [inline] tcp_diag_get_aux+0x738/0x830 net/ipv4/tcp_diag.c:137 inet_sk_diag_fill+0x10ed/0x1e00 net/ipv4/inet_diag.c:345 inet_diag_dump_icsk+0x55b/0x1f80 net/ipv4/inet_diag.c:1061 __inet_diag_dump+0x211/0x3a0 net/ipv4/inet_diag.c:1263 inet_diag_dump_compat+0x1c1/0x2d0 net/ipv4/inet_diag.c:1371 netlink_dump+0x59b/0xc80 net/netlink/af_netlink.c:2264 __netlink_dump_start+0x5df/0x790 net/netlink/af_netlink.c:2370 netlink_dump_start include/linux/netlink.h:338 [inline] inet_diag_rcv_msg_compat+0x209/0x4c0 net/ipv4/inet_diag.c:1405 sock_diag_rcv_msg+0xe7/0x410 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543 sock_diag_rcv+0x2a/0x40 net/core/sock_diag.c:280 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline] netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367 netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg+0x221/0x270 net/socket.c:745 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584 ___sys_sendmsg net/socket.c:2638 [inline] __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667 do_syscall_64+0xf9/0x240 entry_SYSCALL_64_after_hwframe+0x6f/0x77 As noted by Eric we can break the lock dependency chain avoid dumping —truncated— (CVE-2024-26781)
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix double-free on socket dismantle when MPTCP server accepts an incoming connection, it clones its listener socket. However, the pointer to ‘inet_opt’ for the new socket has the same value as the original one: as a consequence, on program exit it’s possible to observe the following splat: BUG: KASAN: double-free in inet_sock_destruct+0x54f/0x8b0 Free of addr ffff888485950880 by task swapper/25/0 CPU: 25 PID: 0 Comm:
swapper/25 Kdump: loaded Not tainted 6.8.0-rc1+ #609 Hardware name: Supermicro SYS-6027R-72RF/X9DRH-7TF/7F/iTF/iF, BIOS 3.0 07/26/2013 Call Trace: <IRQ> dump_stack_lvl+0x32/0x50 print_report+0xca/0x620 kasan_report_invalid_free+0x64/0x90 __kasan_slab_free+0x1aa/0x1f0 kfree+0xed/0x2e0 inet_sock_destruct+0x54f/0x8b0 __sk_destruct+0x48/0x5b0 rcu_do_batch+0x34e/0xd90 rcu_core+0x559/0xac0
__do_softirq+0x183/0x5a4 irq_exit_rcu+0x12d/0x170 sysvec_apic_timer_interrupt+0x6b/0x80 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x16/0x20 RIP: 0010:cpuidle_enter_state+0x175/0x300 Code: 30 00 0f 84 1f 01 00 00 83 e8 01 83 f8 ff 75 e5 48 83 c4 18 44 89 e8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc fb 45 85 ed <0f> 89 60 ff ff ff 48 c1 e5 06 48 c7 43 18 00 00 00 00 48 83 44 2b RSP: 0018:ffff888481cf7d90 EFLAGS: 00000202 RAX: 0000000000000000 RBX: ffff88887facddc8 RCX: 0000000000000000 RDX: 1ffff1110ff588b1 RSI: 0000000000000019 RDI: ffff88887fac4588 RBP: 0000000000000004 R08: 0000000000000002 R09:
0000000000043080 R10: 0009b02ea273363f R11: ffff88887fabf42b R12: ffffffff932592e0 R13: 0000000000000004 R14: 0000000000000000 R15: 00000022c880ec80 cpuidle_enter+0x4a/0xa0 do_idle+0x310/0x410 cpu_startup_entry+0x51/0x60 start_secondary+0x211/0x270 secondary_startup_64_no_verify+0x184/0x18b </TASK> Allocated by task 6853: kasan_save_stack+0x1c/0x40 kasan_save_track+0x10/0x30 __kasan_kmalloc+0xa6/0xb0
__kmalloc+0x1eb/0x450 cipso_v4_sock_setattr+0x96/0x360 netlbl_sock_setattr+0x132/0x1f0 selinux_netlbl_socket_post_create+0x6c/0x110 selinux_socket_post_create+0x37b/0x7f0 security_socket_post_create+0x63/0xb0 __sock_create+0x305/0x450 __sys_socket_create.part.23+0xbd/0x130
__sys_socket+0x37/0xb0 __x64_sys_socket+0x6f/0xb0 do_syscall_64+0x83/0x160 entry_SYSCALL_64_after_hwframe+0x6e/0x76 Freed by task 6858: kasan_save_stack+0x1c/0x40 kasan_save_track+0x10/0x30 kasan_save_free_info+0x3b/0x60 __kasan_slab_free+0x12c/0x1f0 kfree+0xed/0x2e0 inet_sock_destruct+0x54f/0x8b0 __sk_destruct+0x48/0x5b0 subflow_ulp_release+0x1f0/0x250 tcp_cleanup_ulp+0x6e/0x110 tcp_v4_destroy_sock+0x5a/0x3a0 inet_csk_destroy_sock+0x135/0x390 tcp_fin+0x416/0x5c0 tcp_data_queue+0x1bc8/0x4310 tcp_rcv_state_process+0x15a3/0x47b0 tcp_v4_do_rcv+0x2c1/0x990 tcp_v4_rcv+0x41fb/0x5ed0 ip_protocol_deliver_rcu+0x6d/0x9f0 ip_local_deliver_finish+0x278/0x360 ip_local_deliver+0x182/0x2c0 ip_rcv+0xb5/0x1c0
__netif_receive_skb_one_core+0x16e/0x1b0 process_backlog+0x1e3/0x650 __napi_poll+0xa6/0x500 net_rx_action+0x740/0xbb0 __do_softirq+0x183/0x5a4 The buggy address belongs to the object at ffff888485950880 which belongs to the cache kmalloc-64 of size 64 The buggy address is located 0 bytes inside of 64-byte region [ffff888485950880, ffff8884859508c0) The buggy address belongs to the physical page: page:0000000056d1e95e refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888485950700 pfn:0x485950 flags: 0x57ffffc0000800(slab|node=1|zone=2|lastcpupid=0x1fffff) page_type: 0xffffffff() raw:
0057ffffc0000800 ffff88810004c640 ffffea00121b8ac0 dead000000000006 raw: ffff888485950700 0000000000200019 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff888485950780: fa fb fb —truncated— (CVE-2024-26782)
In the Linux kernel, the following vulnerability has been resolved: mmc: mmci: stm32: fix DMA API overlapping mappings warning Turning on CONFIG_DMA_API_DEBUG_SG results in the following warning: DMA-API:
mmci-pl18x 48220000.mmc: cacheline tracking EEXIST, overlapping mappings aren’t supported WARNING: CPU: 1 PID: 51 at kernel/dma/debug.c:568 add_dma_entry+0x234/0x2f4 Modules linked in: CPU: 1 PID: 51 Comm:
kworker/1:2 Not tainted 6.1.28 #1 Hardware name: STMicroelectronics STM32MP257F-EV1 Evaluation Board (DT) Workqueue: events_freezable mmc_rescan Call trace: add_dma_entry+0x234/0x2f4 debug_dma_map_sg+0x198/0x350
__dma_map_sg_attrs+0xa0/0x110 dma_map_sg_attrs+0x10/0x2c sdmmc_idma_prep_data+0x80/0xc0 mmci_prep_data+0x38/0x84 mmci_start_data+0x108/0x2dc mmci_request+0xe4/0x190
__mmc_start_request+0x68/0x140 mmc_start_request+0x94/0xc0 mmc_wait_for_req+0x70/0x100 mmc_send_tuning+0x108/0x1ac sdmmc_execute_tuning+0x14c/0x210 mmc_execute_tuning+0x48/0xec mmc_sd_init_uhs_card.part.0+0x208/0x464 mmc_sd_init_card+0x318/0x89c mmc_attach_sd+0xe4/0x180 mmc_rescan+0x244/0x320 DMA API debug brings to light leaking dma-mappings as dma_map_sg and dma_unmap_sg are not correctly balanced. If an error occurs in mmci_cmd_irq function, only mmci_dma_error function is called and as this API is not managed on stm32 variant, dma_unmap_sg is never called in this error path.
(CVE-2024-26787)
In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: init irq after reg initialization Initialize the qDMA irqs after the registers are configured so that interrupts that may have been pending from a primary kernel don’t get processed by the irq handler before it is ready to and cause panic with the following trace: Call trace: fsl_qdma_queue_handler+0xf8/0x3e8
__handle_irq_event_percpu+0x78/0x2b0 handle_irq_event_percpu+0x1c/0x68 handle_irq_event+0x44/0x78 handle_fasteoi_irq+0xc8/0x178 generic_handle_irq+0x24/0x38 __handle_domain_irq+0x90/0x100 gic_handle_irq+0x5c/0xb8 el1_irq+0xb8/0x180 _raw_spin_unlock_irqrestore+0x14/0x40 __setup_irq+0x4bc/0x798 request_threaded_irq+0xd8/0x190 devm_request_threaded_irq+0x74/0xe8 fsl_qdma_probe+0x4d4/0xca8 platform_drv_probe+0x50/0xa0 really_probe+0xe0/0x3f8 driver_probe_device+0x64/0x130 device_driver_attach+0x6c/0x78 __driver_attach+0xbc/0x158 bus_for_each_dev+0x5c/0x98 driver_attach+0x20/0x28 bus_add_driver+0x158/0x220 driver_register+0x60/0x110
__platform_driver_register+0x44/0x50 fsl_qdma_driver_init+0x18/0x20 do_one_initcall+0x48/0x258 kernel_init_freeable+0x1a4/0x23c kernel_init+0x10/0xf8 ret_from_fork+0x10/0x18 (CVE-2024-26788)
In the Linux kernel, the following vulnerability has been resolved: crypto: arm64/neonbs - fix out-of- bounds access on short input The bit-sliced implementation of AES-CTR operates on blocks of 128 bytes, and will fall back to the plain NEON version for tail blocks or inputs that are shorter than 128 bytes to begin with. It will call straight into the plain NEON asm helper, which performs all memory accesses in granules of 16 bytes (the size of a NEON register). For this reason, the associated plain NEON glue code will copy inputs shorter than 16 bytes into a temporary buffer, given that this is a rare occurrence and it is not worth the effort to work around this in the asm code. The fallback from the bit-sliced NEON version fails to take this into account, potentially resulting in out-of-bounds accesses. So clone the same workaround, and use a temp buffer for short in/outputs. (CVE-2024-26789)
In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read There is chip (ls1028a) errata: The SoC may hang on 16 byte unaligned read transactions by QDMA. Unaligned read transactions initiated by QDMA may stall in the NOC (Network On- Chip), causing a deadlock condition. Stalled transactions will trigger completion timeouts in PCIe controller. Workaround: Enable prefetch by setting the source descriptor prefetchable bit ( SD[PF] = 1 ).
Implement this workaround. (CVE-2024-26790)
In the Linux kernel, the following vulnerability has been resolved: btrfs: dev-replace: properly validate device names There’s a syzbot report that device name buffers passed to device replace are not properly checked for string termination which could lead to a read out of bounds in getname_kernel(). Add a helper that validates both source and target device name buffers. For devid as the source initialize the buffer to empty string in case something tries to read it later. This was originally analyzed and fixed in a different way by Edward Adam Davis (see links). (CVE-2024-26791)
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free of anonymous device after snapshot creation failure When creating a snapshot we may do a double free of an anonymous device in case there’s an error committing the transaction. The second free may result in freeing an anonymous device number that was allocated by some other subsystem in the kernel or another btrfs filesystem. The steps that lead to this: 1) At ioctl.c:create_snapshot() we allocate an anonymous device number and assign it to pending_snapshot->anon_dev; 2) Then we call btrfs_commit_transaction() and end up at transaction.c:create_pending_snapshot(); 3) There we call btrfs_get_new_fs_root() and pass it the anonymous device number stored in pending_snapshot->anon_dev; 4) btrfs_get_new_fs_root() frees that anonymous device number because btrfs_lookup_fs_root() returned a root - someone else did a lookup of the new root already, which could some task doing backref walking; 5) After that some error happens in the transaction commit path, and at ioctl.c:create_snapshot() we jump to the ‘fail’ label, and after that we free again the same anonymous device number, which in the meanwhile may have been reallocated somewhere else, because pending_snapshot->anon_dev still has the same value as in step 1. Recently syzbot ran into this and reported the following trace: ------------[ cut here ]------------ ida_free called for id=51 which is not allocated. WARNING: CPU: 1 PID: 31038 at lib/idr.c:525 ida_free+0x370/0x420 lib/idr.c:525 Modules linked in: CPU: 1 PID: 31038 Comm: syz-executor.2 Not tainted 6.8.0-rc4-syzkaller-00410-gc02197fc9076 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 RIP: 0010:ida_free+0x370/0x420 lib/idr.c:525 Code: 10 42 80 3c 28 (…) RSP: 0018:ffffc90015a67300 EFLAGS: 00010246 RAX: be5130472f5dd000 RBX: 0000000000000033 RCX:
0000000000040000 RDX: ffffc90009a7a000 RSI: 000000000003ffff RDI: 0000000000040000 RBP: ffffc90015a673f0 R08: ffffffff81577992 R09: 1ffff92002b4cdb4 R10: dffffc0000000000 R11: fffff52002b4cdb5 R12:
0000000000000246 R13: dffffc0000000000 R14: ffffffff8e256b80 R15: 0000000000000246 FS:
00007fca3f4b46c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033 CR2: 00007f167a17b978 CR3: 000000001ed26000 CR4: 0000000000350ef0 Call Trace: <TASK> btrfs_get_root_ref+0xa48/0xaf0 fs/btrfs/disk-io.c:1346 create_pending_snapshot+0xff2/0x2bc0 fs/btrfs/transaction.c:1837 create_pending_snapshots+0x195/0x1d0 fs/btrfs/transaction.c:1931 btrfs_commit_transaction+0xf1c/0x3740 fs/btrfs/transaction.c:2404 create_snapshot+0x507/0x880 fs/btrfs/ioctl.c:848 btrfs_mksubvol+0x5d0/0x750 fs/btrfs/ioctl.c:998 btrfs_mksnapshot+0xb5/0xf0 fs/btrfs/ioctl.c:1044 __btrfs_ioctl_snap_create+0x387/0x4b0 fs/btrfs/ioctl.c:1306 btrfs_ioctl_snap_create_v2+0x1ca/0x400 fs/btrfs/ioctl.c:1393 btrfs_ioctl+0xa74/0xd40 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:871 [inline] __se_sys_ioctl+0xfe/0x170 fs/ioctl.c:857 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6f/0x77 RIP: 0033:0x7fca3e67dda9 Code: 28 00 00 00 (…) RSP: 002b:00007fca3f4b40c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX:
00007fca3e7abf80 RCX: 00007fca3e67dda9 RDX: 00000000200005c0 RSI: 0000000050009417 RDI: 0000000000000003 RBP: 00007fca3e6ca47a R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11:
0000000000000246 R12: 0000000000000000 R13: 000000000000000b R14: 00007fca3e7abf80 R15: 00007fff6bf95658 </TASK> Where we get an explicit message where we attempt to free an anonymous device number that is not currently allocated. It happens in a different code path from the example below, at btrfs_get_root_ref(), so this change may not fix the case triggered by sy —truncated— (CVE-2024-26792)
In the Linux kernel, the following vulnerability has been resolved: gtp: fix use-after-free and null-ptr- deref in gtp_newlink() The gtp_link_ops operations structure for the subsystem must be registered after registering the gtp_net_ops pernet operations structure. Syzkaller hit ‘general protection fault in gtp_genl_dump_pdp’ bug: [ 1010.702740] gtp: GTP module unloaded [ 1010.715877] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] SMP KASAN NOPTI [ 1010.715888] KASAN:
null-ptr-deref in range [0x0000000000000008-0x000000000000000f] [ 1010.715895] CPU: 1 PID: 128616 Comm:
a.out Not tainted 6.8.0-rc6-std-def-alt1 #1 [ 1010.715899] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-alt1 04/01/2014 [ 1010.715908] RIP: 0010:gtp_newlink+0x4d7/0x9c0 [gtp] [ 1010.715915] Code: 80 3c 02 00 0f 85 41 04 00 00 48 8b bb d8 05 00 00 e8 ed f6 ff ff 48 89 c2 48 89 c5 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 4f 04 00 00 4c 89 e2 4c 8b 6d 00 48 b8 00 00 00 [ 1010.715920] RSP: 0018:ffff888020fbf180 EFLAGS: 00010203 [ 1010.715929] RAX: dffffc0000000000 RBX:
ffff88800399c000 RCX: 0000000000000000 [ 1010.715933] RDX: 0000000000000001 RSI: ffffffff84805280 RDI:
0000000000000282 [ 1010.715938] RBP: 000000000000000d R08: 0000000000000001 R09: 0000000000000000 [ 1010.715942] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800399cc80 [ 1010.715947] R13:
0000000000000000 R14: 0000000000000000 R15: 0000000000000400 [ 1010.715953] FS: 00007fd1509ab5c0(0000) GS:ffff88805b300000(0000) knlGS:0000000000000000 [ 1010.715958] CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033 [ 1010.715962] CR2: 0000000000000000 CR3: 000000001c07a000 CR4: 0000000000750ee0 [ 1010.715968] PKRU: 55555554 [ 1010.715972] Call Trace: [ 1010.715985] ? __die_body.cold+0x1a/0x1f [ 1010.715995] ? die_addr+0x43/0x70 [ 1010.716002] ? exc_general_protection+0x199/0x2f0 [ 1010.716016] ? asm_exc_general_protection+0x1e/0x30 [ 1010.716026] ? gtp_newlink+0x4d7/0x9c0 [gtp] [ 1010.716034] ? gtp_net_exit+0x150/0x150 [gtp] [ 1010.716042] __rtnl_newlink+0x1063/0x1700 [ 1010.716051] ? rtnl_setlink+0x3c0/0x3c0 [ 1010.716063] ? is_bpf_text_address+0xc0/0x1f0 [ 1010.716070] ? kernel_text_address.part.0+0xbb/0xd0 [ 1010.716076] ? __kernel_text_address+0x56/0xa0 [ 1010.716084] ? unwind_get_return_address+0x5a/0xa0 [ 1010.716091] ? create_prof_cpu_mask+0x30/0x30 [ 1010.716098] ? arch_stack_walk+0x9e/0xf0 [ 1010.716106] ? stack_trace_save+0x91/0xd0 [ 1010.716113] ? stack_trace_consume_entry+0x170/0x170 [ 1010.716121] ? __lock_acquire+0x15c5/0x5380 [ 1010.716139] ? mark_held_locks+0x9e/0xe0 [ 1010.716148] ? kmem_cache_alloc_trace+0x35f/0x3c0 [ 1010.716155] ?
__rtnl_newlink+0x1700/0x1700 [ 1010.716160] rtnl_newlink+0x69/0xa0 [ 1010.716166] rtnetlink_rcv_msg+0x43b/0xc50 [ 1010.716172] ? rtnl_fdb_dump+0x9f0/0x9f0 [ 1010.716179] ? lock_acquire+0x1fe/0x560 [ 1010.716188] ? netlink_deliver_tap+0x12f/0xd50 [ 1010.716196] netlink_rcv_skb+0x14d/0x440 [ 1010.716202] ? rtnl_fdb_dump+0x9f0/0x9f0 [ 1010.716208] ? netlink_ack+0xab0/0xab0 [ 1010.716213] ? netlink_deliver_tap+0x202/0xd50 [ 1010.716220] ? netlink_deliver_tap+0x218/0xd50 [ 1010.716226] ? __virt_addr_valid+0x30b/0x590 [ 1010.716233] netlink_unicast+0x54b/0x800 [ 1010.716240] ? netlink_attachskb+0x870/0x870 [ 1010.716248] ?
__check_object_size+0x2de/0x3b0 [ 1010.716254] netlink_sendmsg+0x938/0xe40 [ 1010.716261] ? netlink_unicast+0x800/0x800 [ 1010.716269] ? __import_iovec+0x292/0x510 [ 1010.716276] ? netlink_unicast+0x800/0x800 [ 1010.716284] __sock_sendmsg+0x159/0x190 [ 1010.716290]
____sys_sendmsg+0x712/0x880 [ 1010.716297] ? sock_write_iter+0x3d0/0x3d0 [ 1010.716304] ?
__ia32_sys_recvmmsg+0x270/0x270 [ 1010.716309] ? lock_acquire+0x1fe/0x560 [ 1010.716315] ? drain_array_locked+0x90/0x90 [ 1010.716324] ___sys_sendmsg+0xf8/0x170 [ 1010.716331] ? sendmsg_copy_msghdr+0x170/0x170 [ 1010.716337] ? lockdep_init_map —truncated— (CVE-2024-26793)
In the Linux kernel, the following vulnerability has been resolved: riscv: Sparse-Memory/vmemmap out-of- bounds fix Offset vmemmap so that the first page of vmemmap will be mapped to the first page of physical memory in order to ensure that vmemmap’s bounds will be respected during pfn_to_page()/page_to_pfn() operations. The conversion macros will produce correct SV39/48/57 addresses for every possible/valid DRAM_BASE inside the physical memory limits. v2:Address Alex’s comments (CVE-2024-26795)
In the Linux kernel, the following vulnerability has been resolved: fbcon: always restore the old font data in fbcon_do_set_font() Commit a5a923038d70 (fbdev: fbcon: Properly revert changes when vc_resize() failed) started restoring old font data upon failure (of vc_resize()). But it performs so only for user fonts. It means that the system/internal fonts are not restored at all. So in result, the very first call to fbcon_do_set_font() performs no restore at all upon failing vc_resize(). This can be reproduced by Syzkaller to crash the system on the next invocation of font_get(). It’s rather hard to hit the allocation failure in vc_resize() on the first font_set(), but not impossible. Esp. if fault injection is used to aid the execution/failure. It was demonstrated by Sirius: BUG: unable to handle page fault for address:
fffffffffffffff8 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD cb7b067 P4D cb7b067 PUD cb7d067 PMD 0 Oops: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 8007 Comm: poc Not tainted 6.7.0-g9d1694dc91ce #20 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:fbcon_get_font+0x229/0x800 drivers/video/fbdev/core/fbcon.c:2286 Call Trace: <TASK> con_font_get drivers/tty/vt/vt.c:4558 [inline] con_font_op+0x1fc/0xf20 drivers/tty/vt/vt.c:4673 vt_k_ioctl drivers/tty/vt/vt_ioctl.c:474 [inline] vt_ioctl+0x632/0x2ec0 drivers/tty/vt/vt_ioctl.c:752 tty_ioctl+0x6f8/0x1570 drivers/tty/tty_io.c:2803 vfs_ioctl fs/ioctl.c:51 [inline] … So restore the font data in any case, not only for user fonts. Note the later ‘if’ is now protected by ‘old_userfont’ and not ‘old_data’ as the latter is always set now. (And it is supposed to be non-NULL. Otherwise we would see the bug above again.) (CVE-2024-26798)
In the Linux kernel, the following vulnerability has been resolved: tls: fix use-after-free on failed backlog decryption When the decrypt request goes to the backlog and crypto_aead_decrypt returns -EBUSY, tls_do_decryption will wait until all async decryptions have completed. If one of them fails, tls_do_decryption will return -EBADMSG and tls_decrypt_sg jumps to the error path, releasing all the pages. But the pages have been passed to the async callback, and have already been released by tls_decrypt_done. The only true async case is when crypto_aead_decrypt returns -EINPROGRESS. With -EBUSY, we already waited so we can tell tls_sw_recvmsg that the data is available for immediate copy, but we need to notify tls_decrypt_sg (via the new ->async_done flag) that the memory has already been released.
(CVE-2024-26800)
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Avoid potential use-after- free in hci_error_reset While handling the HCI_EV_HARDWARE_ERROR event, if the underlying BT controller is not responding, the GPIO reset mechanism would free the hci_dev and lead to a use-after-free in hci_error_reset. Here’s the call trace observed on a ChromeOS device with Intel AX201:
queue_work_on+0x3e/0x6c __hci_cmd_sync_sk+0x2ee/0x4c0 [bluetooth <HASH:3b4a6>] ? init_wait_entry+0x31/0x31
__hci_cmd_sync+0x16/0x20 [bluetooth <HASH:3b4a 6>] hci_error_reset+0x4f/0xa4 [bluetooth <HASH:3b4a 6>] process_one_work+0x1d8/0x33f worker_thread+0x21b/0x373 kthread+0x13a/0x152 ? pr_cont_work+0x54/0x54 ? kthread_blkcg+0x31/0x31 ret_from_fork+0x1f/0x30 This patch holds the reference count on the hci_dev while processing a HCI_EV_HARDWARE_ERROR event to avoid potential crash. (CVE-2024-26801)
In the Linux kernel, the following vulnerability has been resolved: stmmac: Clear variable when destroying workqueue Currently when suspending driver and stopping workqueue it is checked whether workqueue is not NULL and if so, it is destroyed. Function destroy_workqueue() does drain queue and does clear variable, but it does not set workqueue variable to NULL. This can cause kernel/module panic if code attempts to clear workqueue that was not initialized. This scenario is possible when resuming suspended driver in stmmac_resume(), because there is no handling for failed stmmac_hw_setup(), which can fail and return if DMA engine has failed to initialize, and workqueue is initialized after DMA engine. Should DMA engine fail to initialize, resume will proceed normally, but interface won’t work and TX queue will eventually timeout, causing ‘Reset adapter’ error. This then does destroy workqueue during reset process. And since workqueue is initialized after DMA engine and can be skipped, it will cause kernel/module panic. To secure against this possible crash, set workqueue variable to NULL when destroying workqueue. Log/backtrace from crash goes as follows: [88.031977]------------[ cut here ]------------ [88.031985]NETDEV WATCHDOG: eth0 (sxgmac): transmit queue 1 timed out [88.032017]WARNING: CPU: 0 PID: 0 at net/sched/sch_generic.c:477 dev_watchdog+0x390/0x398 <Skipping backtrace for watchdog timeout> [88.032251]—[ end trace e70de432e4d5c2c0 ]— [88.032282]sxgmac 16d88000.ethernet eth0: Reset adapter. [88.036359]------------[ cut here ]------------ [88.036519]Call trace: [88.036523] flush_workqueue+0x3e4/0x430 [88.036528] drain_workqueue+0xc4/0x160 [88.036533] destroy_workqueue+0x40/0x270 [88.036537] stmmac_fpe_stop_wq+0x4c/0x70 [88.036541] stmmac_release+0x278/0x280 [88.036546]
__dev_close_many+0xcc/0x158 [88.036551] dev_close_many+0xbc/0x190 [88.036555] dev_close.part.0+0x70/0xc0 [88.036560] dev_close+0x24/0x30 [88.036564] stmmac_service_task+0x110/0x140 [88.036569] process_one_work+0x1d8/0x4a0 [88.036573] worker_thread+0x54/0x408 [88.036578] kthread+0x164/0x170 [88.036583] ret_from_fork+0x10/0x20 [88.036588]—[ end trace e70de432e4d5c2c1 ]— [88.036597]Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004 (CVE-2024-26802)
In the Linux kernel, the following vulnerability has been resolved: net: veth: clear GRO when clearing XDP even when down veth sets NETIF_F_GRO automatically when XDP is enabled, because both features use the same NAPI machinery. The logic to clear NETIF_F_GRO sits in veth_disable_xdp() which is called both on ndo_stop and when XDP is turned off. To avoid the flag from being cleared when the device is brought down, the clearing is skipped when IFF_UP is not set. Bringing the device down should indeed not modify its features. Unfortunately, this means that clearing is also skipped when XDP is disabled while the device is down. And there’s nothing on the open path to bring the device features back into sync. IOW if user enables XDP, disables it and then brings the device up we’ll end up with a stray GRO flag set but no NAPI instances. We don’t depend on the GRO flag on the datapath, so the datapath won’t crash. We will crash (or hang), however, next time features are sync’ed (either by user via ethtool or peer changing its config).
The GRO flag will go away, and veth will try to disable the NAPIs. But the open path never created them since XDP was off, the GRO flag was a stray. If NAPI was initialized before we’ll hang in napi_disable().
If it never was we’ll crash trying to stop uninitialized hrtimer. Move the GRO flag updates to the XDP enable / disable paths, instead of mixing them with the ndo_open / ndo_close paths. (CVE-2024-26803)
In the Linux kernel, the following vulnerability has been resolved: net: ip_tunnel: prevent perpetual headroom growth syzkaller triggered following kasan splat: BUG: KASAN: use-after-free in
__skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170 Read of size 1 at addr ffff88812fb4000e by task syz-executor183/5191 […] kasan_report+0xda/0x110 mm/kasan/report.c:588
__skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170 skb_flow_dissect_flow_keys include/linux/skbuff.h:1514 [inline] ___skb_get_hash net/core/flow_dissector.c:1791 [inline]
__skb_get_hash+0xc7/0x540 net/core/flow_dissector.c:1856 skb_get_hash include/linux/skbuff.h:1556 [inline] ip_tunnel_xmit+0x1855/0x33c0 net/ipv4/ip_tunnel.c:748 ipip_tunnel_xmit+0x3cc/0x4e0 net/ipv4/ipip.c:308
__netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3564 __dev_queue_xmit+0x7c1/0x3d60 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] neigh_connected_output+0x42c/0x5d0 net/core/neighbour.c:1592 … ip_finish_output2+0x833/0x2550 net/ipv4/ip_output.c:235 ip_finish_output+0x31/0x310 net/ipv4/ip_output.c:323 … iptunnel_xmit+0x5b4/0x9b0 net/ipv4/ip_tunnel_core.c:82 ip_tunnel_xmit+0x1dbc/0x33c0 net/ipv4/ip_tunnel.c:831 ipgre_xmit+0x4a1/0x980 net/ipv4/ip_gre.c:665 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3564 … The splat occurs because skb->data points past skb->head allocated area. This is because neigh layer does: __skb_pull(skb, skb_network_offset(skb)); …
but skb_network_offset() returns a negative offset and __skb_pull() arg is unsigned. IOW, we skb->data gets adjusted by a huge value. The negative value is returned because skb->head and skb->data distance is more than 64k and skb->network_header (u16) has wrapped around. The bug is in the ip_tunnel infrastructure, which can cause dev->needed_headroom to increment ad infinitum. The syzkaller reproducer consists of packets getting routed via a gre tunnel, and route of gre encapsulated packets pointing at another (ipip) tunnel. The ipip encapsulation finds gre0 as next output device. This results in the following pattern: 1). First packet is to be sent out via gre0. Route lookup found an output device, ipip0. 2). ip_tunnel_xmit for gre0 bumps gre0->needed_headroom based on the future output device, rt.dev->needed_headroom (ipip0). 3). ip output / start_xmit moves skb on to ipip0. which runs the same code path again (xmit recursion). 4). Routing step for the post-gre0-encap packet finds gre0 as output device to use for ipip0 encapsulated packet. tunl0->needed_headroom is then incremented based on the (already bumped) gre0 device headroom. This repeats for every future packet: gre0->needed_headroom gets inflated because previous packets’ ipip0 step incremented rt->dev (gre0) headroom, and ipip0 incremented because gre0 needed_headroom was increased. For each subsequent packet, gre/ipip0->needed_headroom grows until post-expand-head reallocations result in a skb->head/data distance of more than 64k. Once that happens, skb->network_header (u16) wraps around when pskb_expand_head tries to make sure that skb_network_offset() is unchanged after the headroom expansion/reallocation. After this skb_network_offset(skb) returns a different (and negative) result post headroom expansion. The next trip to neigh layer (or anything else that would __skb_pull the network header) makes skb->data point to a memory location outside skb->head area. v2: Cap the needed_headroom update to an arbitarily chosen upperlimit to prevent perpetual increase instead of dropping the headroom increment completely.
(CVE-2024-26804)
In the Linux kernel, the following vulnerability has been resolved: netlink: Fix kernel-infoleak-after- free in __skb_datagram_iter syzbot reported the following uninit-value access issue [1]:
netlink_to_full_skb() creates a new skb
and puts the skb->data
passed as a 1st arg of netlink_to_full_skb() onto new skb
. The data size is specified as len
and passed to skb_put_data().
This len
is based on skb->end
that is not data offset but buffer offset. The skb->end
contains data and tailroom. Since the tailroom is not initialized when the new skb
created, KMSAN detects uninitialized memory area when copying the data. This patch resolved this issue by correct the len from skb->end
to skb->len
, which is the actual data offset. BUG: KMSAN: kernel-infoleak-after-free in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak-after-free in copy_to_user_iter lib/iov_iter.c:24 [inline] BUG: KMSAN: kernel-infoleak-after-free in iterate_ubuf include/linux/iov_iter.h:29 [inline] BUG: KMSAN: kernel-infoleak-after-free in iterate_and_advance2 include/linux/iov_iter.h:245 [inline] BUG: KMSAN: kernel-infoleak-after-free in iterate_and_advance include/linux/iov_iter.h:271 [inline] BUG: KMSAN: kernel-infoleak-after-free in _copy_to_iter+0x364/0x2520 lib/iov_iter.c:186 instrument_copy_to_user include/linux/instrumented.h:114 [inline] copy_to_user_iter lib/iov_iter.c:24 [inline] iterate_ubuf include/linux/iov_iter.h:29 [inline] iterate_and_advance2 include/linux/iov_iter.h:245 [inline] iterate_and_advance include/linux/iov_iter.h:271 [inline]
_copy_to_iter+0x364/0x2520 lib/iov_iter.c:186 copy_to_iter include/linux/uio.h:197 [inline] simple_copy_to_iter+0x68/0xa0 net/core/datagram.c:532 __skb_datagram_iter+0x123/0xdc0 net/core/datagram.c:420 skb_copy_datagram_iter+0x5c/0x200 net/core/datagram.c:546 skb_copy_datagram_msg include/linux/skbuff.h:3960 [inline] packet_recvmsg+0xd9c/0x2000 net/packet/af_packet.c:3482 sock_recvmsg_nosec net/socket.c:1044 [inline] sock_recvmsg net/socket.c:1066 [inline] sock_read_iter+0x467/0x580 net/socket.c:1136 call_read_iter include/linux/fs.h:2014 [inline] new_sync_read fs/read_write.c:389 [inline] vfs_read+0x8f6/0xe00 fs/read_write.c:470 ksys_read+0x20f/0x4c0 fs/read_write.c:613 __do_sys_read fs/read_write.c:623 [inline] __se_sys_read fs/read_write.c:621 [inline]
__x64_sys_read+0x93/0xd0 fs/read_write.c:621 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was stored to memory at: skb_put_data include/linux/skbuff.h:2622 [inline] netlink_to_full_skb net/netlink/af_netlink.c:181 [inline] __netlink_deliver_tap_skb net/netlink/af_netlink.c:298 [inline]
__netlink_deliver_tap+0x5be/0xc90 net/netlink/af_netlink.c:325 netlink_deliver_tap net/netlink/af_netlink.c:338 [inline] netlink_deliver_tap_kernel net/netlink/af_netlink.c:347 [inline] netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline] netlink_unicast+0x10f1/0x1250 net/netlink/af_netlink.c:1368 netlink_sendmsg+0x1238/0x13d0 net/netlink/af_netlink.c:1910 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline]
____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: free_pages_prepare mm/page_alloc.c:1087 [inline] free_unref_page_prepare+0xb0/0xa40 mm/page_alloc.c:2347 free_unref_page_list+0xeb/0x1100 mm/page_alloc.c:2533 release_pages+0x23d3/0x2410 mm/swap.c:1042 free_pages_and_swap_cache+0xd9/0xf0 mm/swap_state.c:316 tlb_batch_pages —truncated— (CVE-2024-26805)
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: release elements in clone only from destroy path Clone already always provides a current view of the lookup table, use it to destroy the set, otherwise it is possible to destroy elements twice. This fix requires:
212ed75dc5fb (netfilter: nf_tables: integrate pipapo into commit protocol) which came after:
9827a0e6e23b (netfilter: nft_set_pipapo: release elements in clone from abort path). (CVE-2024-26809)
In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Lock external INTx masking ops Mask operations through config space changes to DisINTx may race INTx configuration changes via ioctl.
Create wrappers that add locking for paths outside of the core interrupt code. In particular, irq_type is updated holding igate, therefore testing is_intx() requires holding igate. For example clearing DisINTx from config space can otherwise race changes of the interrupt configuration. This aligns interfaces which may trigger the INTx eventfd into two camps, one side serialized by igate and the other only enabled while INTx is configured. A subsequent patch introduces synchronization for the latter flows. (CVE-2024-26810)
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate payload size in ipc response If installing malicious ksmbd-tools, ksmbd.mountd can return invalid ipc response to ksmbd kernel server. ksmbd should validate payload size of ipc response from ksmbd.mountd to avoid memory overrun or slab-out-of-bounds. This patch validate 3 ipc response that has payload. (CVE-2024-26811)
In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Create persistent INTx handler A vulnerability exists where the eventfd for INTx signaling can be deconfigured, which unregisters the IRQ handler but still allows eventfds to be signaled with a NULL context through the SET_IRQS ioctl or through unmask irqfd if the device interrupt is pending. Ideally this could be solved with some additional locking; the igate mutex serializes the ioctl and config space accesses, and the interrupt handler is unregistered relative to the trigger, but the irqfd path runs asynchronous to those. The igate mutex cannot be acquired from the atomic context of the eventfd wake function. Disabling the irqfd relative to the eventfd registration is potentially incompatible with existing userspace. As a result, the solution implemented here moves configuration of the INTx interrupt handler to track the lifetime of the INTx context object and irq_type configuration, rather than registration of a particular trigger eventfd.
Synchronization is added between the ioctl path and eventfd_signal() wrapper such that the eventfd trigger can be dynamically updated relative to in-flight interrupts or irqfd callbacks. (CVE-2024-26812)
In the Linux kernel, the following vulnerability has been resolved: vfio/platform: Create persistent IRQ handlers The vfio-platform SET_IRQS ioctl currently allows loopback triggering of an interrupt before a signaling eventfd has been configured by the user, which thereby allows a NULL pointer dereference. Rather than register the IRQ relative to a valid trigger, register all IRQs in a disabled state in the device open path. This allows mask operations on the IRQ to nest within the overall enable state governed by a valid eventfd signal. This decouples @masked, protected by the @locked spinlock from @trigger, protected via the @igate mutex. In doing so, it’s guaranteed that changes to @trigger cannot race the IRQ handlers because the IRQ handler is synchronously disabled before modifying the trigger, and loopback triggering of the IRQ via ioctl is safe due to serialization with trigger changes via igate. For compatibility, request_irq() failures are maintained to be local to the SET_IRQS ioctl rather than a fatal error in the open device path. This allows, for example, a userspace driver with polling mode support to continue to work regardless of moving the request_irq() call site. This necessarily blocks all SET_IRQS access to the failed index. (CVE-2024-26813)
In the Linux kernel, the following vulnerability has been resolved: vfio/fsl-mc: Block calling interrupt handler without trigger The eventfd_ctx trigger pointer of the vfio_fsl_mc_irq object is initially NULL and may become NULL if the user sets the trigger eventfd to -1. The interrupt handler itself is guaranteed that trigger is always valid between request_irq() and free_irq(), but the loopback testing mechanisms to invoke the handler function need to test the trigger. The triggering and setting ioctl paths both make use of igate and are therefore mutually exclusive. The vfio-fsl-mc driver does not make use of irqfds, nor does it support any sort of masking operations, therefore unlike vfio-pci and vfio-platform, the flow can remain essentially unchanged. (CVE-2024-26814)
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check taprio_parse_tc_entry() is not correctly checking TCA_TAPRIO_TC_ENTRY_INDEX attribute: int tc; // Signed value tc = nla_get_u32(tb[TCA_TAPRIO_TC_ENTRY_INDEX]); if (tc >= TC_QOPT_MAX_QUEUE) { NL_SET_ERR_MSG_MOD(extack, TC entry index out of range); return -ERANGE; } syzbot reported that it could fed arbitary negative values:
UBSAN: shift-out-of-bounds in net/sched/sch_taprio.c:1722:18 shift exponent -2147418108 is negative CPU: 0 PID: 5066 Comm: syz-executor367 Not tainted 6.8.0-rc7-syzkaller-00136-gc8a5c731fd12 #0 Hardware name:
Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:217 [inline] __ubsan_handle_shift_out_of_bounds+0x3c7/0x420 lib/ubsan.c:386 taprio_parse_tc_entry net/sched/sch_taprio.c:1722 [inline] taprio_parse_tc_entries net/sched/sch_taprio.c:1768 [inline] taprio_change+0xb87/0x57d0 net/sched/sch_taprio.c:1877 taprio_init+0x9da/0xc80 net/sched/sch_taprio.c:2134 qdisc_create+0x9d4/0x1190 net/sched/sch_api.c:1355 tc_modify_qdisc+0xa26/0x1e40 net/sched/sch_api.c:1776 rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6617 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline] netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367 netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg+0x221/0x270 net/socket.c:745 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584 ___sys_sendmsg net/socket.c:2638 [inline] __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667 do_syscall_64+0xf9/0x240 entry_SYSCALL_64_after_hwframe+0x6f/0x77 RIP: 0033:0x7f1b2dea3759 Code: 48 83 c4 28 c3 e8 d7 19 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffd4de452f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f1b2def0390 RCX: 00007f1b2dea3759 RDX:
0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004 RBP: 0000000000000003 R08: 0000555500000000 R09: 0000555500000000 R10: 0000555500000000 R11: 0000000000000246 R12: 00007ffd4de45340 R13:
00007ffd4de45310 R14: 0000000000000001 R15: 00007ffd4de45340 (CVE-2024-26815)
In the Linux kernel, the following vulnerability has been resolved: x86, relocs: Ignore relocations in .notes section When building with CONFIG_XEN_PV=y, .text symbols are emitted into the .notes section so that Xen can find the startup_xen entry point. This information is used prior to booting the kernel, so relocations are not useful. In fact, performing relocations against the .notes section means that the KASLR base is exposed since /sys/kernel/notes is world-readable. To avoid leaking the KASLR base without breaking unprivileged tools that are expecting to read /sys/kernel/notes, skip performing relocations in the .notes section. The values readable in .notes are then identical to those found in System.map.
(CVE-2024-26816)
In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Disable auto-enable of exclusive INTx IRQ Currently for devices requiring masking at the irqchip for INTx, ie. devices without DisINTx support, the IRQ is enabled in request_irq() and subsequently disabled as necessary to align with the masked status flag. This presents a window where the interrupt could fire between these events, resulting in the IRQ incrementing the disable depth twice. This would be unrecoverable for a user since the masked flag prevents nested enables through vfio. Instead, invert the logic using IRQF_NO_AUTOEN such that exclusive INTx is never auto-enabled, then unmask as required. (CVE-2024-27437)
This CVE was assigned by Intel. Please see CVE-2024-2201 on CVE.org for more information. (CVE-2024-2201)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dsa-5658. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('compat.inc');
if (description)
{
script_id(193309);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/13");
script_cve_id(
"CVE-2023-2176",
"CVE-2023-6270",
"CVE-2023-7042",
"CVE-2023-28746",
"CVE-2023-47233",
"CVE-2023-52429",
"CVE-2023-52434",
"CVE-2023-52435",
"CVE-2023-52583",
"CVE-2023-52584",
"CVE-2023-52587",
"CVE-2023-52588",
"CVE-2023-52589",
"CVE-2023-52593",
"CVE-2023-52594",
"CVE-2023-52595",
"CVE-2023-52597",
"CVE-2023-52598",
"CVE-2023-52599",
"CVE-2023-52600",
"CVE-2023-52601",
"CVE-2023-52602",
"CVE-2023-52603",
"CVE-2023-52604",
"CVE-2023-52606",
"CVE-2023-52607",
"CVE-2023-52616",
"CVE-2023-52617",
"CVE-2023-52618",
"CVE-2023-52619",
"CVE-2023-52620",
"CVE-2023-52621",
"CVE-2023-52622",
"CVE-2023-52623",
"CVE-2023-52630",
"CVE-2023-52631",
"CVE-2023-52632",
"CVE-2023-52633",
"CVE-2023-52635",
"CVE-2023-52637",
"CVE-2023-52638",
"CVE-2023-52639",
"CVE-2023-52640",
"CVE-2023-52641",
"CVE-2024-0340",
"CVE-2024-0841",
"CVE-2024-1151",
"CVE-2024-2201",
"CVE-2024-22099",
"CVE-2024-23850",
"CVE-2024-23851",
"CVE-2024-24857",
"CVE-2024-24858",
"CVE-2024-26581",
"CVE-2024-26582",
"CVE-2024-26583",
"CVE-2024-26584",
"CVE-2024-26585",
"CVE-2024-26586",
"CVE-2024-26590",
"CVE-2024-26593",
"CVE-2024-26600",
"CVE-2024-26601",
"CVE-2024-26602",
"CVE-2024-26603",
"CVE-2024-26606",
"CVE-2024-26621",
"CVE-2024-26622",
"CVE-2024-26625",
"CVE-2024-26626",
"CVE-2024-26627",
"CVE-2024-26629",
"CVE-2024-26639",
"CVE-2024-26640",
"CVE-2024-26641",
"CVE-2024-26642",
"CVE-2024-26643",
"CVE-2024-26651",
"CVE-2024-26654",
"CVE-2024-26659",
"CVE-2024-26660",
"CVE-2024-26663",
"CVE-2024-26664",
"CVE-2024-26665",
"CVE-2024-26667",
"CVE-2024-26671",
"CVE-2024-26673",
"CVE-2024-26675",
"CVE-2024-26676",
"CVE-2024-26679",
"CVE-2024-26680",
"CVE-2024-26681",
"CVE-2024-26684",
"CVE-2024-26685",
"CVE-2024-26686",
"CVE-2024-26687",
"CVE-2024-26688",
"CVE-2024-26689",
"CVE-2024-26695",
"CVE-2024-26696",
"CVE-2024-26697",
"CVE-2024-26698",
"CVE-2024-26700",
"CVE-2024-26702",
"CVE-2024-26704",
"CVE-2024-26706",
"CVE-2024-26707",
"CVE-2024-26710",
"CVE-2024-26712",
"CVE-2024-26714",
"CVE-2024-26715",
"CVE-2024-26717",
"CVE-2024-26718",
"CVE-2024-26720",
"CVE-2024-26722",
"CVE-2024-26723",
"CVE-2024-26726",
"CVE-2024-26727",
"CVE-2024-26731",
"CVE-2024-26733",
"CVE-2024-26735",
"CVE-2024-26736",
"CVE-2024-26737",
"CVE-2024-26741",
"CVE-2024-26742",
"CVE-2024-26743",
"CVE-2024-26744",
"CVE-2024-26745",
"CVE-2024-26747",
"CVE-2024-26748",
"CVE-2024-26749",
"CVE-2024-26750",
"CVE-2024-26751",
"CVE-2024-26752",
"CVE-2024-26753",
"CVE-2024-26754",
"CVE-2024-26759",
"CVE-2024-26760",
"CVE-2024-26761",
"CVE-2024-26763",
"CVE-2024-26764",
"CVE-2024-26765",
"CVE-2024-26766",
"CVE-2024-26769",
"CVE-2024-26771",
"CVE-2024-26772",
"CVE-2024-26773",
"CVE-2024-26774",
"CVE-2024-26775",
"CVE-2024-26776",
"CVE-2024-26777",
"CVE-2024-26778",
"CVE-2024-26779",
"CVE-2024-26780",
"CVE-2024-26781",
"CVE-2024-26782",
"CVE-2024-26787",
"CVE-2024-26788",
"CVE-2024-26789",
"CVE-2024-26790",
"CVE-2024-26791",
"CVE-2024-26792",
"CVE-2024-26793",
"CVE-2024-26795",
"CVE-2024-26798",
"CVE-2024-26800",
"CVE-2024-26801",
"CVE-2024-26802",
"CVE-2024-26803",
"CVE-2024-26804",
"CVE-2024-26805",
"CVE-2024-26809",
"CVE-2024-26810",
"CVE-2024-26811",
"CVE-2024-26812",
"CVE-2024-26813",
"CVE-2024-26814",
"CVE-2024-26815",
"CVE-2024-26816",
"CVE-2024-27437"
);
script_name(english:"Debian dsa-5658 : affs-modules-6.1.0-11-4kc-malta-di - security update");
script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
script_set_attribute(attribute:"description", value:
"The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dsa-5658 advisory.
- A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux
Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem
to crash the system or escalation of privilege. (CVE-2023-2176)
- Information exposure through microarchitectural state after transient execution from some register files
for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information
disclosure via local access. (CVE-2023-28746)
- The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in
the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local
access, this could be exploited in a real world scenario. This is related to
brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.
(CVE-2023-47233)
- dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in
alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct
dm_ioctl.target_count. (CVE-2023-52429)
- In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential OOBs in
smb2_parse_contexts() Validate offsets and lengths before dereferencing create contexts in
smb2_parse_contexts(). This fixes following oops when accessing invalid create contexts from server: BUG:
unable to handle page fault for address: ffff8881178d8cc3 #PF: supervisor read access in kernel mode #PF:
error_code(0x0000) - not-present page PGD 4a01067 P4D 4a01067 PUD 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU:
3 PID: 1736 Comm: mount.cifs Not tainted 6.7.0-rc4 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009),
BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014 RIP: 0010:smb2_parse_contexts+0xa0/0x3a0
[cifs] Code: f8 10 75 13 48 b8 93 ad 25 50 9c b4 11 e7 49 39 06 0f 84 d2 00 00 00 8b 45 00 85 c0 74 61 41
29 c5 48 01 c5 41 83 fd 0f 76 55 <0f> b7 7d 04 0f b7 45 06 4c 8d 74 3d 00 66 83 f8 04 75 bc ba 04 00 RSP:
0018:ffffc900007939e0 EFLAGS: 00010216 RAX: ffffc90000793c78 RBX: ffff8880180cc000 RCX: ffffc90000793c90
RDX: ffffc90000793cc0 RSI: ffff8880178d8cc0 RDI: ffff8880180cc000 RBP: ffff8881178d8cbf R08:
ffffc90000793c22 R09: 0000000000000000 R10: ffff8880180cc000 R11: 0000000000000024 R12: 0000000000000000
R13: 0000000000000020 R14: 0000000000000000 R15: ffffc90000793c22 FS: 00007f873753cbc0(0000)
GS:ffff88806bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2:
ffff8881178d8cc3 CR3: 00000000181ca000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> ?
__die+0x23/0x70 ? page_fault_oops+0x181/0x480 ? search_module_extables+0x19/0x60 ?
srso_alias_return_thunk+0x5/0xfbef5 ? exc_page_fault+0x1b6/0x1c0 ? asm_exc_page_fault+0x26/0x30 ?
smb2_parse_contexts+0xa0/0x3a0 [cifs] SMB2_open+0x38d/0x5f0 [cifs] ? smb2_is_path_accessible+0x138/0x260
[cifs] smb2_is_path_accessible+0x138/0x260 [cifs] cifs_is_path_remote+0x8d/0x230 [cifs]
cifs_mount+0x7e/0x350 [cifs] cifs_smb3_do_mount+0x128/0x780 [cifs] smb3_get_tree+0xd9/0x290 [cifs]
vfs_get_tree+0x2c/0x100 ? capable+0x37/0x70 path_mount+0x2d7/0xb80 ? srso_alias_return_thunk+0x5/0xfbef5 ?
_raw_spin_unlock_irqrestore+0x44/0x60 __x64_sys_mount+0x11a/0x150 do_syscall_64+0x47/0xf0
entry_SYSCALL_64_after_hwframe+0x6f/0x77 RIP: 0033:0x7f8737657b1e (CVE-2023-52434)
- In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in
skb_segment() Once again syzbot is able to crash the kernel in skb_segment() [1] GSO_BY_FRAGS is a
forbidden value, but unfortunately the following computation in skb_segment() can reach it quite easily :
mss = mss * partial_segs; 65535 = 3 * 5 * 17 * 257, so many initial values of mss can lead to a bad final
result. Make sure to limit segmentation so that the new mss value is smaller than GSO_BY_FRAGS. [1]
general protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP
KASAN KASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077] CPU: 1 PID: 5079 Comm: syz-
executor993 Not tainted 6.7.0-rc4-syzkaller-00141-g1ae4cd3cbdd0 #0 Hardware name: Google Google Compute
Engine/Google Compute Engine, BIOS Google 11/10/2023 RIP: 0010:skb_segment+0x181d/0x3f30
net/core/skbuff.c:4551 Code: 83 e3 02 e9 fb ed ff ff e8 90 68 1c f9 48 8b 84 24 f8 00 00 00 48 8d 78 70 48
b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 8a 21 00 00 48 8b 84
24 f8 00 RSP: 0018:ffffc900043473d0 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000010046 RCX:
ffffffff886b1597 RDX: 000000000000000e RSI: ffffffff886b2520 RDI: 0000000000000070 RBP: ffffc90004347578
R08: 0000000000000005 R09: 000000000000ffff R10: 000000000000ffff R11: 0000000000000002 R12:
ffff888063202ac0 R13: 0000000000010000 R14: 000000000000ffff R15: 0000000000000046 FS:
0000555556e7e380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033 CR2: 0000000020010000 CR3: 0000000027ee2000 CR4: 00000000003506f0 DR0: 0000000000000000
DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400 Call Trace: <TASK> udp6_ufo_fragment+0xa0e/0xd00 net/ipv6/udp_offload.c:109
ipv6_gso_segment+0x534/0x17e0 net/ipv6/ip6_offload.c:120 skb_mac_gso_segment+0x290/0x610 net/core/gso.c:53
__skb_gso_segment+0x339/0x710 net/core/gso.c:124 skb_gso_segment include/net/gso.h:83 [inline]
validate_xmit_skb+0x36c/0xeb0 net/core/dev.c:3626 __dev_queue_xmit+0x6f3/0x3d60 net/core/dev.c:4338
dev_queue_xmit include/linux/netdevice.h:3134 [inline] packet_xmit+0x257/0x380 net/packet/af_packet.c:276
packet_snd net/packet/af_packet.c:3087 [inline] packet_sendmsg+0x24c6/0x5220 net/packet/af_packet.c:3119
sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0xd5/0x180 net/socket.c:745
__sys_sendto+0x255/0x340 net/socket.c:2190 __do_sys_sendto net/socket.c:2202 [inline] __se_sys_sendto
net/socket.c:2198 [inline] __x64_sys_sendto+0xe0/0x1b0 net/socket.c:2198 do_syscall_x64
arch/x86/entry/common.c:52 [inline] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b RIP: 0033:0x7f8692032aa9 Code: 28 00 00 00 75 05 48 83 c4 28 c3
e8 d1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0
ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fff8d685418 EFLAGS: 00000246
ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f8692032aa9 RDX:
0000000000010048 RSI: 00000000200000c0 RDI: 0000000000000003 RBP: 00000000000f4240 R08: 0000000020000540
R09: 0000000000000014 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff8d685480 R13:
0000000000000001 R14: 00007fff8d685480 R15: 0000000000000003 </TASK> Modules linked in: ---[ end trace
0000000000000000 ]--- RIP: 0010:skb_segment+0x181d/0x3f30 net/core/skbuff.c:4551 Code: 83 e3 02 e9 fb ed
ff ff e8 90 68 1c f9 48 8b 84 24 f8 00 00 00 48 8d 78 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea
03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 8a 21 00 00 48 8b 84 24 f8 00 RSP: 0018:ffffc900043473d0 EFLAGS:
00010202 RAX: dffffc0000000000 RBX: 0000000000010046 RCX: ffffffff886b1597 RDX: 000000000000000e RSI:
ffffffff886b2520 RDI: 0000000000000070 RBP: ffffc90004347578 R0 ---truncated--- (CVE-2023-52435)
- In the Linux kernel, the following vulnerability has been resolved: ceph: fix deadlock or deadcode of
misusing dget() The lock order is incorrect between denty and its parent, we should always make sure that
the parent get the lock first. But since this deadcode is never used and the parent dir will always be set
from the callers, let's just remove it. (CVE-2023-52583)
- In the Linux kernel, the following vulnerability has been resolved: spmi: mediatek: Fix UAF on device
remove The pmif driver data that contains the clocks is allocated along with spmi_controller. On device
remove, spmi_controller will be freed first, and then devres , including the clocks, will be cleanup. This
leads to UAF because putting the clocks will access the clocks in the pmif driver data, which is already
freed along with spmi_controller. This can be reproduced by enabling DEBUG_TEST_DRIVER_REMOVE and building
the kernel with KASAN. Fix the UAF issue by using unmanaged clk_bulk_get() and putting the clocks before
freeing spmi_controller. (CVE-2023-52584)
- In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking
Releasing the `priv->lock` while iterating the `priv->multicast_list` in `ipoib_mcast_join_task()` opens a
window for `ipoib_mcast_dev_flush()` to remove the items while in the middle of iteration. If the mcast is
removed while the lock was dropped, the for loop spins forever resulting in a hard lockup (as was reported
on RHEL 4.18.0-372.75.1.el8_6 kernel): Task A (kworker/u72:2 below) | Task B (kworker/u72:0 below)
-----------------------------------+----------------------------------- ipoib_mcast_join_task(work) |
ipoib_ib_dev_flush_light(work) spin_lock_irq(&priv->lock) | __ipoib_ib_dev_flush(priv, ...)
list_for_each_entry(mcast, | ipoib_mcast_dev_flush(dev = priv->dev) &priv->multicast_list, list) |
ipoib_mcast_join(dev, mcast) | spin_unlock_irq(&priv->lock) | | spin_lock_irqsave(&priv->lock, flags) |
list_for_each_entry_safe(mcast, tmcast, | &priv->multicast_list, list) | list_del(&mcast->list); |
list_add_tail(&mcast->list, &remove_list) | spin_unlock_irqrestore(&priv->lock, flags)
spin_lock_irq(&priv->lock) | | ipoib_mcast_remove_list(&remove_list) (Here, `mcast` is no longer on the |
list_for_each_entry_safe(mcast, tmcast, `priv->multicast_list` and we keep | remove_list, list) spinning
on the `remove_list` of | >>> wait_for_completion(&mcast->done) the other thread which is blocked | and
the list is still valid on | it's stack.) Fix this by keeping the lock held and changing to GFP_ATOMIC to
prevent eventual sleeps. Unfortunately we could not reproduce the lockup and confirm this fix but based on
the code review I think this fix should address such lockups. crash> bc 31 PID: 747 TASK: ff1c6a1a007e8000
CPU: 31 COMMAND: kworker/u72:2 -- [exception RIP: ipoib_mcast_join_task+0x1b1] RIP: ffffffffc0944ac1
RSP: ff646f199a8c7e00 RFLAGS: 00000002 RAX: 0000000000000000 RBX: ff1c6a1a04dc82f8 RCX: 0000000000000000
work (&priv->mcast_task{,.work}) RDX: ff1c6a192d60ac68 RSI: 0000000000000286 RDI: ff1c6a1a04dc8000
&mcast->list RBP: ff646f199a8c7e90 R8: ff1c699980019420 R9: ff1c6a1920c9a000 R10: ff646f199a8c7e00 R11:
ff1c6a191a7d9800 R12: ff1c6a192d60ac00 mcast R13: ff1c6a1d82200000 R14: ff1c6a1a04dc8000 R15:
ff1c6a1a04dc82d8 dev priv (&priv->lock) &priv->multicast_list (aka head) ORIG_RAX: ffffffffffffffff CS:
0010 SS: 0018 --- <NMI exception stack> --- #5 [ff646f199a8c7e00] ipoib_mcast_join_task+0x1b1 at
ffffffffc0944ac1 [ib_ipoib] #6 [ff646f199a8c7e98] process_one_work+0x1a7 at ffffffff9bf10967 crash> rx
ff646f199a8c7e68 ff646f199a8c7e68: ff1c6a1a04dc82f8 <<< work = &priv->mcast_task.work crash> list -hO
ipoib_dev_priv.multicast_list ff1c6a1a04dc8000 (empty) crash>
ipoib_dev_priv.mcast_task.work.func,mcast_mutex.owner.counter ff1c6a1a04dc8000 mcast_task.work.func =
0xffffffffc0944910 <ipoib_mcast_join_task>, mcast_mutex.owner.counter = 0xff1c69998efec000 crash> b 8 PID:
8 TASK: ff1c69998efec000 CPU: 33 COMMAND: kworker/u72:0 -- #3 [ff646f1980153d50]
wait_for_completion+0x96 at ffffffff9c7d7646 #4 [ff646f1980153d90] ipoib_mcast_remove_list+0x56 at
ffffffffc0944dc6 [ib_ipoib] #5 [ff646f1980153de8] ipoib_mcast_dev_flush+0x1a7 at ffffffffc09455a7
[ib_ipoib] #6 [ff646f1980153e58] __ipoib_ib_dev_flush+0x1a4 at ffffffffc09431a4 [ib_ipoib] #7 [ff
---truncated--- (CVE-2023-52587)
- In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to tag gcing flag on page
during block migration It needs to add missing gcing flag on page during block migration, in order to
garantee migrated data be persisted during checkpoint, otherwise out-of-order persistency between data and
node may cause data corruption after SPOR. Similar issue was fixed by commit 2d1fe8a86bf5 (f2fs: fix to
tag gcing flag on page during file defragment). (CVE-2023-52588)
- In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ disable race
issue In rkisp1_isp_stop() and rkisp1_csi_disable() the driver masks the interrupts and then apparently
assumes that the interrupt handler won't be running, and proceeds in the stop procedure. This is not the
case, as the interrupt handler can already be running, which would lead to the ISP being disabled while
the interrupt handler handling a captured frame. This brings up two issues: 1) the ISP could be powered
off while the interrupt handler is still running and accessing registers, leading to board lockup, and 2)
the interrupt handler code and the code that disables the streaming might do things that conflict. It is
not clear to me if 2) causes a real issue, but 1) can be seen with a suitable delay (or printk in my case)
in the interrupt handler, leading to board lockup. (CVE-2023-52589)
- In the Linux kernel, the following vulnerability has been resolved: wifi: wfx: fix possible NULL pointer
dereference in wfx_set_mfp_ap() Since 'ieee80211_beacon_get()' can return NULL, 'wfx_set_mfp_ap()' should
check the return value before examining skb data. So convert the latter to return an appropriate error
code and propagate it to return from 'wfx_start_ap()' as well. Compile tested only. (CVE-2023-52593)
- In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential array-
index-out-of-bounds read in ath9k_htc_txstatus() Fix an array-index-out-of-bounds read in
ath9k_htc_txstatus(). The bug occurs when txs->cnt, data from a URB provided by a USB device, is bigger
than the size of the array txs->txstatus, which is HTC_MAX_TX_STATUS. WARN_ON() already checks it, but
there is no bug handling code after the check. Make the function return if that is the case. Found by a
modified version of syzkaller. UBSAN: array-index-out-of-bounds in htc_drv_txrx.c index 13 is out of range
for type '__wmi_event_txstatus [12]' Call Trace: ath9k_htc_txstatus ath9k_wmi_event_tasklet
tasklet_action_common __do_softirq irq_exit_rxu sysvec_apic_timer_interrupt (CVE-2023-52594)
- In the Linux kernel, the following vulnerability has been resolved: wifi: rt2x00: restart beacon queue
when hardware reset When a hardware reset is triggered, all registers are reset, so all queues are forced
to stop in hardware interface. However, mac80211 will not automatically stop the queue. If we don't
manually stop the beacon queue, the queue will be deadlocked and unable to start again. This patch fixes
the issue where Apple devices cannot connect to the AP after calling ieee80211_restart_hw().
(CVE-2023-52595)
- In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix setting of fpc register
kvm_arch_vcpu_ioctl_set_fpu() allows to set the floating point control (fpc) register of a guest cpu. The
new value is tested for validity by temporarily loading it into the fpc register. This may lead to
corruption of the fpc register of the host process: if an interrupt happens while the value is temporarily
loaded into the fpc register, and within interrupt context floating point or vector registers are used,
the current fp/vx registers are saved with save_fpu_regs() assuming they belong to user space and will be
loaded into fp/vx registers when returning to user space. test_fp_ctl() restores the original user space /
host process fpc register value, however it will be discarded, when returning to user space. In result the
host process will incorrectly continue to run with the value that was supposed to be used for a guest cpu.
Fix this by simply removing the test. There is another test right before the SIE context is entered which
will handles invalid values. This results in a change of behaviour: invalid values will now be accepted
instead of that the ioctl fails with -EINVAL. This seems to be acceptable, given that this interface is
most likely not used anymore, and this is in addition the same behaviour implemented with the memory
mapped interface (replace invalid values with zero) - see sync_regs() in kvm-s390.c. (CVE-2023-52597)
- In the Linux kernel, the following vulnerability has been resolved: s390/ptrace: handle setting of fpc
register correctly If the content of the floating point control (fpc) register of a traced process is
modified with the ptrace interface the new value is tested for validity by temporarily loading it into the
fpc register. This may lead to corruption of the fpc register of the tracing process: if an interrupt
happens while the value is temporarily loaded into the fpc register, and within interrupt context floating
point or vector registers are used, the current fp/vx registers are saved with save_fpu_regs() assuming
they belong to user space and will be loaded into fp/vx registers when returning to user space.
test_fp_ctl() restores the original user space fpc register value, however it will be discarded, when
returning to user space. In result the tracer will incorrectly continue to run with the value that was
supposed to be used for the traced process. Fix this by saving fpu register contents with save_fpu_regs()
before using test_fp_ctl(). (CVE-2023-52598)
- In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in
diNewExt [Syz report] UBSAN: array-index-out-of-bounds in fs/jfs/jfs_imap.c:2360:2 index -878706688 is out
of range for type 'struct iagctl[128]' CPU: 1 PID: 5065 Comm: syz-executor282 Not tainted
6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0 Hardware name: Google Google Compute Engine/Google Compute
Engine, BIOS Google 11/10/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:217 [inline]
__ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348 diNewExt+0x3cf3/0x4000 fs/jfs/jfs_imap.c:2360
diAllocExt fs/jfs/jfs_imap.c:1949 [inline] diAllocAG+0xbe8/0x1e50 fs/jfs/jfs_imap.c:1666
diAlloc+0x1d3/0x1760 fs/jfs/jfs_imap.c:1587 ialloc+0x8f/0x900 fs/jfs/jfs_inode.c:56 jfs_mkdir+0x1c5/0xb90
fs/jfs/namei.c:225 vfs_mkdir+0x2f1/0x4b0 fs/namei.c:4106 do_mkdirat+0x264/0x3a0 fs/namei.c:4129
__do_sys_mkdir fs/namei.c:4149 [inline] __se_sys_mkdir fs/namei.c:4147 [inline] __x64_sys_mkdir+0x6e/0x80
fs/namei.c:4147 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x45/0x110
arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x63/0x6b RIP: 0033:0x7fcb7e6a0b57 Code: ff ff
77 07 31 c0 c3 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 53
00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP:
002b:00007ffd83023038 EFLAGS: 00000286 ORIG_RAX: 0000000000000053 RAX: ffffffffffffffda RBX:
00000000ffffffff RCX: 00007fcb7e6a0b57 RDX: 00000000000a1020 RSI: 00000000000001ff RDI: 0000000020000140
RBP: 0000000020000140 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11:
0000000000000286 R12: 00007ffd830230d0 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[Analysis] When the agstart is too large, it can cause agno overflow. [Fix] After obtaining agno, if the
value is invalid, exit the subsequent process. Modified the test from agno > MAXAG to agno >= MAXAG based
on linux-next report by kernel test robot (Dan Carpenter). (CVE-2023-52599)
- In the Linux kernel, the following vulnerability has been resolved: jfs: fix uaf in jfs_evict_inode When
the execution of diMount(ipimap) fails, the object ipimap that has been released may be accessed in
diFreeSpecial(). Asynchronous ipimap release occurs when rcu_core() calls jfs_free_node(). Therefore, when
diMount(ipimap) fails, sbi->ipimap should not be initialized as ipimap. (CVE-2023-52600)
- In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in
dbAdjTree Currently there is a bound check missing in the dbAdjTree while accessing the dmt_stree. To add
the required check added the bool is_ctl which is required to determine the size as suggest in the
following commit. https://lore.kernel.org/linux-kernel-
mentees/[email protected]/ (CVE-2023-52601)
- In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds Read in
dtSearch Currently while searching for current page in the sorted entry table of the page there is a out
of bound access. Added a bound check to fix the error. Dave: Set return code to -EIO (CVE-2023-52602)
- In the Linux kernel, the following vulnerability has been resolved: UBSAN: array-index-out-of-bounds in
dtSplitRoot Syzkaller reported the following issue: oop0: detected capacity change from 0 to 32768 UBSAN:
array-index-out-of-bounds in fs/jfs/jfs_dtree.c:1971:9 index -2 is out of range for type 'struct dtslot
[128]' CPU: 0 PID: 3613 Comm: syz-executor270 Not tainted 6.0.0-syzkaller-09423-g493ffd6605b2 #0 Hardware
name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Call Trace: <TASK>
__dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106 ubsan_epilogue
lib/ubsan.c:151 [inline] __ubsan_handle_out_of_bounds+0xdb/0x130 lib/ubsan.c:283 dtSplitRoot+0x8d8/0x1900
fs/jfs/jfs_dtree.c:1971 dtSplitUp fs/jfs/jfs_dtree.c:985 [inline] dtInsert+0x1189/0x6b80
fs/jfs/jfs_dtree.c:863 jfs_mkdir+0x757/0xb00 fs/jfs/namei.c:270 vfs_mkdir+0x3b3/0x590 fs/namei.c:4013
do_mkdirat+0x279/0x550 fs/namei.c:4038 __do_sys_mkdirat fs/namei.c:4053 [inline] __se_sys_mkdirat
fs/namei.c:4051 [inline] __x64_sys_mkdirat+0x85/0x90 fs/namei.c:4051 do_syscall_x64
arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fcdc0113fd9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00
00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0
ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffeb8bc67d8 EFLAGS: 00000246
ORIG_RAX: 0000000000000102 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcdc0113fd9 RDX:
0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003 RBP: 00007fcdc00d37a0 R08: 0000000000000000
R09: 00007fcdc00d37a0 R10: 00005555559a72c0 R11: 0000000000000246 R12: 00000000f8008000 R13:
0000000000000000 R14: 00083878000000f8 R15: 0000000000000000 </TASK> The issue is caused when the value of
fsi becomes less than -1. The check to break the loop when fsi value becomes -1 is present but syzbot was
able to produce value less than -1 which cause the error. This patch simply add the change for the values
less than 0. The patch is tested via syzbot. (CVE-2023-52603)
- In the Linux kernel, the following vulnerability has been resolved: FS:JFS:UBSAN:array-index-out-of-bounds
in dbAdjTree Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in
fs/jfs/jfs_dmap.c:2867:6 index 196694 is out of range for type 's8[1365]' (aka 'signed char[1365]') CPU: 1
PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0 Hardware name: Google Google Compute
Engine/Google Compute Engine, BIOS Google 08/04/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88
[inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:217 [inline]
__ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348 dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867
dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834 dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331 dbFreeDmap
fs/jfs/jfs_dmap.c:2080 [inline] dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402 txFreeMap+0x798/0xd50
fs/jfs/jfs_txnmgr.c:2534 txUpdateMap+0x342/0x9e0 txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline]
jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732 kthread+0x2d3/0x370 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20
arch/x86/entry/entry_64.S:304 </TASK>
================================================================================ Kernel panic - not
syncing: UBSAN: panic_on_warn set ... CPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 Call Trace:
<TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106
panic+0x30f/0x770 kernel/panic.c:340 check_panic_on_warn+0x82/0xa0 kernel/panic.c:236 ubsan_epilogue
lib/ubsan.c:223 [inline] __ubsan_handle_out_of_bounds+0x13c/0x150 lib/ubsan.c:348 dbAdjTree+0x474/0x4f0
fs/jfs/jfs_dmap.c:2867 dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834 dbFreeBits+0x4eb/0xda0
fs/jfs/jfs_dmap.c:2331 dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline] dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402
txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534 txUpdateMap+0x342/0x9e0 txLazyCommit
fs/jfs/jfs_txnmgr.c:2664 [inline] jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732 kthread+0x2d3/0x370
kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20
arch/x86/entry/entry_64.S:304 </TASK> Kernel Offset: disabled Rebooting in 86400 seconds.. The issue is
caused when the value of lp becomes greater than CTLTREESIZE which is the max size of stree. Adding a
simple check solves this issue. Dave: As the function returns a void, good error handling would require a
more intrusive code reorganization, so I modified Osama's patch at use WARN_ON_ONCE for lack of a cleaner
option. The patch is tested via syzbot. (CVE-2023-52604)
- In the Linux kernel, the following vulnerability has been resolved: powerpc/lib: Validate size for vector
operations Some of the fp/vmx code in sstep.c assume a certain maximum size for the instructions being
emulated. The size of those operations however is determined separately in analyse_instr(). Add a check to
validate the assumption on the maximum size of the operations, so as to prevent any unintended kernel
stack corruption. (CVE-2023-52606)
- In the Linux kernel, the following vulnerability has been resolved: powerpc/mm: Fix null-pointer
dereference in pgtable_cache_add kasprintf() returns a pointer to dynamically allocated memory which can
be NULL upon failure. Ensure the allocation was successful by checking the pointer validity.
(CVE-2023-52607)
- In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - Fix unexpected
pointer access in mpi_ec_init When the mpi_ec_ctx structure is initialized, some fields are not cleared,
causing a crash when referencing the field when the structure was released. Initially, this issue was
ignored because memory for mpi_ec_ctx is allocated with the __GFP_ZERO flag. For example, this error will
be triggered when calculating the Za value for SM2 separately. (CVE-2023-52616)
- In the Linux kernel, the following vulnerability has been resolved: PCI: switchtec: Fix stdev_release()
crash after surprise hot remove A PCI device hot removal may occur while stdev->cdev is held open. The
call to stdev_release() then happens during close or exit, at a point way past switchtec_pci_remove().
Otherwise the last ref would vanish with the trailing put_device(), just before return. At that later
point in time, the devm cleanup has already removed the stdev->mmio_mrpc mapping. Also, the stdev->pdev
reference was not a counted one. Therefore, in DMA mode, the iowrite32() in stdev_release() will cause a
fatal page fault, and the subsequent dma_free_coherent(), if reached, would pass a stale &stdev->pdev->dev
pointer. Fix by moving MRPC DMA shutdown into switchtec_pci_remove(), after stdev_kill(). Counting the
stdev->pdev ref is now optional, but may prevent future accidents. Reproducible via the script at
https://lore.kernel.org/r/[email protected] (CVE-2023-52617)
- In the Linux kernel, the following vulnerability has been resolved: block/rnbd-srv: Check for unlikely
string overflow Since dev_search_path can technically be as large as PATH_MAX, there was a risk of
truncation when copying it and a second string into full_path since it was also PATH_MAX sized. The W=1
builds were reporting this warning: drivers/block/rnbd/rnbd-srv.c: In function 'process_msg_open.isra':
drivers/block/rnbd/rnbd-srv.c:616:51: warning: '%s' directive output may be truncated writing up to 254
bytes into a region of size between 0 and 4095 [-Wformat-truncation=] 616 | snprintf(full_path, PATH_MAX,
%s/%s, | ^~ In function 'rnbd_srv_get_full_path', inlined from 'process_msg_open.isra' at
drivers/block/rnbd/rnbd-srv.c:721:14: drivers/block/rnbd/rnbd-srv.c:616:17: note: 'snprintf' output
between 2 and 4351 bytes into a destination of size 4096 616 | snprintf(full_path, PATH_MAX, %s/%s, |
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 617 | dev_search_path, dev_name); | ~~~~~~~~~~~~~~~~~~~~~~~~~~ To
fix this, unconditionally check for truncation (as was already done for the case where %SESSNAME% was
present). (CVE-2023-52618)
- In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Fix crash when setting
number of cpus to an odd number When the number of cpu cores is adjusted to 7 or other odd numbers, the
zone size will become an odd number. The address of the zone will become: addr of zone0 = BASE addr of
zone1 = BASE + zone_size addr of zone2 = BASE + zone_size*2 ... The address of zone1/3/5/7 will be mapped
to non-alignment va. Eventually crashes will occur when accessing these va. So, use ALIGN_DOWN() to make
sure the zone size is even to avoid this bug. (CVE-2023-52619)
- In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow timeout
for anonymous sets Never used from userspace, disallow these parameters. (CVE-2023-52620)
- In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcu_read_lock_trace_held()
before calling bpf map helpers These three bpf_map_{lookup,update,delete}_elem() helpers are also
available for sleepable bpf program, so add the corresponding lock assertion for sleepable bpf program,
otherwise the following warning will be reported when a sleepable bpf program manipulates bpf map under
interpreter mode (aka bpf_jit_enable=0): WARNING: CPU: 3 PID: 4985 at kernel/bpf/helpers.c:40 ...... CPU:
3 PID: 4985 Comm: test_progs Not tainted 6.6.0+ #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)
...... RIP: 0010:bpf_map_lookup_elem+0x54/0x60 ...... Call Trace: <TASK> ? __warn+0xa5/0x240 ?
bpf_map_lookup_elem+0x54/0x60 ? report_bug+0x1ba/0x1f0 ? handle_bug+0x40/0x80 ? exc_invalid_op+0x18/0x50 ?
asm_exc_invalid_op+0x1b/0x20 ? __pfx_bpf_map_lookup_elem+0x10/0x10 ?
rcu_lockdep_current_cpu_online+0x65/0xb0 ? rcu_is_watching+0x23/0x50 ? bpf_map_lookup_elem+0x54/0x60 ?
__pfx_bpf_map_lookup_elem+0x10/0x10 ___bpf_prog_run+0x513/0x3b70 __bpf_prog_run32+0x9d/0xd0 ?
__bpf_prog_enter_sleepable_recur+0xad/0x120 ? __bpf_prog_enter_sleepable_recur+0x3e/0x120
bpf_trampoline_6442580665+0x4d/0x1000 __x64_sys_getpgid+0x5/0x30 ? do_syscall_64+0x36/0xb0
entry_SYSCALL_64_after_hwframe+0x6e/0x76 </TASK> (CVE-2023-52621)
- In the Linux kernel, the following vulnerability has been resolved: ext4: avoid online resizing failures
due to oversized flex bg When we online resize an ext4 filesystem with a oversized flexbg_size, mkfs.ext4
-F -G 67108864 $dev -b 4096 100M mount $dev $dir resize2fs $dev 16G the following WARN_ON is triggered:
================================================================== WARNING: CPU: 0 PID: 427 at
mm/page_alloc.c:4402 __alloc_pages+0x411/0x550 Modules linked in: sg(E) CPU: 0 PID: 427 Comm: resize2fs
Tainted: G E 6.6.0-rc5+ #314 RIP: 0010:__alloc_pages+0x411/0x550 Call Trace: <TASK>
__kmalloc_large_node+0xa2/0x200 __kmalloc+0x16e/0x290 ext4_resize_fs+0x481/0xd80
__ext4_ioctl+0x1616/0x1d90 ext4_ioctl+0x12/0x20 __x64_sys_ioctl+0xf0/0x150 do_syscall_64+0x3b/0x90
================================================================== This is because flexbg_size is too
large and the size of the new_group_data array to be allocated exceeds MAX_ORDER. Currently, the minimum
value of MAX_ORDER is 8, the minimum value of PAGE_SIZE is 4096, the corresponding maximum number of
groups that can be allocated is: (PAGE_SIZE << MAX_ORDER) / sizeof(struct ext4_new_group_data) 21845 And
the value that is down-aligned to the power of 2 is 16384. Therefore, this value is defined as
MAX_RESIZE_BG, and the number of groups added each time does not exceed this value during resizing, and is
added multiple times to complete the online resizing. The difference is that the metadata in a flex_bg may
be more dispersed. (CVE-2023-52622)
- In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a suspicious RCU usage
warning I received the following warning while running cthon against an ontap server running pNFS: [
57.202521] ============================= [ 57.202522] WARNING: suspicious RCU usage [ 57.202523]
6.7.0-rc3-g2cc14f52aeb7 #41492 Not tainted [ 57.202525] ----------------------------- [ 57.202525]
net/sunrpc/xprtmultipath.c:349 RCU-list traversed in non-reader section!! [ 57.202527] other info that
might help us debug this: [ 57.202528] rcu_scheduler_active = 2, debug_locks = 1 [ 57.202529] no locks
held by test5/3567. [ 57.202530] stack backtrace: [ 57.202532] CPU: 0 PID: 3567 Comm: test5 Not tainted
6.7.0-rc3-g2cc14f52aeb7 #41492 5b09971b4965c0aceba19f3eea324a4a806e227e [ 57.202534] Hardware name: QEMU
Standard PC (Q35 + ICH9, 2009), BIOS unknown 2/2/2022 [ 57.202536] Call Trace: [ 57.202537] <TASK> [
57.202540] dump_stack_lvl+0x77/0xb0 [ 57.202551] lockdep_rcu_suspicious+0x154/0x1a0 [ 57.202556]
rpc_xprt_switch_has_addr+0x17c/0x190 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6] [ 57.202596]
rpc_clnt_setup_test_and_add_xprt+0x50/0x180 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6] [ 57.202621]
? rpc_clnt_add_xprt+0x254/0x300 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6] [ 57.202646]
rpc_clnt_add_xprt+0x27a/0x300 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6] [ 57.202671] ?
__pfx_rpc_clnt_setup_test_and_add_xprt+0x10/0x10 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6] [
57.202696] nfs4_pnfs_ds_connect+0x345/0x760 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9] [ 57.202728]
? __pfx_nfs4_test_session_trunk+0x10/0x10 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9] [ 57.202754]
nfs4_fl_prepare_ds+0x75/0xc0 [nfs_layout_nfsv41_files e3a4187f18ae8a27b630f9feae6831b584a9360a] [
57.202760] filelayout_write_pagelist+0x4a/0x200 [nfs_layout_nfsv41_files
e3a4187f18ae8a27b630f9feae6831b584a9360a] [ 57.202765] pnfs_generic_pg_writepages+0xbe/0x230 [nfsv4
c716d88496ded0ea6d289bbea684fa996f9b57a9] [ 57.202788] __nfs_pageio_add_request+0x3fd/0x520 [nfs
6c976fa593a7c2976f5a0aeb4965514a828e6902] [ 57.202813] nfs_pageio_add_request+0x18b/0x390 [nfs
6c976fa593a7c2976f5a0aeb4965514a828e6902] [ 57.202831] nfs_do_writepage+0x116/0x1e0 [nfs
6c976fa593a7c2976f5a0aeb4965514a828e6902] [ 57.202849] nfs_writepages_callback+0x13/0x30 [nfs
6c976fa593a7c2976f5a0aeb4965514a828e6902] [ 57.202866] write_cache_pages+0x265/0x450 [ 57.202870] ?
__pfx_nfs_writepages_callback+0x10/0x10 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902] [ 57.202891]
nfs_writepages+0x141/0x230 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902] [ 57.202913]
do_writepages+0xd2/0x230 [ 57.202917] ? filemap_fdatawrite_wbc+0x5c/0x80 [ 57.202921]
filemap_fdatawrite_wbc+0x67/0x80 [ 57.202924] filemap_write_and_wait_range+0xd9/0x170 [ 57.202930]
nfs_wb_all+0x49/0x180 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902] [ 57.202947]
nfs4_file_flush+0x72/0xb0 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9] [ 57.202969]
__se_sys_close+0x46/0xd0 [ 57.202972] do_syscall_64+0x68/0x100 [ 57.202975] ? do_syscall_64+0x77/0x100 [
57.202976] ? do_syscall_64+0x77/0x100 [ 57.202979] entry_SYSCALL_64_after_hwframe+0x6e/0x76 [ 57.202982]
RIP: 0033:0x7fe2b12e4a94 [ 57.202985] Code: 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00
90 f3 0f 1e fa 80 3d d5 18 0e 00 00 74 13 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 44 c3 0f 1f 00 48 83
ec 18 89 7c 24 0c e8 c3 [ 57.202987] RSP: 002b:00007ffe857ddb38 EFLAGS: 00000202 ORIG_RAX:
0000000000000003 [ 57.202989] RAX: ffffffffffffffda RBX: 00007ffe857dfd68 RCX: 00007fe2b12e4a94 [
57.202991] RDX: 0000000000002000 RSI: 00007ffe857ddc40 RDI: 0000000000000003 [ 57.202992] RBP:
00007ffe857dfc50 R08: 7fffffffffffffff R09: 0000000065650f49 [ 57.202993] R10: 00007f ---truncated---
(CVE-2023-52623)
- In the Linux kernel, the following vulnerability has been resolved: blk-iocost: Fix an UBSAN shift-out-of-
bounds warning When iocg_kick_delay() is called from a CPU different than the one which set the delay,
@now may be in the past of @iocg->delay_at leading to the following warning: UBSAN: shift-out-of-bounds in
block/blk-iocost.c:1359:23 shift exponent 18446744073709 is too large for 64-bit type 'u64' (aka 'unsigned
long long') ... Call Trace: <TASK> dump_stack_lvl+0x79/0xc0 __ubsan_handle_shift_out_of_bounds+0x2ab/0x300
iocg_kick_delay+0x222/0x230 ioc_rqos_merge+0x1d7/0x2c0 __rq_qos_merge+0x2c/0x80
bio_attempt_back_merge+0x83/0x190 blk_attempt_plug_merge+0x101/0x150 blk_mq_submit_bio+0x2b1/0x720
submit_bio_noacct_nocheck+0x320/0x3e0 __swap_writepage+0x2ab/0x9d0 The underflow itself doesn't really
affect the behavior in any meaningful way; however, the past timestamp may exaggerate the delay amount
calculated later in the code, which shouldn't be a material problem given the nature of the delay
mechanism. If @now is in the past, this CPU is racing another CPU which recently set up the delay and
there's nothing this CPU can contribute w.r.t. the delay. Let's bail early from iocg_kick_delay() in such
cases. (CVE-2023-52630)
- In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix an NULL dereference bug
The issue here is when this is called from ntfs_load_attr_list(). The size comes from
le32_to_cpu(attr->res.data_size) so it can't overflow on a 64bit systems but on 32bit systems the + 1023
can overflow and the result is zero. This means that the kmalloc will succeed by returning the
ZERO_SIZE_PTR and then the memcpy() will crash with an Oops on the next line. (CVE-2023-52631)
- In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix lock dependency
warning with srcu ====================================================== WARNING: possible circular
locking dependency detected 6.5.0-kfd-yangp #2289 Not tainted
------------------------------------------------------ kworker/0:2/996 is trying to acquire lock:
(srcu){.+.+}-{0:0}, at: __synchronize_srcu+0x5/0x1a0 but task is already holding lock:
((work_completion)(&svms->deferred_list_work)){+.+.}-{0:0}, at: process_one_work+0x211/0x560 which lock
already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3
((work_completion)(&svms->deferred_list_work)){+.+.}-{0:0}: __flush_work+0x88/0x4f0
svm_range_list_lock_and_flush_work+0x3d/0x110 [amdgpu] svm_range_set_attr+0xd6/0x14c0 [amdgpu]
kfd_ioctl+0x1d1/0x630 [amdgpu] __x64_sys_ioctl+0x88/0xc0 -> #2 (&info->lock#2){+.+.}-{3:3}:
__mutex_lock+0x99/0xc70 amdgpu_amdkfd_gpuvm_restore_process_bos+0x54/0x740 [amdgpu]
restore_process_helper+0x22/0x80 [amdgpu] restore_process_worker+0x2d/0xa0 [amdgpu]
process_one_work+0x29b/0x560 worker_thread+0x3d/0x3d0 -> #1
((work_completion)(&(&process->restore_work)->work)){+.+.}-{0:0}: __flush_work+0x88/0x4f0
__cancel_work_timer+0x12c/0x1c0 kfd_process_notifier_release_internal+0x37/0x1f0 [amdgpu]
__mmu_notifier_release+0xad/0x240 exit_mmap+0x6a/0x3a0 mmput+0x6a/0x120 do_exit+0x322/0xb90
do_group_exit+0x37/0xa0 __x64_sys_exit_group+0x18/0x20 do_syscall_64+0x38/0x80 -> #0 (srcu){.+.+}-{0:0}:
__lock_acquire+0x1521/0x2510 lock_sync+0x5f/0x90 __synchronize_srcu+0x4f/0x1a0
__mmu_notifier_release+0x128/0x240 exit_mmap+0x6a/0x3a0 mmput+0x6a/0x120
svm_range_deferred_list_work+0x19f/0x350 [amdgpu] process_one_work+0x29b/0x560 worker_thread+0x3d/0x3d0
other info that might help us debug this: Chain exists of: srcu --> &info->lock#2 -->
(work_completion)(&svms->deferred_list_work) Possible unsafe locking scenario: CPU0 CPU1 ---- ----
lock((work_completion)(&svms->deferred_list_work)); lock(&info->lock#2);
lock((work_completion)(&svms->deferred_list_work)); sync(srcu); (CVE-2023-52632)
- In the Linux kernel, the following vulnerability has been resolved: um: time-travel: fix time corruption
In 'basic' time-travel mode (without =inf-cpu or =ext), we still get timer interrupts. These can happen at
arbitrary points in time, i.e. while in timer_read(), which pushes time forward just a little bit. Then,
if we happen to get the interrupt after calculating the new time to push to, but before actually finishing
that, the interrupt will set the time to a value that's incompatible with the forward, and we'll crash
because time goes backwards when we do the forwarding. Fix this by reading the time_travel_time,
calculating the adjustment, and doing the adjustment all with interrupts disabled. (CVE-2023-52633)
- In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize
devfreq_monitor_[start/stop] There is a chance if a frequent switch of the governor done in a loop result
in timer list corruption where timer cancel being done from two place one from cancel_delayed_work_sync()
and followed by expire_timers() can be seen from the traces[1]. while true do echo simple_ondemand >
/sys/class/devfreq/1d84000.ufshc/governor echo performance > /sys/class/devfreq/1d84000.ufshc/governor
done It looks to be issue with devfreq driver where device_monitor_[start/stop] need to synchronized so
that delayed work should get corrupted while it is either being queued or running or being cancelled.
Let's use polling flag and devfreq lock to synchronize the queueing the timer instance twice and work data
being corrupted. [1] ... .. <idle>-0 [003] 9436.209662: timer_cancel timer=0xffffff80444f0428 <idle>-0
[003] 9436.209664: timer_expire_entry timer=0xffffff80444f0428 now=0x10022da1c
function=__typeid__ZTSFvP10timer_listE_global_addr baseclk=0x10022da1c <idle>-0 [003] 9436.209718:
timer_expire_exit timer=0xffffff80444f0428 kworker/u16:6-14217 [003] 9436.209863: timer_start
timer=0xffffff80444f0428 function=__typeid__ZTSFvP10timer_listE_global_addr expires=0x10022da2b
now=0x10022da1c flags=182452227 vendor.xxxyyy.ha-1593 [004] 9436.209888: timer_cancel
timer=0xffffff80444f0428 vendor.xxxyyy.ha-1593 [004] 9436.216390: timer_init timer=0xffffff80444f0428
vendor.xxxyyy.ha-1593 [004] 9436.216392: timer_start timer=0xffffff80444f0428
function=__typeid__ZTSFvP10timer_listE_global_addr expires=0x10022da2c now=0x10022da1d flags=186646532
vendor.xxxyyy.ha-1593 [005] 9436.220992: timer_cancel timer=0xffffff80444f0428 xxxyyyTraceManag-7795 [004]
9436.261641: timer_cancel timer=0xffffff80444f0428 [2] 9436.261653][ C4] Unable to handle kernel paging
request at virtual address dead00000000012a [ 9436.261664][ C4] Mem abort info: [ 9436.261666][ C4] ESR =
0x96000044 [ 9436.261669][ C4] EC = 0x25: DABT (current EL), IL = 32 bits [ 9436.261671][ C4] SET = 0, FnV
= 0 [ 9436.261673][ C4] EA = 0, S1PTW = 0 [ 9436.261675][ C4] Data abort info: [ 9436.261677][ C4] ISV =
0, ISS = 0x00000044 [ 9436.261680][ C4] CM = 0, WnR = 1 [ 9436.261682][ C4] [dead00000000012a] address
between user and kernel address ranges [ 9436.261685][ C4] Internal error: Oops: 96000044 [#1] PREEMPT SMP
[ 9436.261701][ C4] Skip md ftrace buffer dump for: 0x3a982d0 ... [ 9436.262138][ C4] CPU: 4 PID: 7795
Comm: TraceManag Tainted: G S W O 5.10.149-android12-9-o-g17f915d29d0c #1 [ 9436.262141][ C4] Hardware
name: Qualcomm Technologies, Inc. (DT) [ 9436.262144][ C4] pstate: 22400085 (nzCv daIf +PAN -UAO +TCO
BTYPE=--) [ 9436.262161][ C4] pc : expire_timers+0x9c/0x438 [ 9436.262164][ C4] lr :
expire_timers+0x2a4/0x438 [ 9436.262168][ C4] sp : ffffffc010023dd0 [ 9436.262171][ C4] x29:
ffffffc010023df0 x28: ffffffd0636fdc18 [ 9436.262178][ C4] x27: ffffffd063569dd0 x26: ffffffd063536008 [
9436.262182][ C4] x25: 0000000000000001 x24: ffffff88f7c69280 [ 9436.262185][ C4] x23: 00000000000000e0
x22: dead000000000122 [ 9436.262188][ C4] x21: 000000010022da29 x20: ffffff8af72b4e80 [ 9436.262191][ C4]
x19: ffffffc010023e50 x18: ffffffc010025038 [ 9436.262195][ C4] x17: 0000000000000240 x16:
0000000000000201 [ 9436.262199][ C4] x15: ffffffffffffffff x14: ffffff889f3c3100 [ 9436.262203][ C4] x13:
ffffff889f3c3100 x12: 00000000049f56b8 [ 9436.262207][ C4] x11: 00000000049f56b8 x10: 00000000ffffffff [
9436.262212][ C4] x9 : ffffffc010023e50 x8 : dead000000000122 [ 9436.262216][ C4] x7 : ffffffffffffffff x6
: ffffffc0100239d8 [ 9436.262220][ C4] x5 : 0000000000000000 x4 : 0000000000000101 [ 9436.262223][ C4] x3
: 0000000000000080 x2 : ffffff8 ---truncated--- (CVE-2023-52635)
- In the Linux kernel, the following vulnerability has been resolved: can: j1939: Fix UAF in
j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) Lock jsk->sk to prevent UAF when setsockopt(...,
SO_J1939_FILTER, ...) modifies jsk->filters while receiving packets. Following trace was seen on affected
system: ================================================================== BUG: KASAN: slab-use-after-free
in j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939] Read of size 4 at addr ffff888012144014 by task
j1939/350 CPU: 0 PID: 350 Comm: j1939 Tainted: G W OE 6.5.0-rc5 #1 Hardware name: QEMU Standard PC (i440FX
+ PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Call Trace: print_report+0xd3/0x620 ?
kasan_complete_mode_report_info+0x7d/0x200 ? j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939]
kasan_report+0xc2/0x100 ? j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939] __asan_load4+0x84/0xb0
j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939] j1939_sk_recv+0x20b/0x320 [can_j1939] ?
__kasan_check_write+0x18/0x20 ? __pfx_j1939_sk_recv+0x10/0x10 [can_j1939] ? j1939_simple_recv+0x69/0x280
[can_j1939] ? j1939_ac_recv+0x5e/0x310 [can_j1939] j1939_can_recv+0x43f/0x580 [can_j1939] ?
__pfx_j1939_can_recv+0x10/0x10 [can_j1939] ? raw_rcv+0x42/0x3c0 [can_raw] ? __pfx_j1939_can_recv+0x10/0x10
[can_j1939] can_rcv_filter+0x11f/0x350 [can] can_receive+0x12f/0x190 [can] ? __pfx_can_rcv+0x10/0x10 [can]
can_rcv+0xdd/0x130 [can] ? __pfx_can_rcv+0x10/0x10 [can] __netif_receive_skb_one_core+0x13d/0x150 ?
__pfx___netif_receive_skb_one_core+0x10/0x10 ? __kasan_check_write+0x18/0x20 ?
_raw_spin_lock_irq+0x8c/0xe0 __netif_receive_skb+0x23/0xb0 process_backlog+0x107/0x260
__napi_poll+0x69/0x310 net_rx_action+0x2a1/0x580 ? __pfx_net_rx_action+0x10/0x10 ?
__pfx__raw_spin_lock+0x10/0x10 ? handle_irq_event+0x7d/0xa0 __do_softirq+0xf3/0x3f8 do_softirq+0x53/0x80
</IRQ> <TASK> __local_bh_enable_ip+0x6e/0x70 netif_rx+0x16b/0x180 can_send+0x32b/0x520 [can] ?
__pfx_can_send+0x10/0x10 [can] ? __check_object_size+0x299/0x410 raw_sendmsg+0x572/0x6d0 [can_raw] ?
__pfx_raw_sendmsg+0x10/0x10 [can_raw] ? apparmor_socket_sendmsg+0x2f/0x40 ? __pfx_raw_sendmsg+0x10/0x10
[can_raw] sock_sendmsg+0xef/0x100 sock_write_iter+0x162/0x220 ? __pfx_sock_write_iter+0x10/0x10 ?
__rtnl_unlock+0x47/0x80 ? security_file_permission+0x54/0x320 vfs_write+0x6ba/0x750 ?
__pfx_vfs_write+0x10/0x10 ? __fget_light+0x1ca/0x1f0 ? __rcu_read_unlock+0x5b/0x280 ksys_write+0x143/0x170
? __pfx_ksys_write+0x10/0x10 ? __kasan_check_read+0x15/0x20 ? fpregs_assert_state_consistent+0x62/0x70
__x64_sys_write+0x47/0x60 do_syscall_64+0x60/0x90 ? do_syscall_64+0x6d/0x90 ? irqentry_exit+0x3f/0x50 ?
exc_page_fault+0x79/0xf0 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 Allocated by task 348:
kasan_save_stack+0x2a/0x50 kasan_set_track+0x29/0x40 kasan_save_alloc_info+0x1f/0x30
__kasan_kmalloc+0xb5/0xc0 __kmalloc_node_track_caller+0x67/0x160 j1939_sk_setsockopt+0x284/0x450
[can_j1939] __sys_setsockopt+0x15c/0x2f0 __x64_sys_setsockopt+0x6b/0x80 do_syscall_64+0x60/0x90
entry_SYSCALL_64_after_hwframe+0x6e/0xd8 Freed by task 349: kasan_save_stack+0x2a/0x50
kasan_set_track+0x29/0x40 kasan_save_free_info+0x2f/0x50 __kasan_slab_free+0x12e/0x1c0
__kmem_cache_free+0x1b9/0x380 kfree+0x7a/0x120 j1939_sk_setsockopt+0x3b2/0x450 [can_j1939]
__sys_setsockopt+0x15c/0x2f0 __x64_sys_setsockopt+0x6b/0x80 do_syscall_64+0x60/0x90
entry_SYSCALL_64_after_hwframe+0x6e/0xd8 (CVE-2023-52637)
- In the Linux kernel, the following vulnerability has been resolved: can: j1939: prevent deadlock by
changing j1939_socks_lock to rwlock The following 3 locks would race against each other, causing the
deadlock situation in the Syzbot bug report: - j1939_socks_lock - active_session_list_lock -
sk_session_queue_lock A reasonable fix is to change j1939_socks_lock to an rwlock, since in the rare
situations where a write lock is required for the linked list that j1939_socks_lock is protecting, the
code does not attempt to acquire any more locks. This would break the circular lock dependency, where, for
example, the current thread already locks j1939_socks_lock and attempts to acquire sk_session_queue_lock,
and at the same time, another thread attempts to acquire j1939_socks_lock while holding
sk_session_queue_lock. NOTE: This patch along does not fix the unregister_netdevice bug reported by
Syzbot; instead, it solves a deadlock situation to prepare for one or more further patches to actually fix
the Syzbot bug, which appears to be a reference counting problem within the j1939 codebase. [mkl: remove
unrelated newline change] (CVE-2023-52638)
- In the Linux kernel, the following vulnerability has been resolved: KVM: s390: vsie: fix race during
shadow creation Right now it is possible to see gmap->private being zero in kvm_s390_vsie_gmap_notifier
resulting in a crash. This is due to the fact that we add gmap->private == kvm after creation: static int
acquire_gmap_shadow(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page) { [...] gmap =
gmap_shadow(vcpu->arch.gmap, asce, edat); if (IS_ERR(gmap)) return PTR_ERR(gmap); gmap->private =
vcpu->kvm; Let children inherit the private field of the parent. (CVE-2023-52639)
- In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix oob in ntfs_listxattr
The length of name cannot exceed the space occupied by ea. (CVE-2023-52640)
- In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add NULL ptr dereference
checking at the end of attr_allocate_frame() It is preferable to exit through the out: label because
internal debugging functions are located there. (CVE-2023-52641)
- A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function
improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing
between the free on the struct and the access through the `skbtxq` global queue. This could lead to a
denial of service condition or potential code execution. (CVE-2023-6270)
- A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in
drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigger a
denial of service. (CVE-2023-7042)
- A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not
properly initialize memory in messages passed between virtual guests and the host operating system in the
vhost/vhost.c:vhost_new_msg() function. This issue can allow local privileged users to read some kernel
memory contents when reading from the /dev/vhost-net device file. (CVE-2024-0340)
- A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel
hugetlbfs (HugeTLB pages) functionality. This issue may allow a local user to crash the system or
potentially escalate their privileges on the system. (CVE-2024-0841)
- A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a
recursive operation of code push recursively calls into the code block. The OVS module does not validate
the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a
crash or other related issues. (CVE-2024-1151)
- NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth
modules) allows Overflow Buffers. This vulnerability is associated with program files
/net/bluetooth/rfcomm/core.C. This issue affects Linux kernel: v2.6.12-rc2. (CVE-2024-22099)
- In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion
failure and crash because a subvolume can be read out too soon after its root item is inserted upon
subvolume creation. (CVE-2024-23850)
- copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than
INT_MAX bytes, and crash, because of a missing param_kernel->data_size check. This is related to
ctl_ioctl. (CVE-2024-23851)
- A race condition was found in the Linux kernel's net/bluetooth device driver in
conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to
bluetooth connection abnormality or denial of service. (CVE-2024-24857)
- A race condition was found in the Linux kernel's net/bluetooth in {conn,adv}_{min,max}_interval_set()
function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial
of service. (CVE-2024-24858)
- In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip end
interval element from gc rbtree lazy gc on insert might collect an end interval element that has been just
added in this transactions, skip end interval elements that are not yet active. (CVE-2024-26581)
- In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with
partial reads and async decrypt tls_decrypt_sg doesn't take a reference on the pages from clear_skb, so
the put_page() in tls_decrypt_done releases them, and we trigger a use-after-free in process_rx_list when
we try to read from the partially-read skb. (CVE-2024-26582)
- In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and
socket close The submitting thread (one which called recvmsg/sendmsg) may exit as soon as the async crypto
handler calls complete() so any code past that point risks touching already freed data. Try to avoid the
locking and extra flags altogether. Have the main thread hold an extra reference, this way we can depend
solely on the atomic ref counter for synchronization. Don't futz with reiniting the completion, either, we
are now tightly controlling when completion fires. (CVE-2024-26583)
- In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto
requests Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our requests to the crypto API,
crypto_aead_{encrypt,decrypt} can return -EBUSY instead of -EINPROGRESS in valid situations. For example,
when the cryptd queue for AESNI is full (easy to trigger with an artificially low
cryptd.cryptd_max_cpu_qlen), requests will be enqueued to the backlog but still processed. In that case,
the async callback will also be called twice: first with err == -EINPROGRESS, which it seems we can just
ignore, then with err == 0. Compared to Sabrina's original patch this version uses the new
tls_*crypt_async_wait() helpers and converts the EBUSY to EINPROGRESS to avoid having to modify all the
error handling paths. The handling is identical. (CVE-2024-26584)
- In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work
scheduling and socket close Similarly to previous commit, the submitting thread (recvmsg/sendmsg) may exit
as soon as the async crypto handler calls complete(). Reorder scheduling the work before calling
complete(). This seems more logical in the first place, as it's the inverse order of what the submitting
thread will do. (CVE-2024-26585)
- In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix stack
corruption When tc filters are first added to a net device, the corresponding local port gets bound to an
ACL group in the device. The group contains a list of ACLs. In turn, each ACL points to a different TCAM
region where the filters are stored. During forwarding, the ACLs are sequentially evaluated until a match
is found. One reason to place filters in different regions is when they are added with decreasing
priorities and in an alternating order so that two consecutive filters can never fit in the same region
because of their key usage. In Spectrum-2 and newer ASICs the firmware started to report that the maximum
number of ACLs in a group is more than 16, but the layout of the register that configures ACL groups
(PAGT) was not updated to account for that. It is therefore possible to hit stack corruption [1] in the
rare case where more than 16 ACLs in a group are required. Fix by limiting the maximum ACL group size to
the minimum between what the firmware reports and the maximum ACLs that fit in the PAGT register. Add a
test case to make sure the machine does not crash when this condition is hit. [1] Kernel panic - not
syncing: stack-protector: Kernel stack is corrupted in: mlxsw_sp_acl_tcam_group_update+0x116/0x120 [...]
dump_stack_lvl+0x36/0x50 panic+0x305/0x330 __stack_chk_fail+0x15/0x20
mlxsw_sp_acl_tcam_group_update+0x116/0x120 mlxsw_sp_acl_tcam_group_region_attach+0x69/0x110
mlxsw_sp_acl_tcam_vchunk_get+0x492/0xa20 mlxsw_sp_acl_tcam_ventry_add+0x25/0xe0
mlxsw_sp_acl_rule_add+0x47/0x240 mlxsw_sp_flower_replace+0x1a9/0x1d0 tc_setup_cb_add+0xdc/0x1c0
fl_hw_replace_filter+0x146/0x1f0 fl_change+0xc17/0x1360 tc_new_tfilter+0x472/0xb90
rtnetlink_rcv_msg+0x313/0x3b0 netlink_rcv_skb+0x58/0x100 netlink_unicast+0x244/0x390
netlink_sendmsg+0x1e4/0x440 ____sys_sendmsg+0x164/0x260 ___sys_sendmsg+0x9a/0xe0 __sys_sendmsg+0x7a/0xc0
do_syscall_64+0x40/0xe0 entry_SYSCALL_64_after_hwframe+0x63/0x6b (CVE-2024-26586)
- In the Linux kernel, the following vulnerability has been resolved: erofs: fix inconsistent per-file
compression format EROFS can select compression algorithms on a per-file basis, and each per-file
compression algorithm needs to be marked in the on-disk superblock for initialization. However, syzkaller
can generate inconsistent crafted images that use an unsupported algorithmtype for specific inodes, e.g.
use MicroLZMA algorithmtype even it's not set in `sbi->available_compr_algs`. This can lead to an
unexpected BUG: kernel NULL pointer dereference if the corresponding decompressor isn't built-in. Fix
this by checking against `sbi->available_compr_algs` for each m_algorithmformat request. Incorrect
!erofs_sb_has_compr_cfgs preset bitmap is now fixed together since it was harmless previously.
(CVE-2024-26590)
- In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Fix block process call
transactions According to the Intel datasheets, software must reset the block buffer index twice for block
process call transactions: once before writing the outgoing data to the buffer, and once again before
reading the incoming data from the buffer. The driver is currently missing the second reset, causing the
wrong portion of the block buffer to be read. (CVE-2024-26593)
- In the Linux kernel, the following vulnerability has been resolved: phy: ti: phy-omap-usb2: Fix NULL
pointer dereference for SRP If the external phy working together with phy-omap-usb2 does not implement
send_srp(), we may still attempt to call it. This can happen on an idle Ethernet gadget triggering a
wakeup for example: configfs-gadget.g1 gadget.0: ECM Suspend configfs-gadget.g1 gadget.0: Port suspended.
Triggering wakeup ... Unable to handle kernel NULL pointer dereference at virtual address 00000000 when
execute ... PC is at 0x0 LR is at musb_gadget_wakeup+0x1d4/0x254 [musb_hdrc] ... musb_gadget_wakeup
[musb_hdrc] from usb_gadget_wakeup+0x1c/0x3c [udc_core] usb_gadget_wakeup [udc_core] from
eth_start_xmit+0x3b0/0x3d4 [u_ether] eth_start_xmit [u_ether] from dev_hard_start_xmit+0x94/0x24c
dev_hard_start_xmit from sch_direct_xmit+0x104/0x2e4 sch_direct_xmit from __dev_queue_xmit+0x334/0xd88
__dev_queue_xmit from arp_solicit+0xf0/0x268 arp_solicit from neigh_probe+0x54/0x7c neigh_probe from
__neigh_event_send+0x22c/0x47c __neigh_event_send from neigh_resolve_output+0x14c/0x1c0
neigh_resolve_output from ip_finish_output2+0x1c8/0x628 ip_finish_output2 from ip_send_skb+0x40/0xd8
ip_send_skb from udp_send_skb+0x124/0x340 udp_send_skb from udp_sendmsg+0x780/0x984 udp_sendmsg from
__sys_sendto+0xd8/0x158 __sys_sendto from ret_fast_syscall+0x0/0x58 Let's fix the issue by checking for
send_srp() and set_vbus() before calling them. For USB peripheral only cases these both could be NULL.
(CVE-2024-26600)
- In the Linux kernel, the following vulnerability has been resolved: ext4: regenerate buddy after block
freeing failed if under fc replay This mostly reverts commit 6bd97bf273bd (ext4: remove redundant
mb_regenerate_buddy()) and reintroduces mb_regenerate_buddy(). Based on code in mb_free_blocks(), fast
commit replay can end up marking as free blocks that are already marked as such. This causes corruption of
the buddy bitmap so we need to regenerate it in that case. (CVE-2024-26601)
- In the Linux kernel, the following vulnerability has been resolved: sched/membarrier: reduce the ability
to hammer on sys_membarrier On some systems, sys_membarrier can be very expensive, causing overall
slowdowns for everything. So put a lock on the path in order to serialize the accesses to prevent the
ability for this to be called at too high of a frequency and saturate the machine. (CVE-2024-26602)
- In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Stop relying on userspace for
info to fault in xsave buffer Before this change, the expected size of the user space buffer was taken
from fx_sw->xstate_size. fx_sw->xstate_size can be changed from user-space, so it is possible construct a
sigreturn frame where: * fx_sw->xstate_size is smaller than the size required by valid bits in
fx_sw->xfeatures. * user-space unmaps parts of the sigrame fpu buffer so that not all of the buffer
required by xrstor is accessible. In this case, xrstor tries to restore and accesses the unmapped area
which results in a fault. But fault_in_readable succeeds because buf + fx_sw->xstate_size is within the
still mapped area, so it goes back and tries xrstor again. It will spin in this loop forever. Instead,
fault in the maximum size which can be touched by XRSTOR (taken from fpstate->user_size). [ dhansen: tweak
subject / changelog ] (CVE-2024-26603)
- In the Linux kernel, the following vulnerability has been resolved: binder: signal epoll threads of self-
work In (e)poll mode, threads often depend on I/O events to determine when data is ready for consumption.
Within binder, a thread may initiate a command via BINDER_WRITE_READ without a read buffer and then make
use of epoll_wait() or similar to consume any responses afterwards. It is then crucial that epoll threads
are signaled via wakeup when they queue their own work. Otherwise, they risk waiting indefinitely for an
event leaving their work unhandled. What is worse, subsequent commands won't trigger a wakeup either as
the thread has pending work. (CVE-2024-26606)
- In the Linux kernel, the following vulnerability has been resolved: mm: huge_memory: don't force huge page
alignment on 32 bit commit efa7df3e3bb5 (mm: align larger anonymous mappings on THP boundaries) caused
two issues [1] [2] reported on 32 bit system or compat userspace. It doesn't make too much sense to force
huge page alignment on 32 bit system due to the constrained virtual address space. [1]
https://lore.kernel.org/linux-mm/[email protected]/ [2]
https://lore.kernel.org/linux-mm/CAJuCfpHXLdQy1a2B6xN2d7quTYwg2OoZseYPZTRpU0eHHKD-sQ@mail.gmail.com/
(CVE-2024-26621)
- In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in
tomoyo_write_control() Since tomoyo_write_control() updates head->write_buf when write() of long lines is
requested, we need to fetch head->write_buf after head->io_sem is held. Otherwise, concurrent write()
requests can cause use-after-free-write and double-free problems. (CVE-2024-26622)
- In the Linux kernel, the following vulnerability has been resolved: llc: call sock_orphan() at release
time syzbot reported an interesting trace [1] caused by a stale sk->sk_wq pointer in a closed llc socket.
In commit ff7b11aa481f (net: socket: set sock->sk to NULL after calling proto_ops::release()) Eric
Biggers hinted that some protocols are missing a sock_orphan(), we need to perform a full audit. In net-
next, I plan to clear sock->sk from sock_orphan() and amend Eric patch to add a warning. [1] BUG: KASAN:
slab-use-after-free in list_empty include/linux/list.h:373 [inline] BUG: KASAN: slab-use-after-free in
waitqueue_active include/linux/wait.h:127 [inline] BUG: KASAN: slab-use-after-free in
sock_def_write_space_wfree net/core/sock.c:3384 [inline] BUG: KASAN: slab-use-after-free in
sock_wfree+0x9a8/0x9d0 net/core/sock.c:2468 Read of size 8 at addr ffff88802f4fc880 by task ksoftirqd/1/27
CPU: 1 PID: 27 Comm: ksoftirqd/1 Not tainted 6.8.0-rc1-syzkaller-00049-g6098d87eaf31 #0 Hardware name:
QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 Call Trace: <TASK>
__dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:377 [inline] print_report+0xc4/0x620 mm/kasan/report.c:488
kasan_report+0xda/0x110 mm/kasan/report.c:601 list_empty include/linux/list.h:373 [inline]
waitqueue_active include/linux/wait.h:127 [inline] sock_def_write_space_wfree net/core/sock.c:3384
[inline] sock_wfree+0x9a8/0x9d0 net/core/sock.c:2468 skb_release_head_state+0xa3/0x2b0
net/core/skbuff.c:1080 skb_release_all net/core/skbuff.c:1092 [inline] napi_consume_skb+0x119/0x2b0
net/core/skbuff.c:1404 e1000_unmap_and_free_tx_resource+0x144/0x200
drivers/net/ethernet/intel/e1000/e1000_main.c:1970 e1000_clean_tx_irq
drivers/net/ethernet/intel/e1000/e1000_main.c:3860 [inline] e1000_clean+0x4a1/0x26e0
drivers/net/ethernet/intel/e1000/e1000_main.c:3801 __napi_poll.constprop.0+0xb4/0x540 net/core/dev.c:6576
napi_poll net/core/dev.c:6645 [inline] net_rx_action+0x956/0xe90 net/core/dev.c:6778
__do_softirq+0x21a/0x8de kernel/softirq.c:553 run_ksoftirqd kernel/softirq.c:921 [inline]
run_ksoftirqd+0x31/0x60 kernel/softirq.c:913 smpboot_thread_fn+0x660/0xa10 kernel/smpboot.c:164
kthread+0x2c6/0x3a0 kernel/kthread.c:388 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242 </TASK> Allocated by task 5167:
kasan_save_stack+0x33/0x50 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
unpoison_slab_object mm/kasan/common.c:314 [inline] __kasan_slab_alloc+0x81/0x90 mm/kasan/common.c:340
kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook mm/slub.c:3813 [inline]
slab_alloc_node mm/slub.c:3860 [inline] kmem_cache_alloc_lru+0x142/0x6f0 mm/slub.c:3879 alloc_inode_sb
include/linux/fs.h:3019 [inline] sock_alloc_inode+0x25/0x1c0 net/socket.c:308 alloc_inode+0x5d/0x220
fs/inode.c:260 new_inode_pseudo+0x16/0x80 fs/inode.c:1005 sock_alloc+0x40/0x270 net/socket.c:634
__sock_create+0xbc/0x800 net/socket.c:1535 sock_create net/socket.c:1622 [inline] __sys_socket_create
net/socket.c:1659 [inline] __sys_socket+0x14c/0x260 net/socket.c:1706 __do_sys_socket net/socket.c:1720
[inline] __se_sys_socket net/socket.c:1718 [inline] __x64_sys_socket+0x72/0xb0 net/socket.c:1718
do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd3/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b Freed by task 0: kasan_save_stack+0x33/0x50 mm/kasan/common.c:47
kasan_save_track+0x14/0x30 mm/kasan/common.c:68 kasan_save_free_info+0x3f/0x60 mm/kasan/generic.c:640
poison_slab_object mm/kasan/common.c:241 [inline] __kasan_slab_free+0x121/0x1b0 mm/kasan/common.c:257
kasan_slab_free include/linux/kasan.h:184 [inline] slab_free_hook mm/slub.c:2121 [inlin ---truncated---
(CVE-2024-26625)
- In the Linux kernel, the following vulnerability has been resolved: ipmr: fix kernel panic when forwarding
mcast packets The stacktrace was: [ 86.305548] BUG: kernel NULL pointer dereference, address:
0000000000000092 [ 86.306815] #PF: supervisor read access in kernel mode [ 86.307717] #PF:
error_code(0x0000) - not-present page [ 86.308624] PGD 0 P4D 0 [ 86.309091] Oops: 0000 [#1] PREEMPT SMP
NOPTI [ 86.309883] CPU: 2 PID: 3139 Comm: pimd Tainted: G U 6.8.0-6wind-knet #1 [ 86.311027] Hardware
name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.1-0-g0551a4be2c-prebuilt.qemu-project.org
04/01/2014 [ 86.312728] RIP: 0010:ip_mr_forward (/build/work/knet/net/ipv4/ipmr.c:1985) [ 86.313399] Code:
f9 1f 0f 87 85 03 00 00 48 8d 04 5b 48 8d 04 83 49 8d 44 c5 00 48 8b 40 70 48 39 c2 0f 84 d9 00 00 00 49
8b 46 58 48 83 e0 fe <80> b8 92 00 00 00 00 0f 84 55 ff ff ff 49 83 47 38 01 45 85 e4 0f [ 86.316565] RSP:
0018:ffffad21c0583ae0 EFLAGS: 00010246 [ 86.317497] RAX: 0000000000000000 RBX: 0000000000000000 RCX:
0000000000000000 [ 86.318596] RDX: ffff9559cb46c000 RSI: 0000000000000000 RDI: 0000000000000000 [
86.319627] RBP: ffffad21c0583b30 R08: 0000000000000000 R09: 0000000000000000 [ 86.320650] R10:
0000000000000000 R11: 0000000000000000 R12: 0000000000000001 [ 86.321672] R13: ffff9559c093a000 R14:
ffff9559cc00b800 R15: ffff9559c09c1d80 [ 86.322873] FS: 00007f85db661980(0000) GS:ffff955a79d00000(0000)
knlGS:0000000000000000 [ 86.324291] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 86.325314] CR2:
0000000000000092 CR3: 000000002f13a000 CR4: 0000000000350ef0 [ 86.326589] Call Trace: [ 86.327036] <TASK>
[ 86.327434] ? show_regs (/build/work/knet/arch/x86/kernel/dumpstack.c:479) [ 86.328049] ? __die
(/build/work/knet/arch/x86/kernel/dumpstack.c:421 /build/work/knet/arch/x86/kernel/dumpstack.c:434) [
86.328508] ? page_fault_oops (/build/work/knet/arch/x86/mm/fault.c:707) [ 86.329107] ? do_user_addr_fault
(/build/work/knet/arch/x86/mm/fault.c:1264) [ 86.329756] ? srso_return_thunk
(/build/work/knet/arch/x86/lib/retpoline.S:223) [ 86.330350] ? __irq_work_queue_local
(/build/work/knet/kernel/irq_work.c:111 (discriminator 1)) [ 86.331013] ? exc_page_fault
(/build/work/knet/./arch/x86/include/asm/paravirt.h:693 /build/work/knet/arch/x86/mm/fault.c:1515
/build/work/knet/arch/x86/mm/fault.c:1563) [ 86.331702] ? asm_exc_page_fault
(/build/work/knet/./arch/x86/include/asm/idtentry.h:570) [ 86.332468] ? ip_mr_forward
(/build/work/knet/net/ipv4/ipmr.c:1985) [ 86.333183] ? srso_return_thunk
(/build/work/knet/arch/x86/lib/retpoline.S:223) [ 86.333920] ipmr_mfc_add
(/build/work/knet/./include/linux/rcupdate.h:782 /build/work/knet/net/ipv4/ipmr.c:1009
/build/work/knet/net/ipv4/ipmr.c:1273) [ 86.334583] ? __pfx_ipmr_hash_cmp
(/build/work/knet/net/ipv4/ipmr.c:363) [ 86.335357] ip_mroute_setsockopt
(/build/work/knet/net/ipv4/ipmr.c:1470) [ 86.336135] ? srso_return_thunk
(/build/work/knet/arch/x86/lib/retpoline.S:223) [ 86.336854] ? ip_mroute_setsockopt
(/build/work/knet/net/ipv4/ipmr.c:1470) [ 86.337679] do_ip_setsockopt
(/build/work/knet/net/ipv4/ip_sockglue.c:944) [ 86.338408] ? __pfx_unix_stream_read_actor
(/build/work/knet/net/unix/af_unix.c:2862) [ 86.339232] ? srso_return_thunk
(/build/work/knet/arch/x86/lib/retpoline.S:223) [ 86.339809] ? aa_sk_perm
(/build/work/knet/security/apparmor/include/cred.h:153 /build/work/knet/security/apparmor/net.c:181) [
86.340342] ip_setsockopt (/build/work/knet/net/ipv4/ip_sockglue.c:1415) [ 86.340859] raw_setsockopt
(/build/work/knet/net/ipv4/raw.c:836) [ 86.341408] ? security_socket_setsockopt
(/build/work/knet/security/security.c:4561 (discriminator 13)) [ 86.342116] sock_common_setsockopt
(/build/work/knet/net/core/sock.c:3716) [ 86.342747] do_sock_setsockopt
(/build/work/knet/net/socket.c:2313) [ 86.343363] __sys_setsockopt
(/build/work/knet/./include/linux/file.h:32 /build/work/kn ---truncated--- (CVE-2024-26626)
- In the Linux kernel, the following vulnerability has been resolved: scsi: core: Move scsi_host_busy() out
of host lock for waking up EH handler Inside scsi_eh_wakeup(), scsi_host_busy() is called & checked with
host lock every time for deciding if error handler kthread needs to be waken up. This can be too heavy in
case of recovery, such as: - N hardware queues - queue depth is M for each hardware queue - each
scsi_host_busy() iterates over (N * M) tag/requests If recovery is triggered in case that all requests are
in-flight, each scsi_eh_wakeup() is strictly serialized, when scsi_eh_wakeup() is called for the last in-
flight request, scsi_host_busy() has been run for (N * M - 1) times, and request has been iterated for
(N*M - 1) * (N * M) times. If both N and M are big enough, hard lockup can be triggered on acquiring host
lock, and it is observed on mpi3mr(128 hw queues, queue depth 8169). Fix the issue by calling
scsi_host_busy() outside the host lock. We don't need the host lock for getting busy count because host
the lock never covers that. [mkp: Drop unnecessary 'busy' variables pointed out by Bart] (CVE-2024-26627)
- In the Linux kernel, the following vulnerability has been resolved: nfsd: fix RELEASE_LOCKOWNER The test
on so_count in nfsd4_release_lockowner() is nonsense and harmful. Revert to using check_for_locks(),
changing that to not sleep. First: harmful. As is documented in the kdoc comment for
nfsd4_release_lockowner(), the test on so_count can transiently return a false positive resulting in a
return of NFS4ERR_LOCKS_HELD when in fact no locks are held. This is clearly a protocol violation and with
the Linux NFS client it can cause incorrect behaviour. If RELEASE_LOCKOWNER is sent while some other
thread is still processing a LOCK request which failed because, at the time that request was received, the
given owner held a conflicting lock, then the nfsd thread processing that LOCK request can hold a
reference (conflock) to the lock owner that causes nfsd4_release_lockowner() to return an incorrect error.
The Linux NFS client ignores that NFS4ERR_LOCKS_HELD error because it never sends NFS4_RELEASE_LOCKOWNER
without first releasing any locks, so it knows that the error is impossible. It assumes the lock owner was
in fact released so it feels free to use the same lock owner identifier in some later locking request.
When it does reuse a lock owner identifier for which a previous RELEASE failed, it will naturally use a
lock_seqid of zero. However the server, which didn't release the lock owner, will expect a larger
lock_seqid and so will respond with NFS4ERR_BAD_SEQID. So clearly it is harmful to allow a false positive,
which testing so_count allows. The test is nonsense because ... well... it doesn't mean anything. so_count
is the sum of three different counts. 1/ the set of states listed on so_stateids 2/ the set of active vfs
locks owned by any of those states 3/ various transient counts such as for conflicting locks. When it is
tested against '2' it is clear that one of these is the transient reference obtained by
find_lockowner_str_locked(). It is not clear what the other one is expected to be. In practice, the count
is often 2 because there is precisely one state on so_stateids. If there were more, this would fail. In my
testing I see two circumstances when RELEASE_LOCKOWNER is called. In one case, CLOSE is called before
RELEASE_LOCKOWNER. That results in all the lock states being removed, and so the lockowner being discarded
(it is removed when there are no more references which usually happens when the lock state is discarded).
When nfsd4_release_lockowner() finds that the lock owner doesn't exist, it returns success. The other case
shows an so_count of '2' and precisely one state listed in so_stateid. It appears that the Linux client
uses a separate lock owner for each file resulting in one lock state per lock owner, so this test on '2'
is safe. For another client it might not be safe. So this patch changes check_for_locks() to use the
(newish) find_any_file_locked() so that it doesn't take a reference on the nfs4_file and so never calls
nfsd_file_put(), and so never sleeps. With this check is it safe to restore the use of check_for_locks()
rather than testing so_count against the mysterious '2'. (CVE-2024-26629)
- In the Linux kernel, the following vulnerability has been resolved: mm, kmsan: fix infinite recursion due
to RCU critical section Alexander Potapenko writes in [1]: For every memory access in the code
instrumented by KMSAN we call kmsan_get_metadata() to obtain the metadata for the memory being accessed.
For virtual memory the metadata pointers are stored in the corresponding `struct page`, therefore we need
to call virt_to_page() to get them. According to the comment in arch/x86/include/asm/page.h,
virt_to_page(kaddr) returns a valid pointer iff virt_addr_valid(kaddr) is true, so KMSAN needs to call
virt_addr_valid() as well. To avoid recursion, kmsan_get_metadata() must not call instrumented code,
therefore ./arch/x86/include/asm/kmsan.h forks parts of arch/x86/mm/physaddr.c to check whether a virtual
address is valid or not. But the introduction of rcu_read_lock() to pfn_valid() added instrumented RCU API
calls to virt_to_page_or_null(), which is called by kmsan_get_metadata(), so there is an infinite
recursion now. I do not think it is correct to stop that recursion by doing
kmsan_enter_runtime()/kmsan_exit_runtime() in kmsan_get_metadata(): that would prevent instrumented
functions called from within the runtime from tracking the shadow values, which might introduce false
positives. Fix the issue by switching pfn_valid() to the _sched() variant of rcu_read_lock/unlock(),
which does not require calling into RCU. Given the critical section in pfn_valid() is very small, this is
a reasonable trade-off (with preemptible RCU). KMSAN further needs to be careful to suppress calls into
the scheduler, which would be another source of recursion. This can be done by wrapping the call to
pfn_valid() into preempt_disable/enable_no_resched(). The downside is that this sacrifices breaking
scheduling guarantees; however, a kernel compiled with KMSAN has already given up any performance
guarantees due to being heavily instrumented. Note, KMSAN code already disables tracing via Makefile, and
since mmzone.h is included, it is not necessary to use the notrace variant, which is generally preferred
in all other cases. (CVE-2024-26639)
- In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity checks to rx zerocopy
TCP rx zerocopy intent is to map pages initially allocated from NIC drivers, not pages owned by a fs. This
patch adds to can_map_frag() these additional checks: - Page must not be a compound one. - page->mapping
must be NULL. This fixes the panic reported by ZhangPeng. syzbot was able to loopback packets built with
sendfile(), mapping pages owned by an ext4 file to TCP rx zerocopy. r3 = socket$inet_tcp(0x2, 0x1, 0x0)
mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e24, @multicast1}, 0x10) connect$inet(r4, &(0x7f00000006c0)={0x2,
0x4e24, @empty}, 0x10) r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x181e42, 0x0)
fallocate(r5, 0x0, 0x0, 0x85b8) sendfile(r4, r5, 0x0, 0x8ba0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r4,
0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
&(0x7f0000000440)=0x40) r6 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x181e42,
0x0) (CVE-2024-26640)
- In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: make sure to pull inner
header in __ip6_tnl_rcv() syzbot found __ip6_tnl_rcv() could access unitiliazed data [1]. Call
pskb_inet_may_pull() to fix this, and initialize ipv6h variable after this call as it can change
skb->head. [1] BUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] BUG:
KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] BUG: KMSAN: uninit-value
in IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321 __INET_ECN_decapsulate
include/net/inet_ecn.h:253 [inline] INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline]
IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321 ip6ip6_dscp_ecn_decapsulate+0x178/0x1b0
net/ipv6/ip6_tunnel.c:727 __ip6_tnl_rcv+0xd4e/0x1590 net/ipv6/ip6_tunnel.c:845 ip6_tnl_rcv+0xce/0x100
net/ipv6/ip6_tunnel.c:888 gre_rcv+0x143f/0x1870 ip6_protocol_deliver_rcu+0xda6/0x2a60
net/ipv6/ip6_input.c:438 ip6_input_finish net/ipv6/ip6_input.c:483 [inline] NF_HOOK
include/linux/netfilter.h:314 [inline] ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492
ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586 dst_input include/net/dst.h:461 [inline]
ip6_rcv_finish+0x5db/0x870 net/ipv6/ip6_input.c:79 NF_HOOK include/linux/netfilter.h:314 [inline]
ipv6_rcv+0xda/0x390 net/ipv6/ip6_input.c:310 __netif_receive_skb_one_core net/core/dev.c:5532 [inline]
__netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5646 netif_receive_skb_internal net/core/dev.c:5732
[inline] netif_receive_skb+0x58/0x660 net/core/dev.c:5791 tun_rx_batched+0x3ee/0x980
drivers/net/tun.c:1555 tun_get_user+0x53af/0x66d0 drivers/net/tun.c:2002 tun_chr_write_iter+0x3af/0x5d0
drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2084 [inline] new_sync_write fs/read_write.c:497
[inline] vfs_write+0x786/0x1200 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643
__do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline]
__x64_sys_write+0x93/0xd0 fs/read_write.c:652 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was
created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768 slab_alloc_node mm/slub.c:3478 [inline]
kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560
__alloc_skb+0x318/0x740 net/core/skbuff.c:651 alloc_skb include/linux/skbuff.h:1286 [inline]
alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334 sock_alloc_send_pskb+0xa80/0xbf0
net/core/sock.c:2787 tun_alloc_skb drivers/net/tun.c:1531 [inline] tun_get_user+0x1e8a/0x66d0
drivers/net/tun.c:1846 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter
include/linux/fs.h:2084 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0x786/0x1200
fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline]
__se_sys_write fs/read_write.c:652 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:652 do_syscall_x64
arch/x86/entry/common.c:52 [inline] do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b CPU: 0 PID: 5034 Comm: syz-executor331 Not tainted
6.7.0-syzkaller-00562-g9f8413c4a66f #0 Hardware name: Google Google Compute Engine/Google Compute Engine,
BIOS Google 11/17/2023 (CVE-2024-26641)
- In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow
anonymous set with timeout flag Anonymous sets are never used with timeout from userspace, reject this.
Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work. (CVE-2024-26642)
- In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: mark set as dead
when unbinding anonymous set with timeout While the rhashtable set gc runs asynchronously, a race allows
it to collect elements from anonymous sets with timeouts while it is being released from the commit path.
Mingi Cho originally reported this issue in a different path in 6.1.x with a pipapo set with low timeouts
which is not possible upstream since 7395dfacfff6 (netfilter: nf_tables: use timestamp to check for set
element timeout). Fix this by setting on the dead flag for anonymous sets to skip async gc in this case.
According to 08e4c8c5919f (netfilter: nf_tables: mark newset as dead on transaction abort), Florian
plans to accelerate abort path by releasing objects via workqueue, therefore, this sets on the dead flag
for abort path too. (CVE-2024-26643)
- In the Linux kernel, the following vulnerability has been resolved: sr9800: Add check for
usbnet_get_endpoints Add check for usbnet_get_endpoints() and return the error if it fails in order to
transfer the error. (CVE-2024-26651)
- In the Linux kernel, the following vulnerability has been resolved: ALSA: sh: aica: reorder cleanup
operations to avoid UAF bugs The dreamcastcard->timer could schedule the spu_dma_work and the spu_dma_work
could also arm the dreamcastcard->timer. When the snd_pcm_substream is closing, the aica_channel will be
deallocated. But it could still be dereferenced in the worker thread. The reason is that del_timer() will
return directly regardless of whether the timer handler is running or not and the worker could be
rescheduled in the timer handler. As a result, the UAF bug will happen. The racy situation is shown below:
(Thread 1) | (Thread 2) snd_aicapcm_pcm_close() | ... | run_spu_dma() //worker | mod_timer() flush_work()
| del_timer() | aica_period_elapsed() //timer kfree(dreamcastcard->channel) | schedule_work() |
run_spu_dma() //worker ... | dreamcastcard->channel-> //USE In order to mitigate this bug and other
possible corner cases, call mod_timer() conditionally in run_spu_dma(), then implement PCM sync_stop op to
cancel both the timer and worker. The sync_stop op will be called from PCM core appropriately when needed.
(CVE-2024-26654)
- In the Linux kernel, the following vulnerability has been resolved: xhci: handle isoc Babble and Buffer
Overrun events properly xHCI 4.9 explicitly forbids assuming that the xHC has released its ownership of a
multi-TRB TD when it reports an error on one of the early TRBs. Yet the driver makes such assumption and
releases the TD, allowing the remaining TRBs to be freed or overwritten by new TDs. The xHC should also
report completion of the final TRB due to its IOC flag being set by us, regardless of prior errors. This
event cannot be recognized if the TD has already been freed earlier, resulting in Transfer event TRB DMA
ptr not part of current TD error message. Fix this by reusing the logic for processing isoc Transaction
Errors. This also handles hosts which fail to report the final completion. Fix transfer length reporting
on Babble errors. They may be caused by device malfunction, no guarantee that the buffer has been filled.
(CVE-2024-26659)
- In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Implement bounds
check for stream encoder creation in DCN301 'stream_enc_regs' array is an array of
dcn10_stream_enc_registers structures. The array is initialized with four elements, corresponding to the
four calls to stream_enc_regs() in the array initializer. This means that valid indices for this array are
0, 1, 2, and 3. The error message 'stream_enc_regs' 4 <= 5 below, is indicating that there is an attempt
to access this array with an index of 5, which is out of bounds. This could lead to undefined behavior
Here, eng_id is used as an index to access the stream_enc_regs array. If eng_id is 5, this would result in
an out-of-bounds access on the stream_enc_regs array. Thus fixing Buffer overflow error in
dcn301_stream_encoder_create reported by Smatch:
drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn301/dcn301_resource.c:1011
dcn301_stream_encoder_create() error: buffer overflow 'stream_enc_regs' 4 <= 5 (CVE-2024-26660)
- In the Linux kernel, the following vulnerability has been resolved: tipc: Check the bearer type before
calling tipc_udp_nl_bearer_add() syzbot reported the following general protection fault [1]: general
protection fault, probably for non-canonical address 0xdffffc0000000010: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000080-0x0000000000000087] ... RIP:
0010:tipc_udp_is_known_peer+0x9c/0x250 net/tipc/udp_media.c:291 ... Call Trace: <TASK>
tipc_udp_nl_bearer_add+0x212/0x2f0 net/tipc/udp_media.c:646 tipc_nl_bearer_add+0x21e/0x360
net/tipc/bearer.c:1089 genl_family_rcv_msg_doit+0x1fc/0x2e0 net/netlink/genetlink.c:972
genl_family_rcv_msg net/netlink/genetlink.c:1052 [inline] genl_rcv_msg+0x561/0x800
net/netlink/genetlink.c:1067 netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2544 genl_rcv+0x28/0x40
net/netlink/genetlink.c:1076 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]
netlink_unicast+0x53b/0x810 net/netlink/af_netlink.c:1367 netlink_sendmsg+0x8b7/0xd70
net/netlink/af_netlink.c:1909 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0xd5/0x180
net/socket.c:745 ____sys_sendmsg+0x6ac/0x940 net/socket.c:2584 ___sys_sendmsg+0x135/0x1d0
net/socket.c:2638 __sys_sendmsg+0x117/0x1e0 net/socket.c:2667 do_syscall_x64 arch/x86/entry/common.c:52
[inline] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b The
cause of this issue is that when tipc_nl_bearer_add() is called with the TIPC_NLA_BEARER_UDP_OPTS
attribute, tipc_udp_nl_bearer_add() is called even if the bearer is not UDP. tipc_udp_is_known_peer()
called by tipc_udp_nl_bearer_add() assumes that the media_ptr field of the tipc_bearer has an udp_bearer
type object, so the function goes crazy for non-UDP bearers. This patch fixes the issue by checking the
bearer type before calling tipc_udp_nl_bearer_add() in tipc_nl_bearer_add(). (CVE-2024-26663)
- In the Linux kernel, the following vulnerability has been resolved: hwmon: (coretemp) Fix out-of-bounds
memory access Fix a bug that pdata->cpu_map[] is set before out-of-bounds check. The problem might be
triggered on systems with more than 128 cores per package. (CVE-2024-26664)
- In the Linux kernel, the following vulnerability has been resolved: tunnels: fix out of bounds access when
building IPv6 PMTU error If the ICMPv6 error is built from a non-linear skb we get the following splat,
BUG: KASAN: slab-out-of-bounds in do_csum+0x220/0x240 Read of size 4 at addr ffff88811d402c80 by task
netperf/820 CPU: 0 PID: 820 Comm: netperf Not tainted 6.8.0-rc1+ #543 ... kasan_report+0xd8/0x110
do_csum+0x220/0x240 csum_partial+0xc/0x20 skb_tunnel_check_pmtu+0xeb9/0x3280 vxlan_xmit_one+0x14c2/0x4080
vxlan_xmit+0xf61/0x5c00 dev_hard_start_xmit+0xfb/0x510 __dev_queue_xmit+0x7cd/0x32a0
br_dev_queue_push_xmit+0x39d/0x6a0 Use skb_checksum instead of csum_partial who cannot deal with non-
linear SKBs. (CVE-2024-26665)
- In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: check for valid hw_pp in
dpu_encoder_helper_phys_cleanup The commit 8b45a26f2ba9 (drm/msm/dpu: reserve cdm blocks for writeback in
case of YUV output) introduced a smatch warning about another conditional block in
dpu_encoder_helper_phys_cleanup() which had assumed hw_pp will always be valid which may not necessarily
be true. Lets fix the other conditional block by making sure hw_pp is valid before dereferencing it.
Patchwork: https://patchwork.freedesktop.org/patch/574878/ (CVE-2024-26667)
- In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix IO hang from sbitmap
wakeup race In blk_mq_mark_tag_wait(), __add_wait_queue() may be re-ordered with the following
blk_mq_get_driver_tag() in case of getting driver tag failure. Then in __sbitmap_queue_wake_up(),
waitqueue_active() may not observe the added waiter in blk_mq_mark_tag_wait() and wake up nothing,
meantime blk_mq_mark_tag_wait() can't get driver tag successfully. This issue can be reproduced by running
the following test in loop, and fio hang can be observed in < 30min when running it on my test VM in
laptop. modprobe -r scsi_debug modprobe scsi_debug delay=0 dev_size_mb=4096 max_queue=1 host_max_queue=1
submit_queues=4 dev=`ls -d /sys/bus/pseudo/drivers/scsi_debug/adapter*/host*/target*/*/block/* | head -1 |
xargs basename` fio --filename=/dev/$dev --direct=1 --rw=randrw --bs=4k --iodepth=1 \ --runtime=100
--numjobs=40 --time_based --name=test \ --ioengine=libaio Fix the issue by adding one explicit barrier in
blk_mq_mark_tag_wait(), which is just fine in case of running out of tag. (CVE-2024-26671)
- In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: sanitize layer 3
and 4 protocol number in custom expectations - Disallow families other than NFPROTO_{IPV4,IPV6,INET}. -
Disallow layer 4 protocol with no ports, since destination port is a mandatory attribute for this object.
(CVE-2024-26673)
- In the Linux kernel, the following vulnerability has been resolved: ppp_async: limit MRU to 64K syzbot
triggered a warning [1] in __alloc_pages(): WARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp) Willem fixed a
similar issue in commit c0a2a1b0d631 (ppp: limit MRU to 64K) Adopt the same sanity check for
ppp_async_ioctl(PPPIOCSMRU) [1]: WARNING: CPU: 1 PID: 11 at mm/page_alloc.c:4543 __alloc_pages+0x308/0x698
mm/page_alloc.c:4543 Modules linked in: CPU: 1 PID: 11 Comm: kworker/u4:0 Not tainted
6.8.0-rc2-syzkaller-g41bccc98fb79 #0 Hardware name: Google Google Compute Engine/Google Compute Engine,
BIOS Google 11/17/2023 Workqueue: events_unbound flush_to_ldisc pstate: 204000c5 (nzCv daIF +PAN -UAO -TCO
-DIT -SSBS BTYPE=--) pc : __alloc_pages+0x308/0x698 mm/page_alloc.c:4543 lr : __alloc_pages+0xc8/0x698
mm/page_alloc.c:4537 sp : ffff800093967580 x29: ffff800093967660 x28: ffff8000939675a0 x27:
dfff800000000000 x26: ffff70001272ceb4 x25: 0000000000000000 x24: ffff8000939675c0 x23: 0000000000000000
x22: 0000000000060820 x21: 1ffff0001272ceb8 x20: ffff8000939675e0 x19: 0000000000000010 x18:
ffff800093967120 x17: ffff800083bded5c x16: ffff80008ac97500 x15: 0000000000000005 x14: 1ffff0001272cebc
x13: 0000000000000000 x12: 0000000000000000 x11: ffff70001272cec1 x10: 1ffff0001272cec0 x9 :
0000000000000001 x8 : ffff800091c91000 x7 : 0000000000000000 x6 : 000000000000003f x5 : 00000000ffffffff
x4 : 0000000000000000 x3 : 0000000000000020 x2 : 0000000000000008 x1 : 0000000000000000 x0 :
ffff8000939675e0 Call trace: __alloc_pages+0x308/0x698 mm/page_alloc.c:4543 __alloc_pages_node
include/linux/gfp.h:238 [inline] alloc_pages_node include/linux/gfp.h:261 [inline]
__kmalloc_large_node+0xbc/0x1fc mm/slub.c:3926 __do_kmalloc_node mm/slub.c:3969 [inline]
__kmalloc_node_track_caller+0x418/0x620 mm/slub.c:4001 kmalloc_reserve+0x17c/0x23c net/core/skbuff.c:590
__alloc_skb+0x1c8/0x3d8 net/core/skbuff.c:651 __netdev_alloc_skb+0xb8/0x3e8 net/core/skbuff.c:715
netdev_alloc_skb include/linux/skbuff.h:3235 [inline] dev_alloc_skb include/linux/skbuff.h:3248 [inline]
ppp_async_input drivers/net/ppp/ppp_async.c:863 [inline] ppp_asynctty_receive+0x588/0x186c
drivers/net/ppp/ppp_async.c:341 tty_ldisc_receive_buf+0x12c/0x15c drivers/tty/tty_buffer.c:390
tty_port_default_receive_buf+0x74/0xac drivers/tty/tty_port.c:37 receive_buf drivers/tty/tty_buffer.c:444
[inline] flush_to_ldisc+0x284/0x6e4 drivers/tty/tty_buffer.c:494 process_one_work+0x694/0x1204
kernel/workqueue.c:2633 process_scheduled_works kernel/workqueue.c:2706 [inline] worker_thread+0x938/0xef4
kernel/workqueue.c:2787 kthread+0x288/0x310 kernel/kthread.c:388 ret_from_fork+0x10/0x20
arch/arm64/kernel/entry.S:860 (CVE-2024-26675)
- In the Linux kernel, the following vulnerability has been resolved: af_unix: Call kfree_skb() for dead
unix_(sk)->oob_skb in GC. syzbot reported a warning [0] in __unix_gc() with a repro, which creates a
socketpair and sends one socket's fd to itself using the peer. socketpair(AF_UNIX, SOCK_STREAM, 0, [3, 4])
= 0 sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=\360, iov_len=1}], msg_iovlen=1,
msg_control=[{cmsg_len=20, cmsg_level=SOL_SOCKET, cmsg_type=SCM_RIGHTS, cmsg_data=[3]}],
msg_controllen=24, msg_flags=0}, MSG_OOB|MSG_PROBE|MSG_DONTWAIT|MSG_ZEROCOPY) = 1 This forms a self-cyclic
reference that GC should finally untangle but does not due to lack of MSG_OOB handling, resulting in
memory leak. Recently, commit 11498715f266 (af_unix: Remove io_uring code for GC.) removed io_uring's
dead code in GC and revealed the problem. The code was executed at the final stage of GC and
unconditionally moved all GC candidates from gc_candidates to gc_inflight_list. That papered over the
reported problem by always making the following WARN_ON_ONCE(!list_empty(&gc_candidates)) false. The
problem has been there since commit 2aab4b969002 (af_unix: fix struct pid leaks in OOB support) added
full scm support for MSG_OOB while fixing another bug. To fix this problem, we must call kfree_skb() for
unix_sk(sk)->oob_skb if the socket still exists in gc_candidates after purging collected skb. Then, we
need to set NULL to oob_skb before calling kfree_skb() because it calls last fput() and triggers
unix_release_sock(), where we call duplicate kfree_skb(u->oob_skb) if not NULL. Note that the leaked
socket remained being linked to a global list, so kmemleak also could not detect it. We need to check
/proc/net/protocol to notice the unfreed socket. [0]: WARNING: CPU: 0 PID: 2863 at net/unix/garbage.c:345
__unix_gc+0xc74/0xe80 net/unix/garbage.c:345 Modules linked in: CPU: 0 PID: 2863 Comm: kworker/u4:11 Not
tainted 6.8.0-rc1-syzkaller-00583-g1701940b1a02 #0 Hardware name: Google Google Compute Engine/Google
Compute Engine, BIOS Google 01/25/2024 Workqueue: events_unbound __unix_gc RIP: 0010:__unix_gc+0xc74/0xe80
net/unix/garbage.c:345 Code: 8b 5c 24 50 e9 86 f8 ff ff e8 f8 e4 22 f8 31 d2 48 c7 c6 30 6a 69 89 4c 89 ef
e8 97 ef ff ff e9 80 f9 ff ff e8 dd e4 22 f8 90 <0f> 0b 90 e9 7b fd ff ff 48 89 df e8 5c e7 7c f8 e9 d3 f8
ff ff e8 RSP: 0018:ffffc9000b03fba0 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffffc9000b03fc10 RCX:
ffffffff816c493e RDX: ffff88802c02d940 RSI: ffffffff896982f3 RDI: ffffc9000b03fb30 RBP: ffffc9000b03fce0
R08: 0000000000000001 R09: fffff52001607f66 R10: 0000000000000003 R11: 0000000000000002 R12:
dffffc0000000000 R13: ffffc9000b03fc10 R14: ffffc9000b03fc10 R15: 0000000000000001 FS:
0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033 CR2: 00005559c8677a60 CR3: 000000000d57a000 CR4: 00000000003506f0 DR0: 0000000000000000
DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400 Call Trace: <TASK> process_one_work+0x889/0x15e0 kernel/workqueue.c:2633
process_scheduled_works kernel/workqueue.c:2706 [inline] worker_thread+0x8b9/0x12a0
kernel/workqueue.c:2787 kthread+0x2c6/0x3b0 kernel/kthread.c:388 ret_from_fork+0x45/0x80
arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:242 </TASK>
(CVE-2024-26676)
- In the Linux kernel, the following vulnerability has been resolved: inet: read sk->sk_family once in
inet_recv_error() inet_recv_error() is called without holding the socket lock. IPv6 socket could mutate to
IPv4 with IPV6_ADDRFORM socket option and trigger a KCSAN warning. (CVE-2024-26679)
- In the Linux kernel, the following vulnerability has been resolved: net: atlantic: Fix DMA mapping for PTP
hwts ring Function aq_ring_hwts_rx_alloc() maps extra AQ_CFG_RXDS_DEF bytes for PTP HWTS ring but then
generic aq_ring_free() does not take this into account. Create and use a specific function to free HWTS
ring to fix this issue. Trace: [ 215.351607] ------------[ cut here ]------------ [ 215.351612] DMA-API:
atlantic 0000:4b:00.0: device driver frees DMA memory with different size [device
address=0x00000000fbdd0000] [map size=34816 bytes] [unmap size=32768 bytes] [ 215.351635] WARNING: CPU: 33
PID: 10759 at kernel/dma/debug.c:988 check_unmap+0xa6f/0x2360 ... [ 215.581176] Call Trace: [ 215.583632]
<TASK> [ 215.585745] ? show_trace_log_lvl+0x1c4/0x2df [ 215.590114] ? show_trace_log_lvl+0x1c4/0x2df [
215.594497] ? debug_dma_free_coherent+0x196/0x210 [ 215.599305] ? check_unmap+0xa6f/0x2360 [ 215.603147] ?
__warn+0xca/0x1d0 [ 215.606391] ? check_unmap+0xa6f/0x2360 [ 215.610237] ? report_bug+0x1ef/0x370 [
215.613921] ? handle_bug+0x3c/0x70 [ 215.617423] ? exc_invalid_op+0x14/0x50 [ 215.621269] ?
asm_exc_invalid_op+0x16/0x20 [ 215.625480] ? check_unmap+0xa6f/0x2360 [ 215.629331] ?
mark_lock.part.0+0xca/0xa40 [ 215.633445] debug_dma_free_coherent+0x196/0x210 [ 215.638079] ?
__pfx_debug_dma_free_coherent+0x10/0x10 [ 215.643242] ? slab_free_freelist_hook+0x11d/0x1d0 [ 215.648060]
dma_free_attrs+0x6d/0x130 [ 215.651834] aq_ring_free+0x193/0x290 [atlantic] [ 215.656487]
aq_ptp_ring_free+0x67/0x110 [atlantic] ... [ 216.127540] ---[ end trace 6467e5964dd2640b ]--- [
216.132160] DMA-API: Mapped at: [ 216.132162] debug_dma_alloc_coherent+0x66/0x2f0 [ 216.132165]
dma_alloc_attrs+0xf5/0x1b0 [ 216.132168] aq_ring_hwts_rx_alloc+0x150/0x1f0 [atlantic] [ 216.132193]
aq_ptp_ring_alloc+0x1bb/0x540 [atlantic] [ 216.132213] aq_nic_init+0x4a1/0x760 [atlantic] (CVE-2024-26680)
- In the Linux kernel, the following vulnerability has been resolved: netdevsim: avoid potential loop in
nsim_dev_trap_report_work() Many syzbot reports include the following trace [1] If
nsim_dev_trap_report_work() can not grab the mutex, it should rearm itself at least one jiffie later. [1]
Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 32383 Comm: kworker/0:2 Not tainted
6.8.0-rc2-syzkaller-00031-g861c0981648f #0 Hardware name: Google Google Compute Engine/Google Compute
Engine, BIOS Google 11/17/2023 Workqueue: events nsim_dev_trap_report_work RIP: 0010:bytes_is_nonzero
mm/kasan/generic.c:89 [inline] RIP: 0010:memory_is_nonzero mm/kasan/generic.c:104 [inline] RIP:
0010:memory_is_poisoned_n mm/kasan/generic.c:129 [inline] RIP: 0010:memory_is_poisoned
mm/kasan/generic.c:161 [inline] RIP: 0010:check_region_inline mm/kasan/generic.c:180 [inline] RIP:
0010:kasan_check_range+0x101/0x190 mm/kasan/generic.c:189 Code: 07 49 39 d1 75 0a 45 3a 11 b8 01 00 00 00
7c 0b 44 89 c2 e8 21 ed ff ff 83 f0 01 5b 5d 41 5c c3 48 85 d2 74 4f 48 01 ea eb 09 <48> 83 c0 01 48 39 d0
74 41 80 38 00 74 f2 eb b6 41 bc 08 00 00 00 RSP: 0018:ffffc90012dcf998 EFLAGS: 00000046 RAX:
fffffbfff258af1e RBX: fffffbfff258af1f RCX: ffffffff8168eda3 RDX: fffffbfff258af1f RSI: 0000000000000004
RDI: ffffffff92c578f0 RBP: fffffbfff258af1e R08: 0000000000000000 R09: fffffbfff258af1e R10:
ffffffff92c578f3 R11: ffffffff8acbcbc0 R12: 0000000000000002 R13: ffff88806db38400 R14: 1ffff920025b9f42
R15: ffffffff92c578e8 FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 CS: 0010
DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000c00994e078 CR3: 000000002c250000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6:
00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <NMI> </NMI> <TASK> instrument_atomic_read
include/linux/instrumented.h:68 [inline] atomic_read include/linux/atomic/atomic-instrumented.h:32
[inline] queued_spin_is_locked include/asm-generic/qspinlock.h:57 [inline] debug_spin_unlock
kernel/locking/spinlock_debug.c:101 [inline] do_raw_spin_unlock+0x53/0x230
kernel/locking/spinlock_debug.c:141 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:150
[inline] _raw_spin_unlock_irqrestore+0x22/0x70 kernel/locking/spinlock.c:194
debug_object_activate+0x349/0x540 lib/debugobjects.c:726 debug_work_activate kernel/workqueue.c:578
[inline] insert_work+0x30/0x230 kernel/workqueue.c:1650 __queue_work+0x62e/0x11d0 kernel/workqueue.c:1802
__queue_delayed_work+0x1bf/0x270 kernel/workqueue.c:1953 queue_delayed_work_on+0x106/0x130
kernel/workqueue.c:1989 queue_delayed_work include/linux/workqueue.h:563 [inline] schedule_delayed_work
include/linux/workqueue.h:677 [inline] nsim_dev_trap_report_work+0x9c0/0xc80
drivers/net/netdevsim/dev.c:842 process_one_work+0x886/0x15d0 kernel/workqueue.c:2633
process_scheduled_works kernel/workqueue.c:2706 [inline] worker_thread+0x8b9/0x1290
kernel/workqueue.c:2787 kthread+0x2c6/0x3a0 kernel/kthread.c:388 ret_from_fork+0x45/0x80
arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242 </TASK>
(CVE-2024-26681)
- In the Linux kernel, the following vulnerability has been resolved: net: stmmac: xgmac: fix handling of
DPP safety error for DMA channels Commit 56e58d6c8a56 (net: stmmac: Implement Safety Features in XGMAC
core) checks and reports safety errors, but leaves the Data Path Parity Errors for each channel in DMA
unhandled at all, lead to a storm of interrupt. Fix it by checking and clearing the
DMA_DPP_Interrupt_Status register. (CVE-2024-26684)
- In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential bug in
end_buffer_async_write According to a syzbot report, end_buffer_async_write(), which handles the
completion of block device writes, may detect abnormal condition of the buffer async_write flag and cause
a BUG_ON failure when using nilfs2. Nilfs2 itself does not use end_buffer_async_write(). But, the
async_write flag is now used as a marker by commit 7f42ec394156 (nilfs2: fix issue with race condition of
competition between segments for dirty blocks) as a means of resolving double list insertion of dirty
blocks in nilfs_lookup_dirty_data_buffers() and nilfs_lookup_node_buffers() and the resulting crash. This
modification is safe as long as it is used for file data and b-tree node blocks where the page caches are
independent. However, it was irrelevant and redundant to also introduce async_write for segment summary
and super root blocks that share buffers with the backing device. This led to the possibility that the
BUG_ON check in end_buffer_async_write would fail as described above, if independent writebacks of the
backing device occurred in parallel. The use of async_write for segment summary buffers has already been
removed in a previous change. Fix this issue by removing the manipulation of the async_write flag for the
remaining super root block buffer. (CVE-2024-26685)
- In the Linux kernel, the following vulnerability has been resolved: fs/proc: do_task_stat: use
sig->stats_lock to gather the threads/children stats lock_task_sighand() can trigger a hard lockup. If
NR_CPUS threads call do_task_stat() at the same time and the process has NR_THREADS, it will spin with
irqs disabled O(NR_CPUS * NR_THREADS) time. Change do_task_stat() to use sig->stats_lock to gather the
statistics outside of ->siglock protected section, in the likely case this code will run lockless.
(CVE-2024-26686)
- In the Linux kernel, the following vulnerability has been resolved: xen/events: close evtchn after mapping
cleanup shutdown_pirq and startup_pirq are not taking the irq_mapping_update_lock because they can't due
to lock inversion. Both are called with the irq_desc->lock being taking. The lock order, however, is first
irq_mapping_update_lock and then irq_desc->lock. This opens multiple races: - shutdown_pirq can be
interrupted by a function that allocates an event channel: CPU0 CPU1 shutdown_pirq { xen_evtchn_close(e)
__startup_pirq { EVTCHNOP_bind_pirq -> returns just freed evtchn e set_evtchn_to_irq(e, irq) }
xen_irq_info_cleanup() { set_evtchn_to_irq(e, -1) } } Assume here event channel e refers here to the same
event channel number. After this race the evtchn_to_irq mapping for e is invalid (-1). - __startup_pirq
races with __unbind_from_irq in a similar way. Because __startup_pirq doesn't take irq_mapping_update_lock
it can grab the evtchn that __unbind_from_irq is currently freeing and cleaning up. In this case even
though the event channel is allocated, its mapping can be unset in evtchn_to_irq. The fix is to first
cleanup the mappings and then close the event channel. In this way, when an event channel gets allocated
it's potential previous evtchn_to_irq mappings are guaranteed to be unset already. This is also the
reverse order of the allocation where first the event channel is allocated and then the mappings are
setup. On a 5.10 kernel prior to commit 3fcdaf3d7634 (xen/events: modify internal [un]bind interfaces),
we hit a BUG like the following during probing of NVMe devices. The issue is that during
nvme_setup_io_queues, pci_free_irq is called for every device which results in a call to shutdown_pirq.
With many nvme devices it's therefore likely to hit this race during boot because there will be multiple
calls to shutdown_pirq and startup_pirq are running potentially in parallel. ------------[ cut here
]------------ blkfront: xvda: barrier or flush: disabled; persistent grants: enabled; indirect
descriptors: enabled; bounce buffer: enabled kernel BUG at drivers/xen/events/events_base.c:499! invalid
opcode: 0000 [#1] SMP PTI CPU: 44 PID: 375 Comm: kworker/u257:23 Not tainted 5.10.201-191.748.amzn2.x86_64
#1 Hardware name: Xen HVM domU, BIOS 4.11.amazon 08/24/2006 Workqueue: nvme-reset-wq nvme_reset_work RIP:
0010:bind_evtchn_to_cpu+0xdf/0xf0 Code: 5d 41 5e c3 cc cc cc cc 44 89 f7 e8 2b 55 ad ff 49 89 c5 48 85 c0
0f 84 64 ff ff ff 4c 8b 68 30 41 83 fe ff 0f 85 60 ff ff ff <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f
40 00 0f 1f 44 00 00 RSP: 0000:ffffc9000d533b08 EFLAGS: 00010046 RAX: 0000000000000000 RBX:
0000000000000000 RCX: 0000000000000006 RDX: 0000000000000028 RSI: 00000000ffffffff RDI: 00000000ffffffff
RBP: ffff888107419680 R08: 0000000000000000 R09: ffffffff82d72b00 R10: 0000000000000000 R11:
0000000000000000 R12: 00000000000001ed R13: 0000000000000000 R14: 00000000ffffffff R15: 0000000000000002
FS: 0000000000000000(0000) GS:ffff88bc8b500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000
CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000002610001 CR4: 00000000001706e0 DR0:
0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0
DR7: 0000000000000400 Call Trace: ? show_trace_log_lvl+0x1c1/0x2d9 ? show_trace_log_lvl+0x1c1/0x2d9 ?
set_affinity_irq+0xdc/0x1c0 ? __die_body.cold+0x8/0xd ? die+0x2b/0x50 ? do_trap+0x90/0x110 ?
bind_evtchn_to_cpu+0xdf/0xf0 ? do_error_trap+0x65/0x80 ? bind_evtchn_to_cpu+0xdf/0xf0 ?
exc_invalid_op+0x4e/0x70 ? bind_evtchn_to_cpu+0xdf/0xf0 ? asm_exc_invalid_op+0x12/0x20 ?
bind_evtchn_to_cpu+0xdf/0x ---truncated--- (CVE-2024-26687)
- In the Linux kernel, the following vulnerability has been resolved: fs,hugetlb: fix NULL pointer
dereference in hugetlbs_fill_super When configuring a hugetlb filesystem via the fsconfig() syscall, there
is a possible NULL dereference in hugetlbfs_fill_super() caused by assigning NULL to ctx->hstate in
hugetlbfs_parse_param() when the requested pagesize is non valid. E.g: Taking the following steps: fd =
fsopen(hugetlbfs, FSOPEN_CLOEXEC); fsconfig(fd, FSCONFIG_SET_STRING, pagesize, 1024, 0);
fsconfig(fd, FSCONFIG_CMD_CREATE, NULL, NULL, 0); Given that the requested pagesize is invalid,
ctxt->hstate will be replaced with NULL, losing its previous value, and we will print an error: ... ...
case Opt_pagesize: ps = memparse(param->string, &rest); ctx->hstate = h; if (!ctx->hstate) {
pr_err(Unsupported page size %lu MB\n, ps / SZ_1M); return -EINVAL; } return 0; ... ... This is a
problem because later on, we will dereference ctxt->hstate in hugetlbfs_fill_super() ... ...
sb->s_blocksize = huge_page_size(ctx->hstate); ... ... Causing below Oops. Fix this by replacing
cxt->hstate value only when then pagesize is known to be valid. kernel: hugetlbfs: Unsupported page size 0
MB kernel: BUG: kernel NULL pointer dereference, address: 0000000000000028 kernel: #PF: supervisor read
access in kernel mode kernel: #PF: error_code(0x0000) - not-present page kernel: PGD 800000010f66c067 P4D
800000010f66c067 PUD 1b22f8067 PMD 0 kernel: Oops: 0000 [#1] PREEMPT SMP PTI kernel: CPU: 4 PID: 5659
Comm: syscall Tainted: G E 6.8.0-rc2-default+ #22 5a47c3fef76212addcc6eb71344aabc35190ae8f kernel:
Hardware name: Intel Corp. GROVEPORT/GROVEPORT, BIOS GVPRCRB1.86B.0016.D04.1705030402 05/03/2017 kernel:
RIP: 0010:hugetlbfs_fill_super+0xb4/0x1a0 kernel: Code: 48 8b 3b e8 3e c6 ed ff 48 85 c0 48 89 45 20 0f 84
d6 00 00 00 48 b8 ff ff ff ff ff ff ff 7f 4c 89 e7 49 89 44 24 20 48 8b 03 <8b> 48 28 b8 00 10 00 00 48 d3
e0 49 89 44 24 18 48 8b 03 8b 40 28 kernel: RSP: 0018:ffffbe9960fcbd48 EFLAGS: 00010246 kernel: RAX:
0000000000000000 RBX: ffff9af5272ae780 RCX: 0000000000372004 kernel: RDX: ffffffffffffffff RSI:
ffffffffffffffff RDI: ffff9af555e9b000 kernel: RBP: ffff9af52ee66b00 R08: 0000000000000040 R09:
0000000000370004 kernel: R10: ffffbe9960fcbd48 R11: 0000000000000040 R12: ffff9af555e9b000 kernel: R13:
ffffffffa66b86c0 R14: ffff9af507d2f400 R15: ffff9af507d2f400 kernel: FS: 00007ffbc0ba4740(0000)
GS:ffff9b0bd7000000(0000) knlGS:0000000000000000 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
kernel: CR2: 0000000000000028 CR3: 00000001b1ee0000 CR4: 00000000001506f0 kernel: Call Trace: kernel:
<TASK> kernel: ? __die_body+0x1a/0x60 kernel: ? page_fault_oops+0x16f/0x4a0 kernel: ?
search_bpf_extables+0x65/0x70 kernel: ? fixup_exception+0x22/0x310 kernel: ? exc_page_fault+0x69/0x150
kernel: ? asm_exc_page_fault+0x22/0x30 kernel: ? __pfx_hugetlbfs_fill_super+0x10/0x10 kernel: ?
hugetlbfs_fill_super+0xb4/0x1a0 kernel: ? hugetlbfs_fill_super+0x28/0x1a0 kernel: ?
__pfx_hugetlbfs_fill_super+0x10/0x10 kernel: vfs_get_super+0x40/0xa0 kernel: ?
__pfx_bpf_lsm_capable+0x10/0x10 kernel: vfs_get_tree+0x25/0xd0 kernel: vfs_cmd_create+0x64/0xe0 kernel:
__x64_sys_fsconfig+0x395/0x410 kernel: do_syscall_64+0x80/0x160 kernel: ?
syscall_exit_to_user_mode+0x82/0x240 kernel: ? do_syscall_64+0x8d/0x160 kernel: ?
syscall_exit_to_user_mode+0x82/0x240 kernel: ? do_syscall_64+0x8d/0x160 kernel: ?
exc_page_fault+0x69/0x150 kernel: entry_SYSCALL_64_after_hwframe+0x6e/0x76 kernel: RIP:
0033:0x7ffbc0cb87c9 kernel: Code: 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 48 89 f8 48 89 f7 48
89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 97 96 0d 00 f7
d8 64 89 01 48 kernel: RSP: 002b:00007ffc29d2f388 EFLAGS: 00000206 ORIG_RAX: 00000000000001af kernel: RAX:
fffffffffff ---truncated--- (CVE-2024-26688)
- In the Linux kernel, the following vulnerability has been resolved: ceph: prevent use-after-free in
encode_cap_msg() In fs/ceph/caps.c, in encode_cap_msg(), use after free error was caught by KASAN at
this line - 'ceph_buffer_get(arg->xattr_buf);'. This implies before the refcount could be increment here,
it was freed. In same file, in handle_cap_grant() refcount is decremented by this line -
'ceph_buffer_put(ci->i_xattrs.blob);'. It appears that a race occurred and resource was freed by the
latter line before the former line could increment it. encode_cap_msg() is called by __send_cap() and
__send_cap() is called by ceph_check_caps() after calling __prep_cap(). __prep_cap() is where
arg->xattr_buf is assigned to ci->i_xattrs.blob. This is the spot where the refcount must be increased to
prevent use after free error. (CVE-2024-26689)
- In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix null pointer
dereference in __sev_platform_shutdown_locked The SEV platform device can be shutdown with a null
psp_master, e.g., using DEBUG_TEST_DRIVER_REMOVE. Found using KASAN: [ 137.148210] ccp 0000:23:00.1:
enabling device (0000 -> 0002) [ 137.162647] ccp 0000:23:00.1: no command queues available [ 137.170598]
ccp 0000:23:00.1: sev enabled [ 137.174645] ccp 0000:23:00.1: psp enabled [ 137.178890] general protection
fault, probably for non-canonical address 0xdffffc000000001e: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC KASAN
NOPTI [ 137.182693] KASAN: null-ptr-deref in range [0x00000000000000f0-0x00000000000000f7] [ 137.182693]
CPU: 93 PID: 1 Comm: swapper/0 Not tainted 6.8.0-rc1+ #311 [ 137.182693] RIP:
0010:__sev_platform_shutdown_locked+0x51/0x180 [ 137.182693] Code: 08 80 3c 08 00 0f 85 0e 01 00 00 48 8b
1d 67 b6 01 08 48 b8 00 00 00 00 00 fc ff df 48 8d bb f0 00 00 00 48 89 f9 48 c1 e9 03 <80> 3c 01 00 0f 85
fe 00 00 00 48 8b 9b f0 00 00 00 48 85 db 74 2c [ 137.182693] RSP: 0018:ffffc900000cf9b0 EFLAGS: 00010216
[ 137.182693] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 000000000000001e [ 137.182693] RDX:
0000000000000000 RSI: 0000000000000008 RDI: 00000000000000f0 [ 137.182693] RBP: ffffc900000cf9c8 R08:
0000000000000000 R09: fffffbfff58f5a66 [ 137.182693] R10: ffffc900000cf9c8 R11: ffffffffac7ad32f R12:
ffff8881e5052c28 [ 137.182693] R13: ffff8881e5052c28 R14: ffff8881758e43e8 R15: ffffffffac64abf8 [
137.182693] FS: 0000000000000000(0000) GS:ffff889de7000000(0000) knlGS:0000000000000000 [ 137.182693] CS:
0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 137.182693] CR2: 0000000000000000 CR3: 0000001cf7c7e000
CR4: 0000000000350ef0 [ 137.182693] Call Trace: [ 137.182693] <TASK> [ 137.182693] ? show_regs+0x6c/0x80 [
137.182693] ? __die_body+0x24/0x70 [ 137.182693] ? die_addr+0x4b/0x80 [ 137.182693] ?
exc_general_protection+0x126/0x230 [ 137.182693] ? asm_exc_general_protection+0x2b/0x30 [ 137.182693] ?
__sev_platform_shutdown_locked+0x51/0x180 [ 137.182693] sev_firmware_shutdown.isra.0+0x1e/0x80 [
137.182693] sev_dev_destroy+0x49/0x100 [ 137.182693] psp_dev_destroy+0x47/0xb0 [ 137.182693]
sp_destroy+0xbb/0x240 [ 137.182693] sp_pci_remove+0x45/0x60 [ 137.182693] pci_device_remove+0xaa/0x1d0 [
137.182693] device_remove+0xc7/0x170 [ 137.182693] really_probe+0x374/0xbe0 [ 137.182693] ?
srso_return_thunk+0x5/0x5f [ 137.182693] __driver_probe_device+0x199/0x460 [ 137.182693]
driver_probe_device+0x4e/0xd0 [ 137.182693] __driver_attach+0x191/0x3d0 [ 137.182693] ?
__pfx___driver_attach+0x10/0x10 [ 137.182693] bus_for_each_dev+0x100/0x190 [ 137.182693] ?
__pfx_bus_for_each_dev+0x10/0x10 [ 137.182693] ? __kasan_check_read+0x15/0x20 [ 137.182693] ?
srso_return_thunk+0x5/0x5f [ 137.182693] ? _raw_spin_unlock+0x27/0x50 [ 137.182693]
driver_attach+0x41/0x60 [ 137.182693] bus_add_driver+0x2a8/0x580 [ 137.182693] driver_register+0x141/0x480
[ 137.182693] __pci_register_driver+0x1d6/0x2a0 [ 137.182693] ? srso_return_thunk+0x5/0x5f [ 137.182693] ?
esrt_sysfs_init+0x1cd/0x5d0 [ 137.182693] ? __pfx_sp_mod_init+0x10/0x10 [ 137.182693]
sp_pci_init+0x22/0x30 [ 137.182693] sp_mod_init+0x14/0x30 [ 137.182693] ? __pfx_sp_mod_init+0x10/0x10 [
137.182693] do_one_initcall+0xd1/0x470 [ 137.182693] ? __pfx_do_one_initcall+0x10/0x10 [ 137.182693] ?
parameq+0x80/0xf0 [ 137.182693] ? srso_return_thunk+0x5/0x5f [ 137.182693] ? __kmalloc+0x3b0/0x4e0 [
137.182693] ? kernel_init_freeable+0x92d/0x1050 [ 137.182693] ? kasan_populate_vmalloc_pte+0x171/0x190 [
137.182693] ? srso_return_thunk+0x5/0x5f [ 137.182693] kernel_init_freeable+0xa64/0x1050 [ 137.182693] ?
__pfx_kernel_init+0x10/0x10 [ 137.182693] kernel_init+0x24/0x160 [ 137.182693] ? __switch_to_asm+0x3e/0x70
[ 137.182693] ret_from_fork+0x40/0x80 [ 137.182693] ? __pfx_kernel_init+0x1 ---truncated---
(CVE-2024-26695)
- In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix hang in
nilfs_lookup_dirty_data_buffers() Syzbot reported a hang issue in migrate_pages_batch() called by mbind()
and nilfs_lookup_dirty_data_buffers() called in the log writer of nilfs2. While migrate_pages_batch()
locks a folio and waits for the writeback to complete, the log writer thread that should bring the
writeback to completion picks up the folio being written back in nilfs_lookup_dirty_data_buffers() that it
calls for subsequent log creation and was trying to lock the folio. Thus causing a deadlock. In the first
place, it is unexpected that folios/pages in the middle of writeback will be updated and become dirty.
Nilfs2 adds a checksum to verify the validity of the log being written and uses it for recovery at mount,
so data changes during writeback are suppressed. Since this is broken, an unclean shutdown could
potentially cause recovery to fail. Investigation revealed that the root cause is that the wait for
writeback completion in nilfs_page_mkwrite() is conditional, and if the backing device does not require
stable writes, data may be modified without waiting. Fix these issues by making nilfs_page_mkwrite() wait
for writeback to finish regardless of the stable write requirement of the backing device. (CVE-2024-26696)
- In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix data corruption in dsync
block recovery for small block sizes The helper function nilfs_recovery_copy_block() of
nilfs_recovery_dsync_blocks(), which recovers data from logs created by data sync writes during a mount
after an unclean shutdown, incorrectly calculates the on-page offset when copying repair data to the
file's page cache. In environments where the block size is smaller than the page size, this flaw can cause
data corruption and leak uninitialized memory bytes during the recovery process. Fix these issues by
correcting this byte offset calculation on the page. (CVE-2024-26697)
- In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Fix race condition between
netvsc_probe and netvsc_remove In commit ac5047671758 (hv_netvsc: Disable NAPI before closing the VMBus
channel), napi_disable was getting called for all channels, including all subchannels without confirming
if they are enabled or not. This caused hv_netvsc getting hung at napi_disable, when netvsc_probe() has
finished running but nvdev->subchan_work has not started yet. netvsc_subchan_work() ->
rndis_set_subchannel() has not created the sub-channels and because of that netvsc_sc_open() is not
running. netvsc_remove() calls cancel_work_sync(&nvdev->subchan_work), for which netvsc_subchan_work did
not run. netif_napi_add() sets the bit NAPI_STATE_SCHED because it ensures NAPI cannot be scheduled. Then
netvsc_sc_open() -> napi_enable will clear the NAPIF_STATE_SCHED bit, so it can be scheduled.
napi_disable() does the opposite. Now during netvsc_device_remove(), when napi_disable is called for those
subchannels, napi_disable gets stuck on infinite msleep. This fix addresses this problem by ensuring that
napi_disable() is not getting called for non-enabled NAPI struct. But netif_napi_del() is still necessary
for these non-enabled NAPI struct for cleanup purpose. Call trace: [ 654.559417] task:modprobe state:D
stack: 0 pid: 2321 ppid: 1091 flags:0x00004002 [ 654.568030] Call Trace: [ 654.571221] <TASK> [
654.573790] __schedule+0x2d6/0x960 [ 654.577733] schedule+0x69/0xf0 [ 654.581214]
schedule_timeout+0x87/0x140 [ 654.585463] ? __bpf_trace_tick_stop+0x20/0x20 [ 654.590291] msleep+0x2d/0x40
[ 654.593625] napi_disable+0x2b/0x80 [ 654.597437] netvsc_device_remove+0x8a/0x1f0 [hv_netvsc] [
654.603935] rndis_filter_device_remove+0x194/0x1c0 [hv_netvsc] [ 654.611101] ? do_wait_intr+0xb0/0xb0 [
654.615753] netvsc_remove+0x7c/0x120 [hv_netvsc] [ 654.621675] vmbus_remove+0x27/0x40 [hv_vmbus]
(CVE-2024-26698)
- In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix MST Null Ptr for
RV The change try to fix below error specific to RV platform: BUG: kernel NULL pointer dereference,
address: 0000000000000008 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 4 PID: 917 Comm: sway Not
tainted 6.3.9-arch1-1 #1 124dc55df4f5272ccb409f39ef4872fc2b3376a2 Hardware name: LENOVO
20NKS01Y00/20NKS01Y00, BIOS R12ET61W(1.31 ) 07/28/2022 RIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260
[drm_display_helper] Code: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00
48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 <48> 8> RSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293 RAX:
0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224 RDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578
RDI: ffff8afb87e81280 RBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850 R10:
ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000 R13: ffff8afb8d7688a0 R14: ffff8afb8da1a578
R15: 0000000000000224 FS: 00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000) knlGS:0000000000000000 CS: 0010
DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000008 CR3: 000000010ddc6000 CR4: 00000000003506e0
Call Trace: <TASK> ? __die+0x23/0x70 ? page_fault_oops+0x171/0x4e0 ? plist_add+0xbe/0x100 ?
exc_page_fault+0x7c/0x180 ? asm_exc_page_fault+0x26/0x30 ? drm_dp_atomic_find_time_slots+0x5e/0x260
[drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026] ? drm_dp_atomic_find_time_slots+0x28/0x260
[drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026] compute_mst_dsc_configs_for_link+0x2ff/0xa40
[amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054] ? fill_plane_buffer_attributes+0x419/0x510 [amdgpu
62e600d2a75e9158e1cd0a243bdc8e6da040c054] compute_mst_dsc_configs_for_state+0x1e1/0x250 [amdgpu
62e600d2a75e9158e1cd0a243bdc8e6da040c054] amdgpu_dm_atomic_check+0xecd/0x1190 [amdgpu
62e600d2a75e9158e1cd0a243bdc8e6da040c054] drm_atomic_check_only+0x5c5/0xa40
drm_mode_atomic_ioctl+0x76e/0xbc0 ? _copy_to_user+0x25/0x30 ? drm_ioctl+0x296/0x4b0 ?
__pfx_drm_mode_atomic_ioctl+0x10/0x10 drm_ioctl_kernel+0xcd/0x170 drm_ioctl+0x26d/0x4b0 ?
__pfx_drm_mode_atomic_ioctl+0x10/0x10 amdgpu_drm_ioctl+0x4e/0x90 [amdgpu
62e600d2a75e9158e1cd0a243bdc8e6da040c054] __x64_sys_ioctl+0x94/0xd0 do_syscall_64+0x60/0x90 ?
do_syscall_64+0x6c/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f4dad17f76f Code: 00 48 89
44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00
00 00 0f 05 <89> c> RSP: 002b:00007ffd9ae859f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX:
ffffffffffffffda RBX: 000055e255a55900 RCX: 00007f4dad17f76f RDX: 00007ffd9ae85a90 RSI: 00000000c03864bc
RDI: 000000000000000b RBP: 00007ffd9ae85a90 R08: 0000000000000003 R09: 0000000000000003 R10:
0000000000000000 R11: 0000000000000246 R12: 00000000c03864bc R13: 000000000000000b R14: 000055e255a7fc60
R15: 000055e255a01eb0 </TASK> Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device
ccm cmac algif_hash algif_skcipher af_alg joydev mousedev bnep > typec libphy k10temp ipmi_msghandler
roles i2c_scmi acpi_cpufreq mac_hid nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_mas> CR2:
0000000000000008 ---[ end trace 0000000000000000 ]--- RIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260
[drm_display_helper] Code: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00
48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 <48> 8> RSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293 RAX:
0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224 RDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578
RDI: ffff8afb87e81280 RBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850 R10:
ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000 R13: ffff8afb8d7688a0 R14: ffff8afb8da1a578
R15: 0000000000000224 FS: 00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000 ---truncated--- (CVE-2024-26700)
- In the Linux kernel, the following vulnerability has been resolved: iio: magnetometer: rm3100: add
boundary check for the value read from RM3100_REG_TMRC Recently, we encounter kernel crash in function
rm3100_common_probe caused by out of bound access of array rm3100_samp_rates (because of underlying
hardware failures). Add boundary check to prevent out of bound access. (CVE-2024-26702)
- In the Linux kernel, the following vulnerability has been resolved: ext4: fix double-free of blocks due to
wrong extents moved_len In ext4_move_extents(), moved_len is only updated when all moves are successfully
executed, and only discards orig_inode and donor_inode preallocations when moved_len is not zero. When the
loop fails to exit after successfully moving some extents, moved_len is not updated and remains at 0, so
it does not discard the preallocations. If the moved extents overlap with the preallocated extents, the
overlapped extents are freed twice in ext4_mb_release_inode_pa() and ext4_process_freed_data() (as
described in commit 94d7c16cbbbd (ext4: Fix double-free of blocks with EXT4_IOC_MOVE_EXT)), and bb_free
is incremented twice. Hence when trim is executed, a zero-division bug is triggered in
mb_update_avg_fragment_size() because bb_free is not zero and bb_fragments is zero. Therefore, update
move_len after each extent move to avoid the issue. (CVE-2024-26704)
- In the Linux kernel, the following vulnerability has been resolved: parisc: Fix random data corruption
from exception handler The current exception handler implementation, which assists when accessing user
space memory, may exhibit random data corruption if the compiler decides to use a different register than
the specified register %r29 (defined in ASM_EXCEPTIONTABLE_REG) for the error code. If the compiler choose
another register, the fault handler will nevertheless store -EFAULT into %r29 and thus trash whatever this
register is used for. Looking at the assembly I found that this happens sometimes in emulate_ldd(). To
solve the issue, the easiest solution would be if it somehow is possible to tell the fault handler which
register is used to hold the error code. Using %0 or %1 in the inline assembly is not posssible as it will
show up as e.g. %r29 (with the %r prefix), which the GNU assembler can not convert to an integer. This
patch takes another, better and more flexible approach: We extend the __ex_table (which is out of the
execution path) by one 32-word. In this word we tell the compiler to insert the assembler instruction or
%r0,%r0,%reg, where %reg references the register which the compiler choosed for the error return code. In
case of an access failure, the fault handler finds the __ex_table entry and can examine the opcode. The
used register is encoded in the lowest 5 bits, and the fault handler can then store -EFAULT into this
register. Since we extend the __ex_table to 3 words we can't use the BUILDTIME_TABLE_SORT config option
any longer. (CVE-2024-26706)
- In the Linux kernel, the following vulnerability has been resolved: net: hsr: remove WARN_ONCE() in
send_hsr_supervision_frame() Syzkaller reported [1] hitting a warning after failing to allocate resources
for skb in hsr_init_skb(). Since a WARN_ONCE() call will not help much in this case, it might be prudent
to switch to netdev_warn_once(). At the very least it will suppress syzkaller reports such as [1]. Just in
case, use netdev_warn_once() in send_prp_supervision_frame() for similar reasons. [1] HSR: Could not send
supervision frame WARNING: CPU: 1 PID: 85 at net/hsr/hsr_device.c:294
send_hsr_supervision_frame+0x60a/0x810 net/hsr/hsr_device.c:294 RIP:
0010:send_hsr_supervision_frame+0x60a/0x810 net/hsr/hsr_device.c:294 ... Call Trace: <IRQ>
hsr_announce+0x114/0x370 net/hsr/hsr_device.c:382 call_timer_fn+0x193/0x590 kernel/time/timer.c:1700
expire_timers kernel/time/timer.c:1751 [inline] __run_timers+0x764/0xb20 kernel/time/timer.c:2022
run_timer_softirq+0x58/0xd0 kernel/time/timer.c:2035 __do_softirq+0x21a/0x8de kernel/softirq.c:553
invoke_softirq kernel/softirq.c:427 [inline] __irq_exit_rcu kernel/softirq.c:632 [inline]
irq_exit_rcu+0xb7/0x120 kernel/softirq.c:644 sysvec_apic_timer_interrupt+0x95/0xb0
arch/x86/kernel/apic/apic.c:1076 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x1a/0x20
arch/x86/include/asm/idtentry.h:649 ... This issue is also found in older kernels (at least up to 5.10).
(CVE-2024-26707)
- In the Linux kernel, the following vulnerability has been resolved: powerpc/kasan: Limit KASAN thread size
increase to 32KB KASAN is seen to increase stack usage, to the point that it was reported to lead to stack
overflow on some 32-bit machines (see link). To avoid overflows the stack size was doubled for KASAN
builds in commit 3e8635fb2e07 (powerpc/kasan: Force thread size increase with KASAN). However with a
32KB stack size to begin with, the doubling leads to a 64KB stack, which causes build errors:
arch/powerpc/kernel/switch.S:249: Error: operand out of range (0x000000000000fe50 is not between
0xffffffffffff8000 and 0x0000000000007fff) Although the asm could be reworked, in practice a 32KB stack
seems sufficient even for KASAN builds - the additional usage seems to be in the 2-3KB range for a 64-bit
KASAN build. So only increase the stack for KASAN if the stack size is < 32KB. (CVE-2024-26710)
- In the Linux kernel, the following vulnerability has been resolved: powerpc/kasan: Fix addr error caused
by page alignment In kasan_init_region, when k_start is not page aligned, at the begin of for loop, k_cur
= k_start & PAGE_MASK is less than k_start, and then `va = block + k_cur - k_start` is less than block,
the addr va is invalid, because the memory address space from va to block is not alloced by
memblock_alloc, which will not be reserved by memblock_reserve later, it will be used by other places. As
a result, memory overwriting occurs. for example: int __init __weak kasan_init_region(void *start, size_t
size) { [...] /* if say block(dcd97000) k_start(feef7400) k_end(feeff3fe) */ block = memblock_alloc(k_end
- k_start, PAGE_SIZE); [...] for (k_cur = k_start & PAGE_MASK; k_cur < k_end; k_cur += PAGE_SIZE) { /* at
the begin of for loop * block(dcd97000) va(dcd96c00) k_cur(feef7000) k_start(feef7400) * va(dcd96c00) is
less than block(dcd97000), va is invalid */ void *va = block + k_cur - k_start; [...] } [...] } Therefore,
page alignment is performed on k_start before memblock_alloc() to ensure the validity of the VA address.
(CVE-2024-26712)
- In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: sc8180x: Mark CO0
BCM keepalive The CO0 BCM needs to be up at all times, otherwise some hardware (like the UFS controller)
loses its connection to the rest of the SoC, resulting in a hang of the platform, accompanied by a
spectacular logspam. Mark it as keepalive to prevent such cases. (CVE-2024-26714)
- In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Fix NULL pointer
dereference in dwc3_gadget_suspend In current scenario if Plug-out and Plug-In performed continuously
there could be a chance while checking for dwc->gadget_driver in dwc3_gadget_suspend, a NULL pointer
dereference may occur. Call Stack: CPU1: CPU2: gadget_unbind_driver dwc3_suspend_common dwc3_gadget_stop
dwc3_gadget_suspend dwc3_disconnect_gadget CPU1 basically clears the variable and CPU2 checks the
variable. Consider CPU1 is running and right before gadget_driver is cleared and in parallel CPU2 executes
dwc3_gadget_suspend where it finds dwc->gadget_driver which is not NULL and resumes execution and then
CPU1 completes execution. CPU2 executes dwc3_disconnect_gadget where it checks dwc->gadget_driver is
already NULL because of which the NULL pointer deference occur. (CVE-2024-26715)
- In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid-of: fix NULL-deref on
failed power up A while back the I2C HID implementation was split in an ACPI and OF part, but the new OF
driver never initialises the client pointer which is dereferenced on power-up failures. (CVE-2024-26717)
- In the Linux kernel, the following vulnerability has been resolved: dm-crypt, dm-verity: disable tasklets
Tasklets have an inherent problem with memory corruption. The function tasklet_action_common calls
tasklet_trylock, then it calls the tasklet callback and then it calls tasklet_unlock. If the tasklet
callback frees the structure that contains the tasklet or if it calls some code that may free it,
tasklet_unlock will write into free memory. The commits 8e14f610159d and d9a02e016aaf try to fix it for
dm-crypt, but it is not a sufficient fix and the data corruption can still happen [1]. There is no fix for
dm-verity and dm-verity will write into free memory with every tasklet-processed bio. There will be atomic
workqueues implemented in the kernel 6.9 [2]. They will have better interface and they will not suffer
from the memory corruption problem. But we need something that stops the memory corruption now and that
can be backported to the stable kernels. So, I'm proposing this commit that disables tasklets in both dm-
crypt and dm-verity. This commit doesn't remove the tasklet support, because the tasklet code will be
reused when atomic workqueues will be implemented. [1]
https://lore.kernel.org/all/[email protected]/T/ [2]
https://lore.kernel.org/lkml/[email protected]/ (CVE-2024-26718)
- In the Linux kernel, the following vulnerability has been resolved: mm/writeback: fix possible divide-by-
zero in wb_dirty_limits(), again (struct dirty_throttle_control *)->thresh is an unsigned long, but is
passed as the u32 divisor argument to div_u64(). On architectures where unsigned long is 64 bytes, the
argument will be implicitly truncated. Use div64_u64() instead of div_u64() so that the value used in the
is this a safe division check is the same as the divisor. Also, remove redundant cast of the numerator
to u64, as that should happen implicitly. This would be difficult to exploit in memcg domain, given the
ratio-based arithmetic domain_drity_limits() uses, but is much easier in global writeback domain with a
BDI_CAP_STRICTLIMIT-backing device, using e.g. vm.dirty_bytes=(1<<32)*PAGE_SIZE so that dtc->thresh ==
(1<<32) (CVE-2024-26720)
- In the Linux kernel, the following vulnerability has been resolved: ASoC: rt5645: Fix deadlock in
rt5645_jack_detect_work() There is a path in rt5645_jack_detect_work(), where rt5645->jd_mutex is left
locked forever. That may lead to deadlock when rt5645_jack_detect_work() is called for the second time.
Found by Linux Verification Center (linuxtesting.org) with SVACE. (CVE-2024-26722)
- In the Linux kernel, the following vulnerability has been resolved: lan966x: Fix crash when adding
interface under a lag There is a crash when adding one of the lan966x interfaces under a lag interface.
The issue can be reproduced like this: ip link add name bond0 type bond miimon 100 mode balance-xor ip
link set dev eth0 master bond0 The reason is because when adding a interface under the lag it would go
through all the ports and try to figure out which other ports are under that lag interface. And the issue
is that lan966x can have ports that are NULL pointer as they are not probed. So then iterating over these
ports it would just crash as they are NULL pointers. The fix consists in actually checking for NULL
pointers before accessing something from the ports. Like we do in other places. (CVE-2024-26723)
- In the Linux kernel, the following vulnerability has been resolved: btrfs: don't drop extent_map for free
space inode on write error While running the CI for an unrelated change I hit the following panic with
generic/648 on btrfs_holes_spacecache. assertion failed: block_start != EXTENT_MAP_HOLE, in
fs/btrfs/extent_io.c:1385 ------------[ cut here ]------------ kernel BUG at fs/btrfs/extent_io.c:1385!
invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 1 PID: 2695096 Comm: fsstress Kdump: loaded Tainted: G W
6.8.0-rc2+ #1 RIP: 0010:__extent_writepage_io.constprop.0+0x4c1/0x5c0 Call Trace: <TASK>
extent_write_cache_pages+0x2ac/0x8f0 extent_writepages+0x87/0x110 do_writepages+0xd5/0x1f0
filemap_fdatawrite_wbc+0x63/0x90 __filemap_fdatawrite_range+0x5c/0x80 btrfs_fdatawrite_range+0x1f/0x50
btrfs_write_out_cache+0x507/0x560 btrfs_write_dirty_block_groups+0x32a/0x420
commit_cowonly_roots+0x21b/0x290 btrfs_commit_transaction+0x813/0x1360 btrfs_sync_file+0x51a/0x640
__x64_sys_fdatasync+0x52/0x90 do_syscall_64+0x9c/0x190 entry_SYSCALL_64_after_hwframe+0x6e/0x76 This
happens because we fail to write out the free space cache in one instance, come back around and attempt to
write it again. However on the second pass through we go to call btrfs_get_extent() on the inode to get
the extent mapping. Because this is a new block group, and with the free space inode we always search the
commit root to avoid deadlocking with the tree, we find nothing and return a EXTENT_MAP_HOLE for the
requested range. This happens because the first time we try to write the space cache out we hit an error,
and on an error we drop the extent mapping. This is normal for normal files, but the free space cache
inode is special. We always expect the extent map to be correct. Thus the second time through we end up
with a bogus extent map. Since we're deprecating this feature, the most straightforward way to fix this is
to simply skip dropping the extent map range for this failed range. I shortened the test by using error
injection to stress the area to make it easier to reproduce. With this patch in place we no longer panic
with my error injection test. (CVE-2024-26726)
- In the Linux kernel, the following vulnerability has been resolved: btrfs: do not ASSERT() if the newly
created subvolume already got read [BUG] There is a syzbot crash, triggered by the ASSERT() during
subvolume creation: assertion failed: !anon_dev, in fs/btrfs/disk-io.c:1319 ------------[ cut here
]------------ kernel BUG at fs/btrfs/disk-io.c:1319! invalid opcode: 0000 [#1] PREEMPT SMP KASAN RIP:
0010:btrfs_get_root_ref.part.0+0x9aa/0xa60 <TASK> btrfs_get_new_fs_root+0xd3/0xf0
create_subvol+0xd02/0x1650 btrfs_mksubvol+0xe95/0x12b0 __btrfs_ioctl_snap_create+0x2f9/0x4f0
btrfs_ioctl_snap_create+0x16b/0x200 btrfs_ioctl+0x35f0/0x5cf0 __x64_sys_ioctl+0x19d/0x210
do_syscall_64+0x3f/0xe0 entry_SYSCALL_64_after_hwframe+0x63/0x6b ---[ end trace 0000000000000000 ]---
[CAUSE] During create_subvol(), after inserting root item for the newly created subvolume, we would
trigger btrfs_get_new_fs_root() to get the btrfs_root of that subvolume. The idea here is, we have
preallocated an anonymous device number for the subvolume, thus we can assign it to the new subvolume. But
there is really nothing preventing things like backref walk to read the new subvolume. If that happens
before we call btrfs_get_new_fs_root(), the subvolume would be read out, with a new anonymous device
number assigned already. In that case, we would trigger ASSERT(), as we really expect no one to read out
that subvolume (which is not yet accessible from the fs). But things like backref walk is still possible
to trigger the read on the subvolume. Thus our assumption on the ASSERT() is not correct in the first
place. [FIX] Fix it by removing the ASSERT(), and just free the @anon_dev, reset it to 0, and continue. If
the subvolume tree is read out by something else, it should have already get a new anon_dev assigned thus
we only need to free the preallocated one. (CVE-2024-26727)
- In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix NULL pointer
dereference in sk_psock_verdict_data_ready() syzbot reported the following NULL pointer dereference issue
[1]: BUG: kernel NULL pointer dereference, address: 0000000000000000 [...] RIP: 0010:0x0 [...] Call Trace:
<TASK> sk_psock_verdict_data_ready+0x232/0x340 net/core/skmsg.c:1230 unix_stream_sendmsg+0x9b4/0x1230
net/unix/af_unix.c:2293 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x221/0x270
net/socket.c:745 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584 ___sys_sendmsg net/socket.c:2638 [inline]
__sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667 do_syscall_64+0xf9/0x240
entry_SYSCALL_64_after_hwframe+0x6f/0x77 If sk_psock_verdict_data_ready() and sk_psock_stop_verdict() are
called concurrently, psock->saved_data_ready can be NULL, causing the above issue. This patch fixes this
issue by calling the appropriate data ready function using the sk_psock_data_ready() helper and protecting
it from concurrency with sk->sk_callback_lock. (CVE-2024-26731)
- In the Linux kernel, the following vulnerability has been resolved: arp: Prevent overflow in
arp_req_get(). syzkaller reported an overflown write in arp_req_get(). [0] When ioctl(SIOCGARP) is issued,
arp_req_get() looks up an neighbour entry and copies neigh->ha to struct arpreq.arp_ha.sa_data. The arp_ha
here is struct sockaddr, not struct sockaddr_storage, so the sa_data buffer is just 14 bytes. In the splat
below, 2 bytes are overflown to the next int field, arp_flags. We initialise the field just after the
memcpy(), so it's not a problem. However, when dev->addr_len is greater than 22 (e.g. MAX_ADDR_LEN),
arp_netmask is overwritten, which could be set as htonl(0xFFFFFFFFUL) in arp_ioctl() before calling
arp_req_get(). To avoid the overflow, let's limit the max length of memcpy(). Note that commit
b5f0de6df6dc (net: dev: Convert sa_data to flexible array in struct sockaddr) just silenced syzkaller.
[0]: memcpy: detected field-spanning write (size 16) of single field r->arp_ha.sa_data at
net/ipv4/arp.c:1128 (size 14) WARNING: CPU: 0 PID: 144638 at net/ipv4/arp.c:1128 arp_req_get+0x411/0x4a0
net/ipv4/arp.c:1128 Modules linked in: CPU: 0 PID: 144638 Comm: syz-executor.4 Not tainted 6.1.74 #31
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 04/01/2014 RIP:
0010:arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128 Code: fd ff ff e8 41 42 de fb b9 0e 00 00 00 4c 89 fe 48
c7 c2 20 6d ab 87 48 c7 c7 80 6d ab 87 c6 05 25 af 72 04 01 e8 5f 8d ad fb <0f> 0b e9 6c fd ff ff e8 13 42
de fb be 03 00 00 00 4c 89 e7 e8 a6 RSP: 0018:ffffc900050b7998 EFLAGS: 00010286 RAX: 0000000000000000 RBX:
ffff88803a815000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8641a44a RDI: 0000000000000001
RBP: ffffc900050b7a98 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11:
203a7970636d656d R12: ffff888039c54000 R13: 1ffff92000a16f37 R14: ffff88803a815084 R15: 0000000000000010
FS: 00007f172bf306c0(0000) GS:ffff88805aa00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000
CR0: 0000000080050033 CR2: 00007f172b3569f0 CR3: 0000000057f12005 CR4: 0000000000770ef0 DR0:
0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0
DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> arp_ioctl+0x33f/0x4b0 net/ipv4/arp.c:1261
inet_ioctl+0x314/0x3a0 net/ipv4/af_inet.c:981 sock_do_ioctl+0xdf/0x260 net/socket.c:1204
sock_ioctl+0x3ef/0x650 net/socket.c:1321 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870
[inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x18e/0x220 fs/ioctl.c:856 do_syscall_x64
arch/x86/entry/common.c:51 [inline] do_syscall_64+0x37/0x90 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x64/0xce RIP: 0033:0x7f172b262b8d Code: 66 2e 0f 1f 84 00 00 00 00 00 0f
1f 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0
ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f172bf300b8 EFLAGS: 00000246
ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f172b3abf80 RCX: 00007f172b262b8d RDX:
0000000020000000 RSI: 0000000000008954 RDI: 0000000000000003 RBP: 00007f172b2d3493 R08: 0000000000000000
R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13:
000000000000000b R14: 00007f172b3abf80 R15: 00007f172bf10000 </TASK> (CVE-2024-26733)
- In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix possible use-after-free
and null-ptr-deref The pernet operations structure for the subsystem must be registered before registering
the generic netlink family. (CVE-2024-26735)
- In the Linux kernel, the following vulnerability has been resolved: afs: Increase buffer size in
afs_update_volume_status() The max length of volume->vid value is 20 characters. So increase idbuf[] size
up to 24 to avoid overflow. Found by Linux Verification Center (linuxtesting.org) with SVACE. [DH:
Actually, it's 20 + NUL, so increase it to 24 and use snprintf()] (CVE-2024-26736)
- In the Linux kernel, the following vulnerability has been resolved: bpf: Fix racing between
bpf_timer_cancel_and_free and bpf_timer_cancel The following race is possible between
bpf_timer_cancel_and_free and bpf_timer_cancel. It will lead a UAF on the timer->timer.
bpf_timer_cancel(); spin_lock(); t = timer->time; spin_unlock(); bpf_timer_cancel_and_free(); spin_lock();
t = timer->timer; timer->timer = NULL; spin_unlock(); hrtimer_cancel(&t->timer); kfree(t); /* UAF on t */
hrtimer_cancel(&t->timer); In bpf_timer_cancel_and_free, this patch frees the timer->timer after a rcu
grace period. This requires a rcu_head addition to the struct bpf_hrtimer. Another kfree(t) happens in
bpf_timer_init, this does not need a kfree_rcu because it is still under the spin_lock and timer->timer
has not been visible by others yet. In bpf_timer_cancel, rcu_read_lock() is added because this helper can
be used in a non rcu critical section context (e.g. from a sleepable bpf prog). Other timer->timer usages
in helpers.c have been audited, bpf_timer_cancel() is the only place where timer->timer is used outside of
the spin_lock. Another solution considered is to mark a t->flag in bpf_timer_cancel and clear it after
hrtimer_cancel() is done. In bpf_timer_cancel_and_free, it busy waits for the flag to be cleared before
kfree(t). This patch goes with a straight forward solution and frees timer->timer after a rcu grace
period. (CVE-2024-26737)
- In the Linux kernel, the following vulnerability has been resolved: dccp/tcp: Unhash sk from ehash for tb2
alloc failure after check_estalblished(). syzkaller reported a warning [0] in inet_csk_destroy_sock() with
no repro. WARN_ON(inet_sk(sk)->inet_num && !inet_csk(sk)->icsk_bind_hash); However, the syzkaller's log
hinted that connect() failed just before the warning due to FAULT_INJECTION. [1] When connect() is called
for an unbound socket, we search for an available ephemeral port. If a bhash bucket exists for the port,
we call __inet_check_established() or __inet6_check_established() to check if the bucket is reusable. If
reusable, we add the socket into ehash and set inet_sk(sk)->inet_num. Later, we look up the corresponding
bhash2 bucket and try to allocate it if it does not exist. Although it rarely occurs in real use, if the
allocation fails, we must revert the changes by check_established(). Otherwise, an unconnected socket
could illegally occupy an ehash entry. Note that we do not put tw back into ehash because sk might have
already responded to a packet for tw and it would be better to free tw earlier under such memory presure.
[0]: WARNING: CPU: 0 PID: 350830 at net/ipv4/inet_connection_sock.c:1193 inet_csk_destroy_sock
(net/ipv4/inet_connection_sock.c:1193) Modules linked in: Hardware name: QEMU Standard PC (i440FX + PIIX,
1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 RIP: 0010:inet_csk_destroy_sock
(net/ipv4/inet_connection_sock.c:1193) Code: 41 5c 41 5d 41 5e e9 2d 4a 3d fd e8 28 4a 3d fd 48 89 ef e8
f0 cd 7d ff 5b 5d 41 5c 41 5d 41 5e e9 13 4a 3d fd e8 0e 4a 3d fd <0f> 0b e9 61 fe ff ff e8 02 4a 3d fd 4c
89 e7 be 03 00 00 00 e8 05 RSP: 0018:ffffc9000b21fd38 EFLAGS: 00010293 RAX: 0000000000000000 RBX:
0000000000009e78 RCX: ffffffff840bae40 RDX: ffff88806e46c600 RSI: ffffffff840bb012 RDI: ffff88811755cca8
RBP: ffff88811755c880 R08: 0000000000000003 R09: 0000000000000000 R10: 0000000000009e78 R11:
0000000000000000 R12: ffff88811755c8e0 R13: ffff88811755c892 R14: ffff88811755c918 R15: 0000000000000000
FS: 00007f03e5243800(0000) GS:ffff88811ae00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000
CR0: 0000000080050033 CR2: 0000001b32f21000 CR3: 0000000112ffe001 CR4: 0000000000770ef0 PKRU: 55555554
Call Trace: <TASK> ? inet_csk_destroy_sock (net/ipv4/inet_connection_sock.c:1193) dccp_close
(net/dccp/proto.c:1078) inet_release (net/ipv4/af_inet.c:434) __sock_release (net/socket.c:660) sock_close
(net/socket.c:1423) __fput (fs/file_table.c:377) __fput_sync (fs/file_table.c:462) __x64_sys_close
(fs/open.c:1557 fs/open.c:1539 fs/open.c:1539) do_syscall_64 (arch/x86/entry/common.c:52
arch/x86/entry/common.c:83) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129) RIP:
0033:0x7f03e53852bb Code: 03 00 00 00 0f 05 48 3d 00 f0 ff ff 77 41 c3 48 83 ec 18 89 7c 24 0c e8 43 c9 f5
ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 c9 f5 ff
8b 44 RSP: 002b:00000000005dfba0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: ffffffffffffffda RBX:
0000000000000004 RCX: 00007f03e53852bb RDX: 0000000000000002 RSI: 0000000000000002 RDI: 0000000000000003
RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000167c R10: 0000000008a79680 R11:
0000000000000293 R12: 00007f03e4e43000 R13: 00007f03e4e43170 R14: 00007f03e4e43178 R15: 00007f03e4e43170
</TASK> [1]: FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times
0 CPU: 0 PID: 350833 Comm: syz-executor.1 Not tainted 6.7.0-12272-g2121c43f88f5 #9 Hardware name: QEMU
Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 Call
Trace: <TASK> dump_stack_lvl (lib/dump_stack.c:107 (discriminator 1)) should_fail_ex (lib/fault-
inject.c:52 lib/fault-inject.c:153) should_failslab (mm/slub.c:3748) kmem_cache_alloc (mm/slub.c:3763
mm/slub.c:3842 mm/slub.c:3867) inet_bind2_bucket_create ---truncated--- (CVE-2024-26741)
- In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Fix
disable_managed_interrupts Correct blk-mq registration issue with module parameter
disable_managed_interrupts enabled. When we turn off the default PCI_IRQ_AFFINITY flag, the driver needs
to register with blk-mq using blk_mq_map_queues(). The driver is currently calling blk_mq_pci_map_queues()
which results in a stack trace and possibly undefined behavior. Stack Trace: [ 7.860089] scsi host2:
smartpqi [ 7.871934] WARNING: CPU: 0 PID: 238 at block/blk-mq-pci.c:52 blk_mq_pci_map_queues+0xca/0xd0 [
7.889231] Modules linked in: sd_mod t10_pi sg uas smartpqi(+) crc32c_intel scsi_transport_sas usb_storage
dm_mirror dm_region_hash dm_log dm_mod ipmi_devintf ipmi_msghandler fuse [ 7.924755] CPU: 0 PID: 238 Comm:
kworker/0:3 Not tainted 4.18.0-372.88.1.el8_6_smartpqi_test.x86_64 #1 [ 7.944336] Hardware name: HPE
ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 03/08/2022 [ 7.963026] Workqueue: events
work_for_cpu_fn [ 7.978275] RIP: 0010:blk_mq_pci_map_queues+0xca/0xd0 [ 7.978278] Code: 48 89 de 89 c7 e8
f6 0f 4f 00 3b 05 c4 b7 8e 01 72 e1 5b 31 c0 5d 41 5c 41 5d 41 5e 41 5f e9 7d df 73 00 31 c0 e9 76 df 73
00 <0f> 0b eb bc 90 90 0f 1f 44 00 00 41 57 49 89 ff 41 56 41 55 41 54 [ 7.978280] RSP:
0018:ffffa95fc3707d50 EFLAGS: 00010216 [ 7.978283] RAX: 00000000ffffffff RBX: 0000000000000000 RCX:
0000000000000010 [ 7.978284] RDX: 0000000000000004 RSI: 0000000000000000 RDI: ffff9190c32d4310 [ 7.978286]
RBP: 0000000000000000 R08: ffffa95fc3707d38 R09: ffff91929b81ac00 [ 7.978287] R10: 0000000000000001 R11:
ffffa95fc3707ac0 R12: 0000000000000000 [ 7.978288] R13: ffff9190c32d4000 R14: 00000000ffffffff R15:
ffff9190c4c950a8 [ 7.978290] FS: 0000000000000000(0000) GS:ffff9193efc00000(0000) knlGS:0000000000000000 [
7.978292] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 8.172814] CR2: 000055d11166c000 CR3:
00000002dae10002 CR4: 00000000007706f0 [ 8.172816] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000 [ 8.172817] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 8.172818]
PKRU: 55555554 [ 8.172819] Call Trace: [ 8.172823] blk_mq_alloc_tag_set+0x12e/0x310 [ 8.264339]
scsi_add_host_with_dma.cold.9+0x30/0x245 [ 8.279302] pqi_ctrl_init+0xacf/0xc8e [smartpqi] [ 8.294085] ?
pqi_pci_probe+0x480/0x4c8 [smartpqi] [ 8.309015] pqi_pci_probe+0x480/0x4c8 [smartpqi] [ 8.323286]
local_pci_probe+0x42/0x80 [ 8.337855] work_for_cpu_fn+0x16/0x20 [ 8.351193] process_one_work+0x1a7/0x360 [
8.364462] ? create_worker+0x1a0/0x1a0 [ 8.379252] worker_thread+0x1ce/0x390 [ 8.392623] ?
create_worker+0x1a0/0x1a0 [ 8.406295] kthread+0x10a/0x120 [ 8.418428] ? set_kthread_struct+0x50/0x50 [
8.431532] ret_from_fork+0x1f/0x40 [ 8.444137] ---[ end trace 1bf0173d39354506 ]--- (CVE-2024-26742)
- In the Linux kernel, the following vulnerability has been resolved: RDMA/qedr: Fix qedr_create_user_qp
error flow Avoid the following warning by making sure to free the allocated resources in case that
qedr_init_user_queue() fail. -----------[ cut here ]----------- WARNING: CPU: 0 PID: 143192 at
drivers/infiniband/core/rdma_core.c:874 uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs] Modules linked in:
tls target_core_user uio target_core_pscsi target_core_file target_core_iblock ib_srpt ib_srp
scsi_transport_srp nfsd nfs_acl rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache
netfs 8021q garp mrp stp llc ext4 mbcache jbd2 opa_vnic ib_umad ib_ipoib sunrpc rdma_ucm ib_isert
iscsi_target_mod target_core_mod ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm hfi1
intel_rapl_msr intel_rapl_common mgag200 qedr sb_edac drm_shmem_helper rdmavt x86_pkg_temp_thermal
drm_kms_helper intel_powerclamp ib_uverbs coretemp i2c_algo_bit kvm_intel dell_wmi_descriptor ipmi_ssif
sparse_keymap kvm ib_core rfkill syscopyarea sysfillrect video sysimgblt irqbypass ipmi_si ipmi_devintf
fb_sys_fops rapl iTCO_wdt mxm_wmi iTCO_vendor_support intel_cstate pcspkr dcdbas intel_uncore
ipmi_msghandler lpc_ich acpi_power_meter mei_me mei fuse drm xfs libcrc32c qede sd_mod ahci libahci t10_pi
sg crct10dif_pclmul crc32_pclmul crc32c_intel qed libata tg3 ghash_clmulni_intel megaraid_sas crc8 wmi
[last unloaded: ib_srpt] CPU: 0 PID: 143192 Comm: fi_rdm_tagged_p Kdump: loaded Not tainted
5.14.0-408.el9.x86_64 #1 Hardware name: Dell Inc. PowerEdge R430/03XKDV, BIOS 2.14.0 01/25/2022 RIP:
0010:uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs] Code: 5d 41 5c 41 5d 41 5e e9 0f 26 1b dd 48 89 df e8
67 6a ff ff 49 8b 86 10 01 00 00 48 85 c0 74 9c 4c 89 e7 e8 83 c0 cb dd eb 92 <0f> 0b eb be 0f 0b be 04 00
00 00 48 89 df e8 8e f5 ff ff e9 6d ff RSP: 0018:ffffb7c6cadfbc60 EFLAGS: 00010286 RAX: ffff8f0889ee3f60
RBX: ffff8f088c1a5200 RCX: 00000000802a0016 RDX: 00000000802a0017 RSI: 0000000000000001 RDI:
ffff8f0880042600 RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 R10: ffff8f11fffd5000
R11: 0000000000039000 R12: ffff8f0d5b36cd80 R13: ffff8f088c1a5250 R14: ffff8f1206d91000 R15:
0000000000000000 FS: 0000000000000000(0000) GS:ffff8f11d7c00000(0000) knlGS:0000000000000000 CS: 0010 DS:
0000 ES: 0000 CR0: 0000000080050033 CR2: 0000147069200e20 CR3: 00000001c7210002 CR4: 00000000001706f0 Call
Trace: <TASK> ? show_trace_log_lvl+0x1c4/0x2df ? show_trace_log_lvl+0x1c4/0x2df ?
ib_uverbs_close+0x1f/0xb0 [ib_uverbs] ? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs] ? __warn+0x81/0x110
? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs] ? report_bug+0x10a/0x140 ? handle_bug+0x3c/0x70 ?
exc_invalid_op+0x14/0x70 ? asm_exc_invalid_op+0x16/0x20 ? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]
ib_uverbs_close+0x1f/0xb0 [ib_uverbs] __fput+0x94/0x250 task_work_run+0x5c/0x90 do_exit+0x270/0x4a0
do_group_exit+0x2d/0x90 get_signal+0x87c/0x8c0 arch_do_signal_or_restart+0x25/0x100 ?
ib_uverbs_ioctl+0xc2/0x110 [ib_uverbs] exit_to_user_mode_loop+0x9c/0x130
exit_to_user_mode_prepare+0xb6/0x100 syscall_exit_to_user_mode+0x12/0x40 do_syscall_64+0x69/0x90 ?
syscall_exit_work+0x103/0x130 ? syscall_exit_to_user_mode+0x22/0x40 ? do_syscall_64+0x69/0x90 ?
syscall_exit_work+0x103/0x130 ? syscall_exit_to_user_mode+0x22/0x40 ? do_syscall_64+0x69/0x90 ?
do_syscall_64+0x69/0x90 ? common_interrupt+0x43/0xa0 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP:
0033:0x1470abe3ec6b Code: Unable to access opcode bytes at RIP 0x1470abe3ec41. RSP: 002b:00007fff13ce9108
EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: fffffffffffffffc RBX: 00007fff13ce9218 RCX:
00001470abe3ec6b RDX: 00007fff13ce9200 RSI: 00000000c0181b01 RDI: 0000000000000004 RBP: 00007fff13ce91e0
R08: 0000558d9655da10 R09: 0000558d9655dd00 R10: 00007fff13ce95c0 R11: 0000000000000246 R12:
00007fff13ce9358 R13: 0000000000000013 R14: 0000558d9655db50 R15: 00007fff13ce9470 </TASK> --[ end trace
888a9b92e04c5c97 ]-- (CVE-2024-26743)
- In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Support specifying the
srpt_service_guid parameter Make loading ib_srpt with this parameter set work. The current behavior is
that setting that parameter while loading the ib_srpt kernel module triggers the following kernel crash:
BUG: kernel NULL pointer dereference, address: 0000000000000000 Call Trace: <TASK> parse_one+0x18c/0x1d0
parse_args+0xe1/0x230 load_module+0x8de/0xa60 init_module_from_file+0x8b/0xd0
idempotent_init_module+0x181/0x240 __x64_sys_finit_module+0x5a/0xb0 do_syscall_64+0x5f/0xe0
entry_SYSCALL_64_after_hwframe+0x6e/0x76 (CVE-2024-26744)
- In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: IOMMU table is
not initialized for kdump over SR-IOV When kdump kernel tries to copy dump data over SR-IOV, LPAR panics
due to NULL pointer exception: Kernel attempted to read user page (0) - exploit attempt? (uid: 0) BUG:
Kernel NULL pointer dereference on read at 0x00000000 Faulting instruction address: 0xc000000020847ad4
Oops: Kernel access of bad area, sig: 11 [#1] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries
Modules linked in: mlx5_core(+) vmx_crypto pseries_wdt papr_scm libnvdimm mlxfw tls psample sunrpc fuse
overlay squashfs loop CPU: 12 PID: 315 Comm: systemd-udevd Not tainted 6.4.0-Test102+ #12 Hardware name:
IBM,9080-HEX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NH1060_008) hv:phyp pSeries NIP:
c000000020847ad4 LR: c00000002083b2dc CTR: 00000000006cd18c REGS: c000000029162ca0 TRAP: 0300 Not tainted
(6.4.0-Test102+) MSR: 800000000280b033 <SF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE> CR: 48288244 XER: 00000008 CFAR:
c00000002083b2d8 DAR: 0000000000000000 DSISR: 40000000 IRQMASK: 1 ... NIP _find_next_zero_bit+0x24/0x110
LR bitmap_find_next_zero_area_off+0x5c/0xe0 Call Trace: dev_printk_emit+0x38/0x48 (unreliable)
iommu_area_alloc+0xc4/0x180 iommu_range_alloc+0x1e8/0x580 iommu_alloc+0x60/0x130
iommu_alloc_coherent+0x158/0x2b0 dma_iommu_alloc_coherent+0x3c/0x50 dma_alloc_attrs+0x170/0x1f0
mlx5_cmd_init+0xc0/0x760 [mlx5_core] mlx5_function_setup+0xf0/0x510 [mlx5_core] mlx5_init_one+0x84/0x210
[mlx5_core] probe_one+0x118/0x2c0 [mlx5_core] local_pci_probe+0x68/0x110 pci_call_probe+0x68/0x200
pci_device_probe+0xbc/0x1a0 really_probe+0x104/0x540 __driver_probe_device+0xb4/0x230
driver_probe_device+0x54/0x130 __driver_attach+0x158/0x2b0 bus_for_each_dev+0xa8/0x130
driver_attach+0x34/0x50 bus_add_driver+0x16c/0x300 driver_register+0xa4/0x1b0
__pci_register_driver+0x68/0x80 mlx5_init+0xb8/0x100 [mlx5_core] do_one_initcall+0x60/0x300
do_init_module+0x7c/0x2b0 At the time of LPAR dump, before kexec hands over control to kdump kernel, DDWs
(Dynamic DMA Windows) are scanned and added to the FDT. For the SR-IOV case, default DMA window ibm,dma-
window is removed from the FDT and DDW added, for the device. Now, kexec hands over control to the kdump
kernel. When the kdump kernel initializes, PCI busses are scanned and IOMMU group/tables created, in
pci_dma_bus_setup_pSeriesLP(). For the SR-IOV case, there is no ibm,dma-window. The original commit:
b1fc44eaa9ba, fixes the path where memory is pre-mapped (direct mapped) to the DDW. When TCEs are direct
mapped, there is no need to initialize IOMMU tables. iommu_table_setparms_lpar() only considers ibm,dma-
window property when initiallizing IOMMU table. In the scenario where TCEs are dynamically allocated for
SR-IOV, newly created IOMMU table is not initialized. Later, when the device driver tries to enter TCEs
for the SR-IOV device, NULL pointer execption is thrown from iommu_area_alloc(). The fix is to initialize
the IOMMU table with DDW property stored in the FDT. There are 2 points to remember: 1. For the dedicated
adapter, kdump kernel would encounter both default and DDW in FDT. In this case, DDW property is used to
initialize the IOMMU table. 2. A DDW could be direct or dynamic mapped. kdump kernel would initialize
IOMMU table and mark the existing DDW as dynamic. This works fine since, at the time of table
initialization, iommu_table_clear() makes some space in the DDW, for some predefined number of TCEs which
are needed for kdump to succeed. (CVE-2024-26745)
- In the Linux kernel, the following vulnerability has been resolved: usb: roles: fix NULL pointer issue
when put module's reference In current design, usb role class driver will get usb_role_switch parent's
module reference after the user get usb_role_switch device and put the reference after the user put the
usb_role_switch device. However, the parent device of usb_role_switch may be removed before the user put
the usb_role_switch. If so, then, NULL pointer issue will be met when the user put the parent module's
reference. This will save the module pointer in structure of usb_role_switch. Then, we don't need to find
module by iterating long relations. (CVE-2024-26747)
- In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix memory double free
when handle zero packet 829 if (request->complete) { 830 spin_unlock(&priv_dev->lock); 831
usb_gadget_giveback_request(&priv_ep->endpoint, 832 request); 833 spin_lock(&priv_dev->lock); 834 } 835
836 if (request->buf == priv_dev->zlp_buf) 837 cdns3_gadget_ep_free_request(&priv_ep->endpoint, request);
Driver append an additional zero packet request when queue a packet, which length mod max packet size is
0. When transfer complete, run to line 831, usb_gadget_giveback_request() will free this requestion. 836
condition is true, so cdns3_gadget_ep_free_request() free this request again. Log: [ 1920.140696][ T150]
BUG: KFENCE: use-after-free read in cdns3_gadget_giveback+0x134/0x2c0 [cdns3] [ 1920.140696][ T150] [
1920.151837][ T150] Use-after-free read at 0x000000003d1cd10b (in kfence-#36): [ 1920.159082][ T150]
cdns3_gadget_giveback+0x134/0x2c0 [cdns3] [ 1920.164988][ T150] cdns3_transfer_completed+0x438/0x5f8
[cdns3] Add check at line 829, skip call usb_gadget_giveback_request() if it is additional zero length
packet request. Needn't call usb_gadget_giveback_request() because it is allocated in this driver.
(CVE-2024-26748)
- In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fixed memory use after
free at cdns3_gadget_ep_disable() ... cdns3_gadget_ep_free_request(&priv_ep->endpoint,
&priv_req->request); list_del_init(&priv_req->list); ... 'priv_req' actually free at
cdns3_gadget_ep_free_request(). But list_del_init() use priv_req->list after it. [ 1542.642868][ T534]
BUG: KFENCE: use-after-free read in __list_del_entry_valid+0x10/0xd4 [ 1542.642868][ T534] [ 1542.653162][
T534] Use-after-free read at 0x000000009ed0ba99 (in kfence-#3): [ 1542.660311][ T534]
__list_del_entry_valid+0x10/0xd4 [ 1542.665375][ T534] cdns3_gadget_ep_disable+0x1f8/0x388 [cdns3] [
1542.671571][ T534] usb_ep_disable+0x44/0xe4 [ 1542.675948][ T534] ffs_func_eps_disable+0x64/0xc8 [
1542.680839][ T534] ffs_func_set_alt+0x74/0x368 [ 1542.685478][ T534] ffs_func_disable+0x18/0x28 Move
list_del_init() before cdns3_gadget_ep_free_request() to resolve this problem. (CVE-2024-26749)
- In the Linux kernel, the following vulnerability has been resolved: af_unix: Drop oob_skb ref before
purging queue in GC. syzbot reported another task hung in __unix_gc(). [0] The current while loop assumes
that all of the left candidates have oob_skb and calling kfree_skb(oob_skb) releases the remaining
candidates. However, I missed a case that oob_skb has self-referencing fd and another fd and the latter sk
is placed before the former in the candidate list. Then, the while loop never proceeds, resulting the task
hung. __unix_gc() has the same loop just before purging the collected skb, so we can call
kfree_skb(oob_skb) there and let __skb_queue_purge() release all inflight sockets. [0]: Sending NMI from
CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 2784 Comm: kworker/u4:8 Not tainted
6.8.0-rc4-syzkaller-01028-g71b605d32017 #0 Hardware name: Google Google Compute Engine/Google Compute
Engine, BIOS Google 01/25/2024 Workqueue: events_unbound __unix_gc RIP:
0010:__sanitizer_cov_trace_pc+0x0/0x70 kernel/kcov.c:200 Code: 89 fb e8 23 00 00 00 48 8b 3d 84 f5 1a 0c
48 89 de 5b e9 43 26 57 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 48 8b 04
24 65 48 8b 0d 90 52 70 7e 65 8b 15 91 52 70 RSP: 0018:ffffc9000a17fa78 EFLAGS: 00000287 RAX:
ffffffff8a0a6108 RBX: ffff88802b6c2640 RCX: ffff88802c0b3b80 RDX: 0000000000000000 RSI: 0000000000000002
RDI: 0000000000000000 RBP: ffffc9000a17fbf0 R08: ffffffff89383f1d R09: 1ffff1100ee5ff84 R10:
dffffc0000000000 R11: ffffed100ee5ff85 R12: 1ffff110056d84ee R13: ffffc9000a17fae0 R14: 0000000000000000
R15: ffffffff8f47b840 FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 CS: 0010
DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffef5687ff8 CR3: 0000000029b34000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6:
00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <NMI> </NMI> <TASK> __unix_gc+0xe69/0xf40
net/unix/garbage.c:343 process_one_work kernel/workqueue.c:2633 [inline]
process_scheduled_works+0x913/0x1420 kernel/workqueue.c:2706 worker_thread+0xa5f/0x1000
kernel/workqueue.c:2787 kthread+0x2ef/0x390 kernel/kthread.c:388 ret_from_fork+0x4b/0x80
arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:242 </TASK>
(CVE-2024-26750)
- In the Linux kernel, the following vulnerability has been resolved: ARM: ep93xx: Add terminator to
gpiod_lookup_table Without the terminator, if a con_id is passed to gpio_find() that does not exist in the
lookup table the function will not stop looping correctly, and eventually cause an oops. (CVE-2024-26751)
- In the Linux kernel, the following vulnerability has been resolved: l2tp: pass correct message length to
ip6_append_data l2tp_ip6_sendmsg needs to avoid accounting for the transport header twice when splicing
more data into an already partially-occupied skbuff. To manage this, we check whether the skbuff contains
data using skb_queue_empty when deciding how much data to append using ip6_append_data. However, the code
which performed the calculation was incorrect: ulen = len + skb_queue_empty(&sk->sk_write_queue) ?
transhdrlen : 0; ...due to C operator precedence, this ends up setting ulen to transhdrlen for messages
with a non-zero length, which results in corrupted packets on the wire. Add parentheses to correct the
calculation in line with the original intent. (CVE-2024-26752)
- In the Linux kernel, the following vulnerability has been resolved: crypto: virtio/akcipher - Fix stack
overflow on memcpy sizeof(struct virtio_crypto_akcipher_session_para) is less than sizeof(struct
virtio_crypto_op_ctrl_req::u), copying more bytes from stack variable leads stack overflow. Clang reports
this issue by commands: make -j CC=clang-14 mrproper >/dev/null 2>&1 make -j O=/tmp/crypto-build
CC=clang-14 allmodconfig >/dev/null 2>&1 make -j O=/tmp/crypto-build W=1 CC=clang-14
drivers/crypto/virtio/ virtio_crypto_akcipher_algs.o (CVE-2024-26753)
- In the Linux kernel, the following vulnerability has been resolved: gtp: fix use-after-free and null-ptr-
deref in gtp_genl_dump_pdp() The gtp_net_ops pernet operations structure for the subsystem must be
registered before registering the generic netlink family. Syzkaller hit 'general protection fault in
gtp_genl_dump_pdp' bug: general protection fault, probably for non-canonical address 0xdffffc0000000002:
0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
CPU: 1 PID: 5826 Comm: gtp Not tainted 6.8.0-rc3-std-def-alt1 #1 Hardware name: QEMU Standard PC (Q35 +
ICH9, 2009), BIOS 1.16.0-alt1 04/01/2014 RIP: 0010:gtp_genl_dump_pdp+0x1be/0x800 [gtp] Code: c6 89 c6 e8
64 e9 86 df 58 45 85 f6 0f 85 4e 04 00 00 e8 c5 ee 86 df 48 8b 54 24 18 48 b8 00 00 00 00 00 fc ff df 48
c1 ea 03 <80> 3c 02 00 0f 85 de 05 00 00 48 8b 44 24 18 4c 8b 30 4c 39 f0 74 RSP: 0018:ffff888014107220
EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000002
RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09:
0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: ffff88800fcda588
R14: 0000000000000001 R15: 0000000000000000 FS: 00007f1be4eb05c0(0000) GS:ffff88806ce80000(0000)
knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f1be4e766cf CR3:
000000000c33e000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> ? show_regs+0x90/0xa0 ?
die_addr+0x50/0xd0 ? exc_general_protection+0x148/0x220 ? asm_exc_general_protection+0x22/0x30 ?
gtp_genl_dump_pdp+0x1be/0x800 [gtp] ? __alloc_skb+0x1dd/0x350 ? __pfx___alloc_skb+0x10/0x10
genl_dumpit+0x11d/0x230 netlink_dump+0x5b9/0xce0 ? lockdep_hardirqs_on_prepare+0x253/0x430 ?
__pfx_netlink_dump+0x10/0x10 ? kasan_save_track+0x10/0x40 ? __kasan_kmalloc+0x9b/0xa0 ?
genl_start+0x675/0x970 __netlink_dump_start+0x6fc/0x9f0 genl_family_rcv_msg_dumpit+0x1bb/0x2d0 ?
__pfx_genl_family_rcv_msg_dumpit+0x10/0x10 ? genl_op_from_small+0x2a/0x440 ? cap_capable+0x1d0/0x240 ?
__pfx_genl_start+0x10/0x10 ? __pfx_genl_dumpit+0x10/0x10 ? __pfx_genl_done+0x10/0x10 ?
security_capable+0x9d/0xe0 (CVE-2024-26754)
- In the Linux kernel, the following vulnerability has been resolved: mm/swap: fix race when skipping
swapcache When skipping swapcache for SWP_SYNCHRONOUS_IO, if two or more threads swapin the same entry at
the same time, they get different pages (A, B). Before one thread (T0) finishes the swapin and installs
page (A) to the PTE, another thread (T1) could finish swapin of page (B), swap_free the entry, then swap
out the possibly modified page reusing the same entry. It breaks the pte_same check in (T0) because PTE
value is unchanged, causing ABA problem. Thread (T0) will install a stalled page (A) into the PTE and
cause data corruption. One possible callstack is like this: CPU0 CPU1 ---- ---- do_swap_page()
do_swap_page() with same entry <direct swapin path> <direct swapin path> <alloc page A> <alloc page B>
swap_read_folio() <- read to page A swap_read_folio() <- read to page B <slow on later locks or interrupt>
<finished swapin first> ... set_pte_at() swap_free() <- entry is free <write to page B, now page A
stalled> <swap out page B to same swap entry> pte_same() <- Check pass, PTE seems unchanged, but page A is
stalled! swap_free() <- page B content lost! set_pte_at() <- staled page A installed! And besides, for
ZRAM, swap_free() allows the swap device to discard the entry content, so even if page (B) is not
modified, if swap_read_folio() on CPU0 happens later than swap_free() on CPU1, it may also cause data
loss. To fix this, reuse swapcache_prepare which will pin the swap entry using the cache flag, and allow
only one thread to swap it in, also prevent any parallel code from putting the entry in the cache. Release
the pin after PT unlocked. Racers just loop and wait since it's a rare and very short event. A
schedule_timeout_uninterruptible(1) call is added to avoid repeated page faults wasting too much CPU,
causing livelock or adding too much noise to perf statistics. A similar livelock issue was described in
commit 029c4628b2eb (mm: swap: get rid of livelock in swapin readahead) Reproducer: This race issue can
be triggered easily using a well constructed reproducer and patched brd (with a delay in read path) [1]:
With latest 6.8 mainline, race caused data loss can be observed easily: $ gcc -g -lpthread test-thread-
swap-race.c && ./a.out Polulating 32MB of memory region... Keep swapping out... Starting round 0...
Spawning 65536 workers... 32746 workers spawned, wait for done... Round 0: Error on 0x5aa00, expected
32746, got 32743, 3 data loss! Round 0: Error on 0x395200, expected 32746, got 32743, 3 data loss! Round
0: Error on 0x3fd000, expected 32746, got 32737, 9 data loss! Round 0 Failed, 15 data loss! This
reproducer spawns multiple threads sharing the same memory region using a small swap device. Every two
threads updates mapped pages one by one in opposite direction trying to create a race, with one dedicated
thread keep swapping out the data out using madvise. The reproducer created a reproduce rate of about once
every 5 minutes, so the race should be totally possible in production. After this patch, I ran the
reproducer for over a few hundred rounds and no data loss observed. Performance overhead is minimal,
microbenchmark swapin 10G from 32G zram: Before: 10934698 us After: 11157121 us Cached: 13155355 us
(Dropping SWP_SYNCHRONOUS_IO flag) [[email protected]: v4] Link:
https://lkml.kernel.org/r/[email protected] (CVE-2024-26759)
- In the Linux kernel, the following vulnerability has been resolved: scsi: target: pscsi: Fix bio_put() for
error case As of commit 066ff571011d (block: turn bio_kmalloc into a simple kmalloc wrapper), a bio
allocated by bio_kmalloc() must be freed by bio_uninit() and kfree(). That is not done properly for the
error case, hitting WARN and NULL pointer dereference in bio_free(). (CVE-2024-26760)
- In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Fix disabling memory if DVSEC
CXL Range does not match a CFMWS window The Linux CXL subsystem is built on the assumption that HPA ==
SPA. That is, the host physical address (HPA) the HDM decoder registers are programmed with are system
physical addresses (SPA). During HDM decoder setup, the DVSEC CXL range registers (cxl-3.1, 8.1.3.8) are
checked if the memory is enabled and the CXL range is in a HPA window that is described in a CFMWS
structure of the CXL host bridge (cxl-3.1, 9.18.1.3). Now, if the HPA is not an SPA, the CXL range does
not match a CFMWS window and the CXL memory range will be disabled then. The HDM decoder stops working
which causes system memory being disabled and further a system hang during HDM decoder initialization,
typically when a CXL enabled kernel boots. Prevent a system hang and do not disable the HDM decoder if the
decoder's CXL range is not found in a CFMWS window. Note the change only fixes a hardware hang, but does
not implement HPA/SPA translation. Support for this can be added in a follow on patch series.
(CVE-2024-26761)
- In the Linux kernel, the following vulnerability has been resolved: dm-crypt: don't modify the data when
using authenticated encryption It was said that authenticated encryption could produce invalid tag when
the data that is being encrypted is modified [1]. So, fix this problem by copying the data into the clone
bio first and then encrypt them inside the clone bio. This may reduce performance, but it is needed to
prevent the user from corrupting the device by writing data with O_DIRECT and modifying them at the same
time. [1] https://lore.kernel.org/all/[email protected]/T/ (CVE-2024-26763)
- In the Linux kernel, the following vulnerability has been resolved: fs/aio: Restrict kiocb_set_cancel_fn()
to I/O submitted via libaio If kiocb_set_cancel_fn() is called for I/O submitted via io_uring, the
following kernel warning appears: WARNING: CPU: 3 PID: 368 at fs/aio.c:598 kiocb_set_cancel_fn+0x9c/0xa8
Call trace: kiocb_set_cancel_fn+0x9c/0xa8 ffs_epfile_read_iter+0x144/0x1d0 io_read+0x19c/0x498
io_issue_sqe+0x118/0x27c io_submit_sqes+0x25c/0x5fc __arm64_sys_io_uring_enter+0x104/0xab0
invoke_syscall+0x58/0x11c el0_svc_common+0xb4/0xf4 do_el0_svc+0x2c/0xb0 el0_svc+0x2c/0xa4
el0t_64_sync_handler+0x68/0xb4 el0t_64_sync+0x1a4/0x1a8 Fix this by setting the IOCB_AIO_RW flag for read
and write I/O that is submitted by libaio. (CVE-2024-26764)
- In the Linux kernel, the following vulnerability has been resolved: LoongArch: Disable IRQ before
init_fn() for nonboot CPUs Disable IRQ before init_fn() for nonboot CPUs when hotplug, in order to silence
such warnings (and also avoid potential errors due to unexpected interrupts): WARNING: CPU: 1 PID: 0 at
kernel/rcu/tree.c:4503 rcu_cpu_starting+0x214/0x280 CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.6.17+
#1198 pc 90000000048e3334 ra 90000000047bd56c tp 900000010039c000 sp 900000010039fdd0 a0 0000000000000001
a1 0000000000000006 a2 900000000802c040 a3 0000000000000000 a4 0000000000000001 a5 0000000000000004 a6
0000000000000000 a7 90000000048e3f4c t0 0000000000000001 t1 9000000005c70968 t2 0000000004000000 t3
000000000005e56e t4 00000000000002e4 t5 0000000000001000 t6 ffffffff80000000 t7 0000000000040000 t8
9000000007931638 u0 0000000000000006 s9 0000000000000004 s0 0000000000000001 s1 9000000006356ac0 s2
9000000007244000 s3 0000000000000001 s4 0000000000000001 s5 900000000636f000 s6 7fffffffffffffff s7
9000000002123940 s8 9000000001ca55f8 ra: 90000000047bd56c tlb_init+0x24c/0x528 ERA: 90000000048e3334
rcu_cpu_starting+0x214/0x280 CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE) PRMD: 00000000 (PPLV0
-PIE -PWE) EUEN: 00000000 (-FPE -SXE -ASXE -BTE) ECFG: 00071000 (LIE=12 VS=7) ESTAT: 000c0000 [BRK] (IS=
ECode=12 EsubCode=0) PRID: 0014c010 (Loongson-64bit, Loongson-3A5000) CPU: 1 PID: 0 Comm: swapper/1 Not
tainted 6.6.17+ #1198 Stack : 0000000000000000 9000000006375000 9000000005b61878 900000010039c000
900000010039fa30 0000000000000000 900000010039fa38 900000000619a140 9000000006456888 9000000006456880
900000010039f950 0000000000000001 0000000000000001 cb0cb028ec7e52e1 0000000002b90000 9000000100348700
0000000000000000 0000000000000001 ffffffff916d12f1 0000000000000003 0000000000040000 9000000007930370
0000000002b90000 0000000000000004 9000000006366000 900000000619a140 0000000000000000 0000000000000004
0000000000000000 0000000000000009 ffffffffffc681f2 9000000002123940 9000000001ca55f8 9000000006366000
90000000047a4828 00007ffff057ded8 00000000000000b0 0000000000000000 0000000000000000 0000000000071000 ...
Call Trace: [<90000000047a4828>] show_stack+0x48/0x1a0 [<9000000005b61874>] dump_stack_lvl+0x84/0xcc
[<90000000047f60ac>] __warn+0x8c/0x1e0 [<9000000005b0ab34>] report_bug+0x1b4/0x280 [<9000000005b63110>]
do_bp+0x2d0/0x480 [<90000000047a2e20>] handle_bp+0x120/0x1c0 [<90000000048e3334>]
rcu_cpu_starting+0x214/0x280 [<90000000047bd568>] tlb_init+0x248/0x528 [<90000000047a4c44>]
per_cpu_trap_init+0x124/0x160 [<90000000047a19f4>] cpu_probe+0x494/0xa00 [<90000000047b551c>]
start_secondary+0x3c/0xc0 [<9000000005b66134>] smpboot_entry+0x50/0x58 (CVE-2024-26765)
- In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix sdma.h tx->num_descs off-
by-one error Unfortunately the commit `fd8958efe877` introduced another error causing the `descs` array to
overflow. This reults in further crashes easily reproducible by `sendmsg` system call. [ 1080.836473]
general protection fault, probably for non-canonical address 0x400300015528b00a: 0000 [#1] PREEMPT SMP PTI
[ 1080.869326] RIP: 0010:hfi1_ipoib_build_ib_tx_headers.constprop.0+0xe1/0x2b0 [hfi1] -- [ 1080.974535]
Call Trace: [ 1080.976990] <TASK> [ 1081.021929] hfi1_ipoib_send_dma_common+0x7a/0x2e0 [hfi1] [
1081.027364] hfi1_ipoib_send_dma_list+0x62/0x270 [hfi1] [ 1081.032633] hfi1_ipoib_send+0x112/0x300 [hfi1]
[ 1081.042001] ipoib_start_xmit+0x2a9/0x2d0 [ib_ipoib] [ 1081.046978] dev_hard_start_xmit+0xc4/0x210 -- [
1081.148347] __sys_sendmsg+0x59/0xa0 crash> ipoib_txreq 0xffff9cfeba229f00 struct ipoib_txreq { txreq = {
list = { next = 0xffff9cfeba229f00, prev = 0xffff9cfeba229f00 }, descp = 0xffff9cfeba229f40, coalesce_buf
= 0x0, wait = 0xffff9cfea4e69a48, complete = 0xffffffffc0fe0760 <hfi1_ipoib_sdma_complete>, packet_len =
0x46d, tlen = 0x0, num_desc = 0x0, desc_limit = 0x6, next_descq_idx = 0x45c, coalesce_idx = 0x0, flags =
0x0, descs = {{ qw = {0x8024000120dffb00, 0x4} # SDMA_DESC0_FIRST_DESC_FLAG (bit 63) }, { qw = {
0x3800014231b108, 0x4} }, { qw = { 0x310000e4ee0fcf0, 0x8} }, { qw = { 0x3000012e9f8000, 0x8} }, { qw = {
0x59000dfb9d0000, 0x8} }, { qw = { 0x78000e02e40000, 0x8} }} }, sdma_hdr = 0x400300015528b000, <<< invalid
pointer in the tx request structure sdma_status = 0x0, SDMA_DESC0_LAST_DESC_FLAG (bit 62) complete = 0x0,
priv = 0x0, txq = 0xffff9cfea4e69880, skb = 0xffff9d099809f400 } If an SDMA send consists of exactly 6
descriptors and requires dword padding (in the 7th descriptor), the sdma_txreq descriptor array is not
properly expanded and the packet will overflow into the container structure. This results in a panic when
the send completion runs. The exact panic varies depending on what elements of the container structure get
corrupted. The fix is to use the correct expression in _pad_sdma_tx_descs() to test the need to expand the
descriptor array. With this patch the crashes are no longer reproducible and the machine is stable.
(CVE-2024-26766)
- In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: avoid deadlock on delete
association path When deleting an association the shutdown path is deadlocking because we try to flush the
nvmet_wq nested. Avoid this by deadlock by deferring the put work into its own work item. (CVE-2024-26769)
- In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: edma: Add some null
pointer checks to the edma_probe devm_kasprintf() returns a pointer to dynamically allocated memory which
can be NULL upon failure. Ensure the allocation was successful by checking the pointer validity.
(CVE-2024-26771)
- In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from
corrupted group in ext4_mb_find_by_goal() Places the logic for checking if the group's block bitmap is
corrupt under the protection of the group lock to avoid allocating blocks from the group with a corrupted
block bitmap. (CVE-2024-26772)
- In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from
corrupted group in ext4_mb_try_best_found() Determine if the group block bitmap is corrupted before using
ac_b_ex in ext4_mb_try_best_found() to avoid allocating blocks from a group with a corrupted block bitmap
in the following concurrency and making the situation worse. ext4_mb_regular_allocator ext4_lock_group(sb,
group) ext4_mb_good_group // check if the group bbitmap is corrupted ext4_mb_complex_scan_group // Scan
group gets ac_b_ex but doesn't use it ext4_unlock_group(sb, group) ext4_mark_group_bitmap_corrupted(group)
// The block bitmap was corrupted during // the group unlock gap. ext4_mb_try_best_found
ext4_lock_group(ac->ac_sb, group) ext4_mb_use_best_found mb_mark_used // Allocating blocks in block bitmap
corrupted group (CVE-2024-26773)
- In the Linux kernel, the following vulnerability has been resolved: ext4: avoid dividing by 0 in
mb_update_avg_fragment_size() when block bitmap corrupt Determine if bb_fragments is 0 instead of
determining bb_free to eliminate the risk of dividing by zero when the block bitmap is corrupted.
(CVE-2024-26774)
- In the Linux kernel, the following vulnerability has been resolved: aoe: avoid potential deadlock at
set_capacity Move set_capacity() outside of the section procected by (&d->lock). To avoid possible
interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- [1] lock(&bdev->bd_size_lock); local_irq_disable();
[2] lock(&d->lock); [3] lock(&bdev->bd_size_lock); <Interrupt> [4] lock(&d->lock); *** DEADLOCK *** Where
[1](&bdev->bd_size_lock) hold by zram_add()->set_capacity(). [2]lock(&d->lock) hold by aoeblk_gdalloc().
And aoeblk_gdalloc() is trying to acquire [3](&bdev->bd_size_lock) at set_capacity() call. In this
situation an attempt to acquire [4]lock(&d->lock) from aoecmd_cfg_rsp() will lead to deadlock. So the
simplest solution is breaking lock dependency [2](&d->lock) -> [3](&bdev->bd_size_lock) by moving
set_capacity() outside. (CVE-2024-26775)
- In the Linux kernel, the following vulnerability has been resolved: spi: hisi-sfc-v3xx: Return IRQ_NONE if
no interrupts were detected Return IRQ_NONE from the interrupt handler when no interrupt was detected.
Because an empty interrupt will cause a null pointer error: Unable to handle kernel NULL pointer
dereference at virtual address 0000000000000008 Call trace: complete+0x54/0x100
hisi_sfc_v3xx_isr+0x2c/0x40 [spi_hisi_sfc_v3xx] __handle_irq_event_percpu+0x64/0x1e0
handle_irq_event+0x7c/0x1cc (CVE-2024-26776)
- In the Linux kernel, the following vulnerability has been resolved: fbdev: sis: Error out if pixclock
equals zero The userspace program could pass any values to the driver through ioctl() interface. If the
driver doesn't check the value of pixclock, it may cause divide-by-zero error. In sisfb_check_var(),
var->pixclock is used as a divisor to caculate drate before it is checked against zero. Fix this by
checking it at the beginning. This is similar to CVE-2022-3061 in i740fb which was fixed by commit
15cf0b8. (CVE-2024-26777)
- In the Linux kernel, the following vulnerability has been resolved: fbdev: savage: Error out if pixclock
equals zero The userspace program could pass any values to the driver through ioctl() interface. If the
driver doesn't check the value of pixclock, it may cause divide-by-zero error. Although pixclock is
checked in savagefb_decode_var(), but it is not checked properly in savagefb_probe(). Fix this by checking
whether pixclock is zero in the function savagefb_check_var() before info->var.pixclock is used as the
divisor. This is similar to CVE-2022-3061 in i740fb which was fixed by commit 15cf0b8. (CVE-2024-26778)
- In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix race condition on
enabling fast-xmit fast-xmit must only be enabled after the sta has been uploaded to the driver, otherwise
it could end up passing the not-yet-uploaded sta via drv_tx calls to the driver, leading to potential
crashes because of uninitialized drv_priv data. Add a missing sta->uploaded check and re-check fast xmit
after inserting a sta. (CVE-2024-26779)
- In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix task hung while purging
oob_skb in GC. syzbot reported a task hung; at the same time, GC was looping infinitely in
list_for_each_entry_safe() for OOB skb. [0] syzbot demonstrated that the list_for_each_entry_safe() was
not actually safe in this case. A single skb could have references for multiple sockets. If we free such a
skb in the list_for_each_entry_safe(), the current and next sockets could be unlinked in a single
iteration. unix_notinflight() uses list_del_init() to unlink the socket, so the prefetched next socket
forms a loop itself and list_for_each_entry_safe() never stops. Here, we must use while() and make sure we
always fetch the first socket. [0]: Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID:
5065 Comm: syz-executor236 Not tainted 6.8.0-rc3-syzkaller-00136-g1f719a2f3fa6 #0 Hardware name: Google
Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 RIP: 0010:preempt_count
arch/x86/include/asm/preempt.h:26 [inline] RIP: 0010:check_kcov_mode kernel/kcov.c:173 [inline] RIP:
0010:__sanitizer_cov_trace_pc+0xd/0x60 kernel/kcov.c:207 Code: cc cc cc cc 66 0f 1f 84 00 00 00 00 00 90
90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 65 48 8b 14 25 40 c2 03 00 <65> 8b 05 b4 7c 78 7e
a9 00 01 ff 00 48 8b 34 24 74 0f f6 c4 01 74 RSP: 0018:ffffc900033efa58 EFLAGS: 00000283 RAX:
ffff88807b077800 RBX: ffff88807b077800 RCX: 1ffffffff27b1189 RDX: ffff88802a5a3b80 RSI: ffffffff8968488d
RDI: ffff88807b077f70 RBP: ffffc900033efbb0 R08: 0000000000000001 R09: fffffbfff27a900c R10:
ffffffff93d48067 R11: ffffffff8ae000eb R12: ffff88807b077800 R13: dffffc0000000000 R14: ffff88807b077e40
R15: 0000000000000001 FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 CS: 0010
DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000564f4fc1e3a8 CR3: 000000000d57a000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6:
00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <NMI> </NMI> <TASK> unix_gc+0x563/0x13b0
net/unix/garbage.c:319 unix_release_sock+0xa93/0xf80 net/unix/af_unix.c:683 unix_release+0x91/0xf0
net/unix/af_unix.c:1064 __sock_release+0xb0/0x270 net/socket.c:659 sock_close+0x1c/0x30 net/socket.c:1421
__fput+0x270/0xb80 fs/file_table.c:376 task_work_run+0x14f/0x250 kernel/task_work.c:180 exit_task_work
include/linux/task_work.h:38 [inline] do_exit+0xa8a/0x2ad0 kernel/exit.c:871 do_group_exit+0xd4/0x2a0
kernel/exit.c:1020 __do_sys_exit_group kernel/exit.c:1031 [inline] __se_sys_exit_group kernel/exit.c:1029
[inline] __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1029 do_syscall_x64 arch/x86/entry/common.c:52
[inline] do_syscall_64+0xd5/0x270 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x6f/0x77 RIP:
0033:0x7f9d6cbdac09 Code: Unable to access opcode bytes at 0x7f9d6cbdabdf. RSP: 002b:00007fff5952feb8
EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 0000000000000000 RCX:
00007f9d6cbdac09 RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 RBP: 00007f9d6cc552b0
R08: ffffffffffffffb8 R09: 0000000000000006 R10: 0000000000000006 R11: 0000000000000246 R12:
00007f9d6cc552b0 R13: 0000000000000000 R14: 00007f9d6cc55d00 R15: 00007f9d6cbabe70 </TASK>
(CVE-2024-26780)
- In the Linux kernel, the following vulnerability has been resolved: mptcp: fix possible deadlock in
subflow diag Syzbot and Eric reported a lockdep splat in the subflow diag: WARNING: possible circular
locking dependency detected 6.8.0-rc4-syzkaller-00212-g40b9385dd8e6 #0 Not tainted syz-executor.2/24141 is
trying to acquire lock: ffff888045870130 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: tcp_diag_put_ulp
net/ipv4/tcp_diag.c:100 [inline] ffff888045870130 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at:
tcp_diag_get_aux+0x738/0x830 net/ipv4/tcp_diag.c:137 but task is already holding lock: ffffc9000135e488
(&h->lhash2[i].lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline] ffffc9000135e488
(&h->lhash2[i].lock){+.+.}-{2:2}, at: inet_diag_dump_icsk+0x39f/0x1f80 net/ipv4/inet_diag.c:1038 which
lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1
(&h->lhash2[i].lock){+.+.}-{2:2}: lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock
include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:351 [inline] __inet_hash+0x335/0xbe0 net/ipv4/inet_hashtables.c:743
inet_csk_listen_start+0x23a/0x320 net/ipv4/inet_connection_sock.c:1261 __inet_listen_sk+0x2a2/0x770
net/ipv4/af_inet.c:217 inet_listen+0xa3/0x110 net/ipv4/af_inet.c:239 rds_tcp_listen_init+0x3fd/0x5a0
net/rds/tcp_listen.c:316 rds_tcp_init_net+0x141/0x320 net/rds/tcp.c:577 ops_init+0x352/0x610
net/core/net_namespace.c:136 __register_pernet_operations net/core/net_namespace.c:1214 [inline]
register_pernet_operations+0x2cb/0x660 net/core/net_namespace.c:1283 register_pernet_device+0x33/0x80
net/core/net_namespace.c:1370 rds_tcp_init+0x62/0xd0 net/rds/tcp.c:735 do_one_initcall+0x238/0x830
init/main.c:1236 do_initcall_level+0x157/0x210 init/main.c:1298 do_initcalls+0x3f/0x80 init/main.c:1314
kernel_init_freeable+0x42f/0x5d0 init/main.c:1551 kernel_init+0x1d/0x2a0 init/main.c:1441
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1b/0x30
arch/x86/entry/entry_64.S:242 -> #0 (k-sk_lock-AF_INET6){+.+.}-{0:0}: check_prev_add
kernel/locking/lockdep.c:3134 [inline] check_prevs_add kernel/locking/lockdep.c:3253 [inline]
validate_chain+0x18ca/0x58e0 kernel/locking/lockdep.c:3869 __lock_acquire+0x1345/0x1fd0
kernel/locking/lockdep.c:5137 lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754 lock_sock_fast
include/net/sock.h:1723 [inline] subflow_get_info+0x166/0xd20 net/mptcp/diag.c:28 tcp_diag_put_ulp
net/ipv4/tcp_diag.c:100 [inline] tcp_diag_get_aux+0x738/0x830 net/ipv4/tcp_diag.c:137
inet_sk_diag_fill+0x10ed/0x1e00 net/ipv4/inet_diag.c:345 inet_diag_dump_icsk+0x55b/0x1f80
net/ipv4/inet_diag.c:1061 __inet_diag_dump+0x211/0x3a0 net/ipv4/inet_diag.c:1263
inet_diag_dump_compat+0x1c1/0x2d0 net/ipv4/inet_diag.c:1371 netlink_dump+0x59b/0xc80
net/netlink/af_netlink.c:2264 __netlink_dump_start+0x5df/0x790 net/netlink/af_netlink.c:2370
netlink_dump_start include/linux/netlink.h:338 [inline] inet_diag_rcv_msg_compat+0x209/0x4c0
net/ipv4/inet_diag.c:1405 sock_diag_rcv_msg+0xe7/0x410 netlink_rcv_skb+0x1e3/0x430
net/netlink/af_netlink.c:2543 sock_diag_rcv+0x2a/0x40 net/core/sock_diag.c:280 netlink_unicast_kernel
net/netlink/af_netlink.c:1341 [inline] netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367
netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg+0x221/0x270 net/socket.c:745 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584 ___sys_sendmsg
net/socket.c:2638 [inline] __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667 do_syscall_64+0xf9/0x240
entry_SYSCALL_64_after_hwframe+0x6f/0x77 As noted by Eric we can break the lock dependency chain avoid
dumping ---truncated--- (CVE-2024-26781)
- In the Linux kernel, the following vulnerability has been resolved: mptcp: fix double-free on socket
dismantle when MPTCP server accepts an incoming connection, it clones its listener socket. However, the
pointer to 'inet_opt' for the new socket has the same value as the original one: as a consequence, on
program exit it's possible to observe the following splat: BUG: KASAN: double-free in
inet_sock_destruct+0x54f/0x8b0 Free of addr ffff888485950880 by task swapper/25/0 CPU: 25 PID: 0 Comm:
swapper/25 Kdump: loaded Not tainted 6.8.0-rc1+ #609 Hardware name: Supermicro
SYS-6027R-72RF/X9DRH-7TF/7F/iTF/iF, BIOS 3.0 07/26/2013 Call Trace: <IRQ> dump_stack_lvl+0x32/0x50
print_report+0xca/0x620 kasan_report_invalid_free+0x64/0x90 __kasan_slab_free+0x1aa/0x1f0 kfree+0xed/0x2e0
inet_sock_destruct+0x54f/0x8b0 __sk_destruct+0x48/0x5b0 rcu_do_batch+0x34e/0xd90 rcu_core+0x559/0xac0
__do_softirq+0x183/0x5a4 irq_exit_rcu+0x12d/0x170 sysvec_apic_timer_interrupt+0x6b/0x80 </IRQ> <TASK>
asm_sysvec_apic_timer_interrupt+0x16/0x20 RIP: 0010:cpuidle_enter_state+0x175/0x300 Code: 30 00 0f 84 1f
01 00 00 83 e8 01 83 f8 ff 75 e5 48 83 c4 18 44 89 e8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc fb 45
85 ed <0f> 89 60 ff ff ff 48 c1 e5 06 48 c7 43 18 00 00 00 00 48 83 44 2b RSP: 0018:ffff888481cf7d90
EFLAGS: 00000202 RAX: 0000000000000000 RBX: ffff88887facddc8 RCX: 0000000000000000 RDX: 1ffff1110ff588b1
RSI: 0000000000000019 RDI: ffff88887fac4588 RBP: 0000000000000004 R08: 0000000000000002 R09:
0000000000043080 R10: 0009b02ea273363f R11: ffff88887fabf42b R12: ffffffff932592e0 R13: 0000000000000004
R14: 0000000000000000 R15: 00000022c880ec80 cpuidle_enter+0x4a/0xa0 do_idle+0x310/0x410
cpu_startup_entry+0x51/0x60 start_secondary+0x211/0x270 secondary_startup_64_no_verify+0x184/0x18b </TASK>
Allocated by task 6853: kasan_save_stack+0x1c/0x40 kasan_save_track+0x10/0x30 __kasan_kmalloc+0xa6/0xb0
__kmalloc+0x1eb/0x450 cipso_v4_sock_setattr+0x96/0x360 netlbl_sock_setattr+0x132/0x1f0
selinux_netlbl_socket_post_create+0x6c/0x110 selinux_socket_post_create+0x37b/0x7f0
security_socket_post_create+0x63/0xb0 __sock_create+0x305/0x450 __sys_socket_create.part.23+0xbd/0x130
__sys_socket+0x37/0xb0 __x64_sys_socket+0x6f/0xb0 do_syscall_64+0x83/0x160
entry_SYSCALL_64_after_hwframe+0x6e/0x76 Freed by task 6858: kasan_save_stack+0x1c/0x40
kasan_save_track+0x10/0x30 kasan_save_free_info+0x3b/0x60 __kasan_slab_free+0x12c/0x1f0 kfree+0xed/0x2e0
inet_sock_destruct+0x54f/0x8b0 __sk_destruct+0x48/0x5b0 subflow_ulp_release+0x1f0/0x250
tcp_cleanup_ulp+0x6e/0x110 tcp_v4_destroy_sock+0x5a/0x3a0 inet_csk_destroy_sock+0x135/0x390
tcp_fin+0x416/0x5c0 tcp_data_queue+0x1bc8/0x4310 tcp_rcv_state_process+0x15a3/0x47b0
tcp_v4_do_rcv+0x2c1/0x990 tcp_v4_rcv+0x41fb/0x5ed0 ip_protocol_deliver_rcu+0x6d/0x9f0
ip_local_deliver_finish+0x278/0x360 ip_local_deliver+0x182/0x2c0 ip_rcv+0xb5/0x1c0
__netif_receive_skb_one_core+0x16e/0x1b0 process_backlog+0x1e3/0x650 __napi_poll+0xa6/0x500
net_rx_action+0x740/0xbb0 __do_softirq+0x183/0x5a4 The buggy address belongs to the object at
ffff888485950880 which belongs to the cache kmalloc-64 of size 64 The buggy address is located 0 bytes
inside of 64-byte region [ffff888485950880, ffff8884859508c0) The buggy address belongs to the physical
page: page:0000000056d1e95e refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888485950700
pfn:0x485950 flags: 0x57ffffc0000800(slab|node=1|zone=2|lastcpupid=0x1fffff) page_type: 0xffffffff() raw:
0057ffffc0000800 ffff88810004c640 ffffea00121b8ac0 dead000000000006 raw: ffff888485950700 0000000000200019
00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the
buggy address: ffff888485950780: fa fb fb ---truncated--- (CVE-2024-26782)
- In the Linux kernel, the following vulnerability has been resolved: mmc: mmci: stm32: fix DMA API
overlapping mappings warning Turning on CONFIG_DMA_API_DEBUG_SG results in the following warning: DMA-API:
mmci-pl18x 48220000.mmc: cacheline tracking EEXIST, overlapping mappings aren't supported WARNING: CPU: 1
PID: 51 at kernel/dma/debug.c:568 add_dma_entry+0x234/0x2f4 Modules linked in: CPU: 1 PID: 51 Comm:
kworker/1:2 Not tainted 6.1.28 #1 Hardware name: STMicroelectronics STM32MP257F-EV1 Evaluation Board (DT)
Workqueue: events_freezable mmc_rescan Call trace: add_dma_entry+0x234/0x2f4 debug_dma_map_sg+0x198/0x350
__dma_map_sg_attrs+0xa0/0x110 dma_map_sg_attrs+0x10/0x2c sdmmc_idma_prep_data+0x80/0xc0
mmci_prep_data+0x38/0x84 mmci_start_data+0x108/0x2dc mmci_request+0xe4/0x190
__mmc_start_request+0x68/0x140 mmc_start_request+0x94/0xc0 mmc_wait_for_req+0x70/0x100
mmc_send_tuning+0x108/0x1ac sdmmc_execute_tuning+0x14c/0x210 mmc_execute_tuning+0x48/0xec
mmc_sd_init_uhs_card.part.0+0x208/0x464 mmc_sd_init_card+0x318/0x89c mmc_attach_sd+0xe4/0x180
mmc_rescan+0x244/0x320 DMA API debug brings to light leaking dma-mappings as dma_map_sg and dma_unmap_sg
are not correctly balanced. If an error occurs in mmci_cmd_irq function, only mmci_dma_error function is
called and as this API is not managed on stm32 variant, dma_unmap_sg is never called in this error path.
(CVE-2024-26787)
- In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: init irq after
reg initialization Initialize the qDMA irqs after the registers are configured so that interrupts that may
have been pending from a primary kernel don't get processed by the irq handler before it is ready to and
cause panic with the following trace: Call trace: fsl_qdma_queue_handler+0xf8/0x3e8
__handle_irq_event_percpu+0x78/0x2b0 handle_irq_event_percpu+0x1c/0x68 handle_irq_event+0x44/0x78
handle_fasteoi_irq+0xc8/0x178 generic_handle_irq+0x24/0x38 __handle_domain_irq+0x90/0x100
gic_handle_irq+0x5c/0xb8 el1_irq+0xb8/0x180 _raw_spin_unlock_irqrestore+0x14/0x40 __setup_irq+0x4bc/0x798
request_threaded_irq+0xd8/0x190 devm_request_threaded_irq+0x74/0xe8 fsl_qdma_probe+0x4d4/0xca8
platform_drv_probe+0x50/0xa0 really_probe+0xe0/0x3f8 driver_probe_device+0x64/0x130
device_driver_attach+0x6c/0x78 __driver_attach+0xbc/0x158 bus_for_each_dev+0x5c/0x98
driver_attach+0x20/0x28 bus_add_driver+0x158/0x220 driver_register+0x60/0x110
__platform_driver_register+0x44/0x50 fsl_qdma_driver_init+0x18/0x20 do_one_initcall+0x48/0x258
kernel_init_freeable+0x1a4/0x23c kernel_init+0x10/0xf8 ret_from_fork+0x10/0x18 (CVE-2024-26788)
- In the Linux kernel, the following vulnerability has been resolved: crypto: arm64/neonbs - fix out-of-
bounds access on short input The bit-sliced implementation of AES-CTR operates on blocks of 128 bytes, and
will fall back to the plain NEON version for tail blocks or inputs that are shorter than 128 bytes to
begin with. It will call straight into the plain NEON asm helper, which performs all memory accesses in
granules of 16 bytes (the size of a NEON register). For this reason, the associated plain NEON glue code
will copy inputs shorter than 16 bytes into a temporary buffer, given that this is a rare occurrence and
it is not worth the effort to work around this in the asm code. The fallback from the bit-sliced NEON
version fails to take this into account, potentially resulting in out-of-bounds accesses. So clone the
same workaround, and use a temp buffer for short in/outputs. (CVE-2024-26789)
- In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: fix SoC may hang
on 16 byte unaligned read There is chip (ls1028a) errata: The SoC may hang on 16 byte unaligned read
transactions by QDMA. Unaligned read transactions initiated by QDMA may stall in the NOC (Network On-
Chip), causing a deadlock condition. Stalled transactions will trigger completion timeouts in PCIe
controller. Workaround: Enable prefetch by setting the source descriptor prefetchable bit ( SD[PF] = 1 ).
Implement this workaround. (CVE-2024-26790)
- In the Linux kernel, the following vulnerability has been resolved: btrfs: dev-replace: properly validate
device names There's a syzbot report that device name buffers passed to device replace are not properly
checked for string termination which could lead to a read out of bounds in getname_kernel(). Add a helper
that validates both source and target device name buffers. For devid as the source initialize the buffer
to empty string in case something tries to read it later. This was originally analyzed and fixed in a
different way by Edward Adam Davis (see links). (CVE-2024-26791)
- In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free of anonymous
device after snapshot creation failure When creating a snapshot we may do a double free of an anonymous
device in case there's an error committing the transaction. The second free may result in freeing an
anonymous device number that was allocated by some other subsystem in the kernel or another btrfs
filesystem. The steps that lead to this: 1) At ioctl.c:create_snapshot() we allocate an anonymous device
number and assign it to pending_snapshot->anon_dev; 2) Then we call btrfs_commit_transaction() and end up
at transaction.c:create_pending_snapshot(); 3) There we call btrfs_get_new_fs_root() and pass it the
anonymous device number stored in pending_snapshot->anon_dev; 4) btrfs_get_new_fs_root() frees that
anonymous device number because btrfs_lookup_fs_root() returned a root - someone else did a lookup of the
new root already, which could some task doing backref walking; 5) After that some error happens in the
transaction commit path, and at ioctl.c:create_snapshot() we jump to the 'fail' label, and after that we
free again the same anonymous device number, which in the meanwhile may have been reallocated somewhere
else, because pending_snapshot->anon_dev still has the same value as in step 1. Recently syzbot ran into
this and reported the following trace: ------------[ cut here ]------------ ida_free called for id=51
which is not allocated. WARNING: CPU: 1 PID: 31038 at lib/idr.c:525 ida_free+0x370/0x420 lib/idr.c:525
Modules linked in: CPU: 1 PID: 31038 Comm: syz-executor.2 Not tainted
6.8.0-rc4-syzkaller-00410-gc02197fc9076 #0 Hardware name: Google Google Compute Engine/Google Compute
Engine, BIOS Google 01/25/2024 RIP: 0010:ida_free+0x370/0x420 lib/idr.c:525 Code: 10 42 80 3c 28 (...)
RSP: 0018:ffffc90015a67300 EFLAGS: 00010246 RAX: be5130472f5dd000 RBX: 0000000000000033 RCX:
0000000000040000 RDX: ffffc90009a7a000 RSI: 000000000003ffff RDI: 0000000000040000 RBP: ffffc90015a673f0
R08: ffffffff81577992 R09: 1ffff92002b4cdb4 R10: dffffc0000000000 R11: fffff52002b4cdb5 R12:
0000000000000246 R13: dffffc0000000000 R14: ffffffff8e256b80 R15: 0000000000000246 FS:
00007fca3f4b46c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033 CR2: 00007f167a17b978 CR3: 000000001ed26000 CR4: 0000000000350ef0 Call Trace: <TASK>
btrfs_get_root_ref+0xa48/0xaf0 fs/btrfs/disk-io.c:1346 create_pending_snapshot+0xff2/0x2bc0
fs/btrfs/transaction.c:1837 create_pending_snapshots+0x195/0x1d0 fs/btrfs/transaction.c:1931
btrfs_commit_transaction+0xf1c/0x3740 fs/btrfs/transaction.c:2404 create_snapshot+0x507/0x880
fs/btrfs/ioctl.c:848 btrfs_mksubvol+0x5d0/0x750 fs/btrfs/ioctl.c:998 btrfs_mksnapshot+0xb5/0xf0
fs/btrfs/ioctl.c:1044 __btrfs_ioctl_snap_create+0x387/0x4b0 fs/btrfs/ioctl.c:1306
btrfs_ioctl_snap_create_v2+0x1ca/0x400 fs/btrfs/ioctl.c:1393 btrfs_ioctl+0xa74/0xd40 vfs_ioctl
fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:871 [inline] __se_sys_ioctl+0xfe/0x170 fs/ioctl.c:857
do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6f/0x77 RIP: 0033:0x7fca3e67dda9 Code: 28 00 00
00 (...) RSP: 002b:00007fca3f4b40c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX:
00007fca3e7abf80 RCX: 00007fca3e67dda9 RDX: 00000000200005c0 RSI: 0000000050009417 RDI: 0000000000000003
RBP: 00007fca3e6ca47a R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11:
0000000000000246 R12: 0000000000000000 R13: 000000000000000b R14: 00007fca3e7abf80 R15: 00007fff6bf95658
</TASK> Where we get an explicit message where we attempt to free an anonymous device number that is not
currently allocated. It happens in a different code path from the example below, at btrfs_get_root_ref(),
so this change may not fix the case triggered by sy ---truncated--- (CVE-2024-26792)
- In the Linux kernel, the following vulnerability has been resolved: gtp: fix use-after-free and null-ptr-
deref in gtp_newlink() The gtp_link_ops operations structure for the subsystem must be registered after
registering the gtp_net_ops pernet operations structure. Syzkaller hit 'general protection fault in
gtp_genl_dump_pdp' bug: [ 1010.702740] gtp: GTP module unloaded [ 1010.715877] general protection fault,
probably for non-canonical address 0xdffffc0000000001: 0000 [#1] SMP KASAN NOPTI [ 1010.715888] KASAN:
null-ptr-deref in range [0x0000000000000008-0x000000000000000f] [ 1010.715895] CPU: 1 PID: 128616 Comm:
a.out Not tainted 6.8.0-rc6-std-def-alt1 #1 [ 1010.715899] Hardware name: QEMU Standard PC (Q35 + ICH9,
2009), BIOS 1.16.0-alt1 04/01/2014 [ 1010.715908] RIP: 0010:gtp_newlink+0x4d7/0x9c0 [gtp] [ 1010.715915]
Code: 80 3c 02 00 0f 85 41 04 00 00 48 8b bb d8 05 00 00 e8 ed f6 ff ff 48 89 c2 48 89 c5 48 b8 00 00 00
00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 4f 04 00 00 4c 89 e2 4c 8b 6d 00 48 b8 00 00 00 [
1010.715920] RSP: 0018:ffff888020fbf180 EFLAGS: 00010203 [ 1010.715929] RAX: dffffc0000000000 RBX:
ffff88800399c000 RCX: 0000000000000000 [ 1010.715933] RDX: 0000000000000001 RSI: ffffffff84805280 RDI:
0000000000000282 [ 1010.715938] RBP: 000000000000000d R08: 0000000000000001 R09: 0000000000000000 [
1010.715942] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800399cc80 [ 1010.715947] R13:
0000000000000000 R14: 0000000000000000 R15: 0000000000000400 [ 1010.715953] FS: 00007fd1509ab5c0(0000)
GS:ffff88805b300000(0000) knlGS:0000000000000000 [ 1010.715958] CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033 [ 1010.715962] CR2: 0000000000000000 CR3: 000000001c07a000 CR4: 0000000000750ee0 [
1010.715968] PKRU: 55555554 [ 1010.715972] Call Trace: [ 1010.715985] ? __die_body.cold+0x1a/0x1f [
1010.715995] ? die_addr+0x43/0x70 [ 1010.716002] ? exc_general_protection+0x199/0x2f0 [ 1010.716016] ?
asm_exc_general_protection+0x1e/0x30 [ 1010.716026] ? gtp_newlink+0x4d7/0x9c0 [gtp] [ 1010.716034] ?
gtp_net_exit+0x150/0x150 [gtp] [ 1010.716042] __rtnl_newlink+0x1063/0x1700 [ 1010.716051] ?
rtnl_setlink+0x3c0/0x3c0 [ 1010.716063] ? is_bpf_text_address+0xc0/0x1f0 [ 1010.716070] ?
kernel_text_address.part.0+0xbb/0xd0 [ 1010.716076] ? __kernel_text_address+0x56/0xa0 [ 1010.716084] ?
unwind_get_return_address+0x5a/0xa0 [ 1010.716091] ? create_prof_cpu_mask+0x30/0x30 [ 1010.716098] ?
arch_stack_walk+0x9e/0xf0 [ 1010.716106] ? stack_trace_save+0x91/0xd0 [ 1010.716113] ?
stack_trace_consume_entry+0x170/0x170 [ 1010.716121] ? __lock_acquire+0x15c5/0x5380 [ 1010.716139] ?
mark_held_locks+0x9e/0xe0 [ 1010.716148] ? kmem_cache_alloc_trace+0x35f/0x3c0 [ 1010.716155] ?
__rtnl_newlink+0x1700/0x1700 [ 1010.716160] rtnl_newlink+0x69/0xa0 [ 1010.716166]
rtnetlink_rcv_msg+0x43b/0xc50 [ 1010.716172] ? rtnl_fdb_dump+0x9f0/0x9f0 [ 1010.716179] ?
lock_acquire+0x1fe/0x560 [ 1010.716188] ? netlink_deliver_tap+0x12f/0xd50 [ 1010.716196]
netlink_rcv_skb+0x14d/0x440 [ 1010.716202] ? rtnl_fdb_dump+0x9f0/0x9f0 [ 1010.716208] ?
netlink_ack+0xab0/0xab0 [ 1010.716213] ? netlink_deliver_tap+0x202/0xd50 [ 1010.716220] ?
netlink_deliver_tap+0x218/0xd50 [ 1010.716226] ? __virt_addr_valid+0x30b/0x590 [ 1010.716233]
netlink_unicast+0x54b/0x800 [ 1010.716240] ? netlink_attachskb+0x870/0x870 [ 1010.716248] ?
__check_object_size+0x2de/0x3b0 [ 1010.716254] netlink_sendmsg+0x938/0xe40 [ 1010.716261] ?
netlink_unicast+0x800/0x800 [ 1010.716269] ? __import_iovec+0x292/0x510 [ 1010.716276] ?
netlink_unicast+0x800/0x800 [ 1010.716284] __sock_sendmsg+0x159/0x190 [ 1010.716290]
____sys_sendmsg+0x712/0x880 [ 1010.716297] ? sock_write_iter+0x3d0/0x3d0 [ 1010.716304] ?
__ia32_sys_recvmmsg+0x270/0x270 [ 1010.716309] ? lock_acquire+0x1fe/0x560 [ 1010.716315] ?
drain_array_locked+0x90/0x90 [ 1010.716324] ___sys_sendmsg+0xf8/0x170 [ 1010.716331] ?
sendmsg_copy_msghdr+0x170/0x170 [ 1010.716337] ? lockdep_init_map ---truncated--- (CVE-2024-26793)
- In the Linux kernel, the following vulnerability has been resolved: riscv: Sparse-Memory/vmemmap out-of-
bounds fix Offset vmemmap so that the first page of vmemmap will be mapped to the first page of physical
memory in order to ensure that vmemmap's bounds will be respected during pfn_to_page()/page_to_pfn()
operations. The conversion macros will produce correct SV39/48/57 addresses for every possible/valid
DRAM_BASE inside the physical memory limits. v2:Address Alex's comments (CVE-2024-26795)
- In the Linux kernel, the following vulnerability has been resolved: fbcon: always restore the old font
data in fbcon_do_set_font() Commit a5a923038d70 (fbdev: fbcon: Properly revert changes when vc_resize()
failed) started restoring old font data upon failure (of vc_resize()). But it performs so only for user
fonts. It means that the system/internal fonts are not restored at all. So in result, the very first
call to fbcon_do_set_font() performs no restore at all upon failing vc_resize(). This can be reproduced by
Syzkaller to crash the system on the next invocation of font_get(). It's rather hard to hit the allocation
failure in vc_resize() on the first font_set(), but not impossible. Esp. if fault injection is used to aid
the execution/failure. It was demonstrated by Sirius: BUG: unable to handle page fault for address:
fffffffffffffff8 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD
cb7b067 P4D cb7b067 PUD cb7d067 PMD 0 Oops: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 8007 Comm: poc Not
tainted 6.7.0-g9d1694dc91ce #20 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1
04/01/2014 RIP: 0010:fbcon_get_font+0x229/0x800 drivers/video/fbdev/core/fbcon.c:2286 Call Trace: <TASK>
con_font_get drivers/tty/vt/vt.c:4558 [inline] con_font_op+0x1fc/0xf20 drivers/tty/vt/vt.c:4673 vt_k_ioctl
drivers/tty/vt/vt_ioctl.c:474 [inline] vt_ioctl+0x632/0x2ec0 drivers/tty/vt/vt_ioctl.c:752
tty_ioctl+0x6f8/0x1570 drivers/tty/tty_io.c:2803 vfs_ioctl fs/ioctl.c:51 [inline] ... So restore the font
data in any case, not only for user fonts. Note the later 'if' is now protected by 'old_userfont' and not
'old_data' as the latter is always set now. (And it is supposed to be non-NULL. Otherwise we would see the
bug above again.) (CVE-2024-26798)
- In the Linux kernel, the following vulnerability has been resolved: tls: fix use-after-free on failed
backlog decryption When the decrypt request goes to the backlog and crypto_aead_decrypt returns -EBUSY,
tls_do_decryption will wait until all async decryptions have completed. If one of them fails,
tls_do_decryption will return -EBADMSG and tls_decrypt_sg jumps to the error path, releasing all the
pages. But the pages have been passed to the async callback, and have already been released by
tls_decrypt_done. The only true async case is when crypto_aead_decrypt returns -EINPROGRESS. With -EBUSY,
we already waited so we can tell tls_sw_recvmsg that the data is available for immediate copy, but we need
to notify tls_decrypt_sg (via the new ->async_done flag) that the memory has already been released.
(CVE-2024-26800)
- In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Avoid potential use-after-
free in hci_error_reset While handling the HCI_EV_HARDWARE_ERROR event, if the underlying BT controller is
not responding, the GPIO reset mechanism would free the hci_dev and lead to a use-after-free in
hci_error_reset. Here's the call trace observed on a ChromeOS device with Intel AX201:
queue_work_on+0x3e/0x6c __hci_cmd_sync_sk+0x2ee/0x4c0 [bluetooth <HASH:3b4a6>] ? init_wait_entry+0x31/0x31
__hci_cmd_sync+0x16/0x20 [bluetooth <HASH:3b4a 6>] hci_error_reset+0x4f/0xa4 [bluetooth <HASH:3b4a 6>]
process_one_work+0x1d8/0x33f worker_thread+0x21b/0x373 kthread+0x13a/0x152 ? pr_cont_work+0x54/0x54 ?
kthread_blkcg+0x31/0x31 ret_from_fork+0x1f/0x30 This patch holds the reference count on the hci_dev while
processing a HCI_EV_HARDWARE_ERROR event to avoid potential crash. (CVE-2024-26801)
- In the Linux kernel, the following vulnerability has been resolved: stmmac: Clear variable when destroying
workqueue Currently when suspending driver and stopping workqueue it is checked whether workqueue is not
NULL and if so, it is destroyed. Function destroy_workqueue() does drain queue and does clear variable,
but it does not set workqueue variable to NULL. This can cause kernel/module panic if code attempts to
clear workqueue that was not initialized. This scenario is possible when resuming suspended driver in
stmmac_resume(), because there is no handling for failed stmmac_hw_setup(), which can fail and return if
DMA engine has failed to initialize, and workqueue is initialized after DMA engine. Should DMA engine fail
to initialize, resume will proceed normally, but interface won't work and TX queue will eventually
timeout, causing 'Reset adapter' error. This then does destroy workqueue during reset process. And since
workqueue is initialized after DMA engine and can be skipped, it will cause kernel/module panic. To secure
against this possible crash, set workqueue variable to NULL when destroying workqueue. Log/backtrace from
crash goes as follows: [88.031977]------------[ cut here ]------------ [88.031985]NETDEV WATCHDOG: eth0
(sxgmac): transmit queue 1 timed out [88.032017]WARNING: CPU: 0 PID: 0 at net/sched/sch_generic.c:477
dev_watchdog+0x390/0x398 <Skipping backtrace for watchdog timeout> [88.032251]---[ end trace
e70de432e4d5c2c0 ]--- [88.032282]sxgmac 16d88000.ethernet eth0: Reset adapter. [88.036359]------------[
cut here ]------------ [88.036519]Call trace: [88.036523] flush_workqueue+0x3e4/0x430 [88.036528]
drain_workqueue+0xc4/0x160 [88.036533] destroy_workqueue+0x40/0x270 [88.036537]
stmmac_fpe_stop_wq+0x4c/0x70 [88.036541] stmmac_release+0x278/0x280 [88.036546]
__dev_close_many+0xcc/0x158 [88.036551] dev_close_many+0xbc/0x190 [88.036555] dev_close.part.0+0x70/0xc0
[88.036560] dev_close+0x24/0x30 [88.036564] stmmac_service_task+0x110/0x140 [88.036569]
process_one_work+0x1d8/0x4a0 [88.036573] worker_thread+0x54/0x408 [88.036578] kthread+0x164/0x170
[88.036583] ret_from_fork+0x10/0x20 [88.036588]---[ end trace e70de432e4d5c2c1 ]--- [88.036597]Unable to
handle kernel NULL pointer dereference at virtual address 0000000000000004 (CVE-2024-26802)
- In the Linux kernel, the following vulnerability has been resolved: net: veth: clear GRO when clearing XDP
even when down veth sets NETIF_F_GRO automatically when XDP is enabled, because both features use the same
NAPI machinery. The logic to clear NETIF_F_GRO sits in veth_disable_xdp() which is called both on ndo_stop
and when XDP is turned off. To avoid the flag from being cleared when the device is brought down, the
clearing is skipped when IFF_UP is not set. Bringing the device down should indeed not modify its
features. Unfortunately, this means that clearing is also skipped when XDP is disabled _while_ the device
is down. And there's nothing on the open path to bring the device features back into sync. IOW if user
enables XDP, disables it and then brings the device up we'll end up with a stray GRO flag set but no NAPI
instances. We don't depend on the GRO flag on the datapath, so the datapath won't crash. We will crash (or
hang), however, next time features are sync'ed (either by user via ethtool or peer changing its config).
The GRO flag will go away, and veth will try to disable the NAPIs. But the open path never created them
since XDP was off, the GRO flag was a stray. If NAPI was initialized before we'll hang in napi_disable().
If it never was we'll crash trying to stop uninitialized hrtimer. Move the GRO flag updates to the XDP
enable / disable paths, instead of mixing them with the ndo_open / ndo_close paths. (CVE-2024-26803)
- In the Linux kernel, the following vulnerability has been resolved: net: ip_tunnel: prevent perpetual
headroom growth syzkaller triggered following kasan splat: BUG: KASAN: use-after-free in
__skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170 Read of size 1 at addr ffff88812fb4000e by
task syz-executor183/5191 [..] kasan_report+0xda/0x110 mm/kasan/report.c:588
__skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170 skb_flow_dissect_flow_keys
include/linux/skbuff.h:1514 [inline] ___skb_get_hash net/core/flow_dissector.c:1791 [inline]
__skb_get_hash+0xc7/0x540 net/core/flow_dissector.c:1856 skb_get_hash include/linux/skbuff.h:1556 [inline]
ip_tunnel_xmit+0x1855/0x33c0 net/ipv4/ip_tunnel.c:748 ipip_tunnel_xmit+0x3cc/0x4e0 net/ipv4/ipip.c:308
__netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit
include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline]
dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3564 __dev_queue_xmit+0x7c1/0x3d60 net/core/dev.c:4349
dev_queue_xmit include/linux/netdevice.h:3134 [inline] neigh_connected_output+0x42c/0x5d0
net/core/neighbour.c:1592 ... ip_finish_output2+0x833/0x2550 net/ipv4/ip_output.c:235
ip_finish_output+0x31/0x310 net/ipv4/ip_output.c:323 .. iptunnel_xmit+0x5b4/0x9b0
net/ipv4/ip_tunnel_core.c:82 ip_tunnel_xmit+0x1dbc/0x33c0 net/ipv4/ip_tunnel.c:831 ipgre_xmit+0x4a1/0x980
net/ipv4/ip_gre.c:665 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit
include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline]
dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3564 ... The splat occurs because skb->data points past
skb->head allocated area. This is because neigh layer does: __skb_pull(skb, skb_network_offset(skb)); ...
but skb_network_offset() returns a negative offset and __skb_pull() arg is unsigned. IOW, we skb->data
gets adjusted by a huge value. The negative value is returned because skb->head and skb->data distance
is more than 64k and skb->network_header (u16) has wrapped around. The bug is in the ip_tunnel
infrastructure, which can cause dev->needed_headroom to increment ad infinitum. The syzkaller reproducer
consists of packets getting routed via a gre tunnel, and route of gre encapsulated packets pointing at
another (ipip) tunnel. The ipip encapsulation finds gre0 as next output device. This results in the
following pattern: 1). First packet is to be sent out via gre0. Route lookup found an output device,
ipip0. 2). ip_tunnel_xmit for gre0 bumps gre0->needed_headroom based on the future output device,
rt.dev->needed_headroom (ipip0). 3). ip output / start_xmit moves skb on to ipip0. which runs the same
code path again (xmit recursion). 4). Routing step for the post-gre0-encap packet finds gre0 as output
device to use for ipip0 encapsulated packet. tunl0->needed_headroom is then incremented based on the
(already bumped) gre0 device headroom. This repeats for every future packet: gre0->needed_headroom gets
inflated because previous packets' ipip0 step incremented rt->dev (gre0) headroom, and ipip0 incremented
because gre0 needed_headroom was increased. For each subsequent packet, gre/ipip0->needed_headroom grows
until post-expand-head reallocations result in a skb->head/data distance of more than 64k. Once that
happens, skb->network_header (u16) wraps around when pskb_expand_head tries to make sure that
skb_network_offset() is unchanged after the headroom expansion/reallocation. After this
skb_network_offset(skb) returns a different (and negative) result post headroom expansion. The next trip
to neigh layer (or anything else that would __skb_pull the network header) makes skb->data point to a
memory location outside skb->head area. v2: Cap the needed_headroom update to an arbitarily chosen
upperlimit to prevent perpetual increase instead of dropping the headroom increment completely.
(CVE-2024-26804)
- In the Linux kernel, the following vulnerability has been resolved: netlink: Fix kernel-infoleak-after-
free in __skb_datagram_iter syzbot reported the following uninit-value access issue [1]:
netlink_to_full_skb() creates a new `skb` and puts the `skb->data` passed as a 1st arg of
netlink_to_full_skb() onto new `skb`. The data size is specified as `len` and passed to skb_put_data().
This `len` is based on `skb->end` that is not data offset but buffer offset. The `skb->end` contains data
and tailroom. Since the tailroom is not initialized when the new `skb` created, KMSAN detects
uninitialized memory area when copying the data. This patch resolved this issue by correct the len from
`skb->end` to `skb->len`, which is the actual data offset. BUG: KMSAN: kernel-infoleak-after-free in
instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak-after-free
in copy_to_user_iter lib/iov_iter.c:24 [inline] BUG: KMSAN: kernel-infoleak-after-free in iterate_ubuf
include/linux/iov_iter.h:29 [inline] BUG: KMSAN: kernel-infoleak-after-free in iterate_and_advance2
include/linux/iov_iter.h:245 [inline] BUG: KMSAN: kernel-infoleak-after-free in iterate_and_advance
include/linux/iov_iter.h:271 [inline] BUG: KMSAN: kernel-infoleak-after-free in _copy_to_iter+0x364/0x2520
lib/iov_iter.c:186 instrument_copy_to_user include/linux/instrumented.h:114 [inline] copy_to_user_iter
lib/iov_iter.c:24 [inline] iterate_ubuf include/linux/iov_iter.h:29 [inline] iterate_and_advance2
include/linux/iov_iter.h:245 [inline] iterate_and_advance include/linux/iov_iter.h:271 [inline]
_copy_to_iter+0x364/0x2520 lib/iov_iter.c:186 copy_to_iter include/linux/uio.h:197 [inline]
simple_copy_to_iter+0x68/0xa0 net/core/datagram.c:532 __skb_datagram_iter+0x123/0xdc0
net/core/datagram.c:420 skb_copy_datagram_iter+0x5c/0x200 net/core/datagram.c:546 skb_copy_datagram_msg
include/linux/skbuff.h:3960 [inline] packet_recvmsg+0xd9c/0x2000 net/packet/af_packet.c:3482
sock_recvmsg_nosec net/socket.c:1044 [inline] sock_recvmsg net/socket.c:1066 [inline]
sock_read_iter+0x467/0x580 net/socket.c:1136 call_read_iter include/linux/fs.h:2014 [inline] new_sync_read
fs/read_write.c:389 [inline] vfs_read+0x8f6/0xe00 fs/read_write.c:470 ksys_read+0x20f/0x4c0
fs/read_write.c:613 __do_sys_read fs/read_write.c:623 [inline] __se_sys_read fs/read_write.c:621 [inline]
__x64_sys_read+0x93/0xd0 fs/read_write.c:621 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was
stored to memory at: skb_put_data include/linux/skbuff.h:2622 [inline] netlink_to_full_skb
net/netlink/af_netlink.c:181 [inline] __netlink_deliver_tap_skb net/netlink/af_netlink.c:298 [inline]
__netlink_deliver_tap+0x5be/0xc90 net/netlink/af_netlink.c:325 netlink_deliver_tap
net/netlink/af_netlink.c:338 [inline] netlink_deliver_tap_kernel net/netlink/af_netlink.c:347 [inline]
netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline] netlink_unicast+0x10f1/0x1250
net/netlink/af_netlink.c:1368 netlink_sendmsg+0x1238/0x13d0 net/netlink/af_netlink.c:1910
sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline]
____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg
net/socket.c:2667 [inline] __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674
[inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674 do_syscall_x64 arch/x86/entry/common.c:52
[inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b
Uninit was created at: free_pages_prepare mm/page_alloc.c:1087 [inline] free_unref_page_prepare+0xb0/0xa40
mm/page_alloc.c:2347 free_unref_page_list+0xeb/0x1100 mm/page_alloc.c:2533 release_pages+0x23d3/0x2410
mm/swap.c:1042 free_pages_and_swap_cache+0xd9/0xf0 mm/swap_state.c:316 tlb_batch_pages ---truncated---
(CVE-2024-26805)
- In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: release
elements in clone only from destroy path Clone already always provides a current view of the lookup table,
use it to destroy the set, otherwise it is possible to destroy elements twice. This fix requires:
212ed75dc5fb (netfilter: nf_tables: integrate pipapo into commit protocol) which came after:
9827a0e6e23b (netfilter: nft_set_pipapo: release elements in clone from abort path). (CVE-2024-26809)
- In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Lock external INTx masking
ops Mask operations through config space changes to DisINTx may race INTx configuration changes via ioctl.
Create wrappers that add locking for paths outside of the core interrupt code. In particular, irq_type is
updated holding igate, therefore testing is_intx() requires holding igate. For example clearing DisINTx
from config space can otherwise race changes of the interrupt configuration. This aligns interfaces which
may trigger the INTx eventfd into two camps, one side serialized by igate and the other only enabled while
INTx is configured. A subsequent patch introduces synchronization for the latter flows. (CVE-2024-26810)
- In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate payload size in ipc
response If installing malicious ksmbd-tools, ksmbd.mountd can return invalid ipc response to ksmbd kernel
server. ksmbd should validate payload size of ipc response from ksmbd.mountd to avoid memory overrun or
slab-out-of-bounds. This patch validate 3 ipc response that has payload. (CVE-2024-26811)
- In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Create persistent INTx
handler A vulnerability exists where the eventfd for INTx signaling can be deconfigured, which unregisters
the IRQ handler but still allows eventfds to be signaled with a NULL context through the SET_IRQS ioctl or
through unmask irqfd if the device interrupt is pending. Ideally this could be solved with some additional
locking; the igate mutex serializes the ioctl and config space accesses, and the interrupt handler is
unregistered relative to the trigger, but the irqfd path runs asynchronous to those. The igate mutex
cannot be acquired from the atomic context of the eventfd wake function. Disabling the irqfd relative to
the eventfd registration is potentially incompatible with existing userspace. As a result, the solution
implemented here moves configuration of the INTx interrupt handler to track the lifetime of the INTx
context object and irq_type configuration, rather than registration of a particular trigger eventfd.
Synchronization is added between the ioctl path and eventfd_signal() wrapper such that the eventfd trigger
can be dynamically updated relative to in-flight interrupts or irqfd callbacks. (CVE-2024-26812)
- In the Linux kernel, the following vulnerability has been resolved: vfio/platform: Create persistent IRQ
handlers The vfio-platform SET_IRQS ioctl currently allows loopback triggering of an interrupt before a
signaling eventfd has been configured by the user, which thereby allows a NULL pointer dereference. Rather
than register the IRQ relative to a valid trigger, register all IRQs in a disabled state in the device
open path. This allows mask operations on the IRQ to nest within the overall enable state governed by a
valid eventfd signal. This decouples @masked, protected by the @locked spinlock from @trigger, protected
via the @igate mutex. In doing so, it's guaranteed that changes to @trigger cannot race the IRQ handlers
because the IRQ handler is synchronously disabled before modifying the trigger, and loopback triggering of
the IRQ via ioctl is safe due to serialization with trigger changes via igate. For compatibility,
request_irq() failures are maintained to be local to the SET_IRQS ioctl rather than a fatal error in the
open device path. This allows, for example, a userspace driver with polling mode support to continue to
work regardless of moving the request_irq() call site. This necessarily blocks all SET_IRQS access to the
failed index. (CVE-2024-26813)
- In the Linux kernel, the following vulnerability has been resolved: vfio/fsl-mc: Block calling interrupt
handler without trigger The eventfd_ctx trigger pointer of the vfio_fsl_mc_irq object is initially NULL
and may become NULL if the user sets the trigger eventfd to -1. The interrupt handler itself is guaranteed
that trigger is always valid between request_irq() and free_irq(), but the loopback testing mechanisms to
invoke the handler function need to test the trigger. The triggering and setting ioctl paths both make use
of igate and are therefore mutually exclusive. The vfio-fsl-mc driver does not make use of irqfds, nor
does it support any sort of masking operations, therefore unlike vfio-pci and vfio-platform, the flow can
remain essentially unchanged. (CVE-2024-26814)
- In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: proper
TCA_TAPRIO_TC_ENTRY_INDEX check taprio_parse_tc_entry() is not correctly checking
TCA_TAPRIO_TC_ENTRY_INDEX attribute: int tc; // Signed value tc =
nla_get_u32(tb[TCA_TAPRIO_TC_ENTRY_INDEX]); if (tc >= TC_QOPT_MAX_QUEUE) { NL_SET_ERR_MSG_MOD(extack, TC
entry index out of range); return -ERANGE; } syzbot reported that it could fed arbitary negative values:
UBSAN: shift-out-of-bounds in net/sched/sch_taprio.c:1722:18 shift exponent -2147418108 is negative CPU: 0
PID: 5066 Comm: syz-executor367 Not tainted 6.8.0-rc7-syzkaller-00136-gc8a5c731fd12 #0 Hardware name:
Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 Call Trace: <TASK> __dump_stack
lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106 ubsan_epilogue
lib/ubsan.c:217 [inline] __ubsan_handle_shift_out_of_bounds+0x3c7/0x420 lib/ubsan.c:386
taprio_parse_tc_entry net/sched/sch_taprio.c:1722 [inline] taprio_parse_tc_entries
net/sched/sch_taprio.c:1768 [inline] taprio_change+0xb87/0x57d0 net/sched/sch_taprio.c:1877
taprio_init+0x9da/0xc80 net/sched/sch_taprio.c:2134 qdisc_create+0x9d4/0x1190 net/sched/sch_api.c:1355
tc_modify_qdisc+0xa26/0x1e40 net/sched/sch_api.c:1776 rtnetlink_rcv_msg+0x885/0x1040
net/core/rtnetlink.c:6617 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543 netlink_unicast_kernel
net/netlink/af_netlink.c:1341 [inline] netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367
netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg+0x221/0x270 net/socket.c:745 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584 ___sys_sendmsg
net/socket.c:2638 [inline] __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667 do_syscall_64+0xf9/0x240
entry_SYSCALL_64_after_hwframe+0x6f/0x77 RIP: 0033:0x7f1b2dea3759 Code: 48 83 c4 28 c3 e8 d7 19 00 00 0f
1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0
ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffd4de452f8 EFLAGS: 00000246
ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f1b2def0390 RCX: 00007f1b2dea3759 RDX:
0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004 RBP: 0000000000000003 R08: 0000555500000000
R09: 0000555500000000 R10: 0000555500000000 R11: 0000000000000246 R12: 00007ffd4de45340 R13:
00007ffd4de45310 R14: 0000000000000001 R15: 00007ffd4de45340 (CVE-2024-26815)
- In the Linux kernel, the following vulnerability has been resolved: x86, relocs: Ignore relocations in
.notes section When building with CONFIG_XEN_PV=y, .text symbols are emitted into the .notes section so
that Xen can find the startup_xen entry point. This information is used prior to booting the kernel, so
relocations are not useful. In fact, performing relocations against the .notes section means that the
KASLR base is exposed since /sys/kernel/notes is world-readable. To avoid leaking the KASLR base without
breaking unprivileged tools that are expecting to read /sys/kernel/notes, skip performing relocations in
the .notes section. The values readable in .notes are then identical to those found in System.map.
(CVE-2024-26816)
- In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Disable auto-enable of
exclusive INTx IRQ Currently for devices requiring masking at the irqchip for INTx, ie. devices without
DisINTx support, the IRQ is enabled in request_irq() and subsequently disabled as necessary to align with
the masked status flag. This presents a window where the interrupt could fire between these events,
resulting in the IRQ incrementing the disable depth twice. This would be unrecoverable for a user since
the masked flag prevents nested enables through vfio. Instead, invert the logic using IRQF_NO_AUTOEN such
that exclusive INTx is never auto-enabled, then unmask as required. (CVE-2024-27437)
- This CVE was assigned by Intel. Please see CVE-2024-2201 on CVE.org for more information. (CVE-2024-2201)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/linux");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-2176");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-28746");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-47233");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52429");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52434");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52435");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52583");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52584");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52587");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52588");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52589");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52593");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52594");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52595");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52597");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52598");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52599");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52600");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52601");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52602");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52603");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52604");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52606");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52607");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52616");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52617");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52618");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52619");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52620");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52621");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52622");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52623");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52630");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52631");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52632");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52633");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52635");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52637");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52638");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52639");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52640");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-52641");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-6270");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-7042");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-0340");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-0841");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-1151");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-2201");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-22099");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-23850");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-23851");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-24857");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-24858");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26581");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26582");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26583");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26584");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26585");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26586");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26590");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26593");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26600");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26601");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26602");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26603");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26606");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26621");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26622");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26625");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26626");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26627");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26629");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26639");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26640");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26641");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26642");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26643");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26651");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26654");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26659");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26660");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26663");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26664");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26665");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26667");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26671");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26673");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26675");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26676");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26679");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26680");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26681");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26684");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26685");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26686");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26687");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26688");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26689");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26695");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26696");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26697");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26698");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26700");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26702");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26704");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26706");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26707");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26710");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26712");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26714");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26715");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26717");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26718");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26720");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26722");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26723");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26726");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26727");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26731");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26733");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26735");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26736");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26737");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26741");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26742");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26743");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26744");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26745");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26747");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26748");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26749");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26750");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26751");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26752");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26753");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26754");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26759");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26760");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26761");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26763");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26764");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26765");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26766");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26769");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26771");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26772");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26773");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26774");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26775");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26776");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26777");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26778");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26779");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26780");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26781");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26782");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26787");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26788");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26789");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26790");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26791");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26792");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26793");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26795");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26798");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26800");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26801");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26802");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26803");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26804");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26805");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26809");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26810");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26811");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26812");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26813");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26814");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26815");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-26816");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-27437");
script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/bookworm/linux");
script_set_attribute(attribute:"solution", value:
"Upgrade the affs-modules-6.1.0-11-4kc-malta-di packages.");
script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-52434");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/04/20");
script_set_attribute(attribute:"patch_publication_date", value:"2024/04/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/13");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:affs-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:affs-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:affs-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:affs-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:affs-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:affs-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:affs-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:affs-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:affs-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:affs-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:affs-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:affs-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ata-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ata-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ata-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ata-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ata-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ata-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ata-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ata-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ata-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ata-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ata-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ata-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ata-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ata-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ata-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ata-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ata-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ata-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ata-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ata-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ata-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ata-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ata-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ata-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ata-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ata-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ata-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ata-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ata-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ata-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ata-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ata-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:bpftool");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-11-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-12-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-17-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:btrfs-modules-6.1.0-20-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-11-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-12-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-17-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cdrom-core-modules-6.1.0-20-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-11-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-12-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-17-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crc-modules-6.1.0-20-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-11-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-12-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-17-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-dm-modules-6.1.0-20-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-11-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-12-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-17-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:crypto-modules-6.1.0-20-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dasd-extra-modules-6.1.0-11-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dasd-extra-modules-6.1.0-12-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dasd-extra-modules-6.1.0-17-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dasd-extra-modules-6.1.0-20-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dasd-modules-6.1.0-11-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dasd-modules-6.1.0-12-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dasd-modules-6.1.0-17-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dasd-modules-6.1.0-20-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:efi-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:efi-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:efi-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:efi-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:event-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:event-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:event-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:event-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:event-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:event-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:event-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:event-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:event-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:event-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:event-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:event-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:event-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:event-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:event-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:event-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:event-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:event-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:event-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:event-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:event-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:event-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:event-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:event-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:event-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:event-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:event-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:event-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:event-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:event-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:event-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:event-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:event-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:event-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:event-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-11-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-12-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-17-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ext4-modules-6.1.0-20-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-11-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-12-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-17-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:f2fs-modules-6.1.0-20-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fancontrol-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fancontrol-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fancontrol-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fancontrol-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-11-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-12-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-17-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fat-modules-6.1.0-20-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fb-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fb-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fb-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fb-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fb-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fb-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fb-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fb-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fb-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fb-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fb-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fb-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fb-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fb-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fb-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fb-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fb-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fb-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fb-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fb-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fb-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fb-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fb-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fb-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fb-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fb-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fb-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fb-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fb-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fb-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fb-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fb-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fb-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fb-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fb-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firewire-core-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firewire-core-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firewire-core-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firewire-core-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firewire-core-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firewire-core-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firewire-core-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firewire-core-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firewire-core-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firewire-core-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firewire-core-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firewire-core-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firewire-core-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firewire-core-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firewire-core-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firewire-core-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firewire-core-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firewire-core-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firewire-core-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firewire-core-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firewire-core-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firewire-core-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firewire-core-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firewire-core-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firewire-core-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firewire-core-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firewire-core-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firewire-core-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-11-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-12-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-17-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-modules-6.1.0-20-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:hyperv-daemons");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:hypervisor-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:hypervisor-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:hypervisor-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:hypervisor-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:i2c-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:i2c-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:i2c-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:i2c-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:i2c-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:i2c-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:i2c-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:i2c-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:input-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:input-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:input-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:input-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:input-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:input-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:input-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:input-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:input-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:input-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:input-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:input-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:input-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:input-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:input-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:input-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:input-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:input-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:input-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:input-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:input-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:input-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:input-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:input-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:input-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:input-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:input-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:input-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:input-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:input-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:input-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:input-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:input-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:input-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:input-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ipv6-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ipv6-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ipv6-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-11-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-12-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-17-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:isofs-modules-6.1.0-20-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jffs2-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jffs2-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jffs2-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jfs-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jfs-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jfs-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jfs-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jfs-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jfs-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jfs-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jfs-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jfs-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jfs-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jfs-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jfs-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jfs-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jfs-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jfs-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jfs-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jfs-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jfs-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jfs-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jfs-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jfs-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jfs-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jfs-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jfs-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jfs-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jfs-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jfs-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jfs-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jfs-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jfs-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jfs-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jfs-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jfs-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jfs-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jfs-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-11-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-12-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-17-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-image-6.1.0-20-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:leds-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:leds-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:leds-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:leds-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:leds-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:leds-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:leds-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcpupower-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcpupower1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-12-arm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-12-s390");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-12-x86");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-config-6.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-cpupower");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-doc-6.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4kc-malta");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-5kc-malta");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-6.1.0-11-4kc-malta");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-6.1.0-11-5kc-malta");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-6.1.0-11-686");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-6.1.0-11-686-pae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-6.1.0-11-amd64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-6.1.0-11-arm64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-6.1.0-11-armmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-6.1.0-11-armmp-lpae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-6.1.0-11-cloud-amd64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-6.1.0-11-cloud-arm64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-6.1.0-11-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-6.1.0-11-common-rt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-6.1.0-11-loongson-3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-6.1.0-11-marvell");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-6.1.0-11-mips32r2el");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-6.1.0-11-mips64r2el");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-6.1.0-11-octeon");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-6.1.0-11-powerpc64le");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-6.1.0-11-rpi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-6.1.0-11-rt-686-pae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-6.1.0-11-rt-amd64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-6.1.0-11-rt-arm64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-6.1.0-11-rt-armmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-6.1.0-11-s390x");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-armmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-armmp-lpae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-loongson-3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-marvell");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-mips32r2el");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-mips64r2el");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-octeon");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-powerpc64le");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-rpi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-rt-armmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-s390x");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4kc-malta");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4kc-malta-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5kc-malta");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-5kc-malta-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-6.1.0-11-4kc-malta");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-6.1.0-11-4kc-malta-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-6.1.0-11-5kc-malta");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-6.1.0-11-5kc-malta-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-6.1.0-11-686-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-6.1.0-11-686-pae-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-6.1.0-11-amd64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-6.1.0-11-arm64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-6.1.0-11-armmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-6.1.0-11-armmp-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-6.1.0-11-armmp-lpae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-6.1.0-11-armmp-lpae-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-6.1.0-11-cloud-amd64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-6.1.0-11-cloud-arm64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-6.1.0-11-loongson-3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-6.1.0-11-loongson-3-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-6.1.0-11-marvell");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-6.1.0-11-marvell-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-6.1.0-11-mips32r2el");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-6.1.0-11-mips32r2el-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-6.1.0-11-mips64r2el");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-6.1.0-11-mips64r2el-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-6.1.0-11-octeon");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-6.1.0-11-octeon-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-6.1.0-11-powerpc64le");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-6.1.0-11-powerpc64le-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-6.1.0-11-rpi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-6.1.0-11-rpi-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-6.1.0-11-rt-686-pae-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-6.1.0-11-rt-amd64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-6.1.0-11-rt-arm64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-6.1.0-11-rt-armmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-6.1.0-11-rt-armmp-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-6.1.0-11-s390x");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-6.1.0-11-s390x-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-686-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-686-pae-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-amd64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-amd64-signed-template");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-arm64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-arm64-signed-template");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-armmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-armmp-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-armmp-lpae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-armmp-lpae-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-cloud-amd64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-cloud-arm64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-i386-signed-template");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-loongson-3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-loongson-3-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-marvell");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-marvell-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-mips32r2el");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-mips32r2el-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-mips64r2el");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-mips64r2el-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-octeon");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-octeon-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-powerpc64le");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-powerpc64le-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-rpi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-rpi-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-rt-686-pae-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-rt-amd64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-rt-arm64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-rt-armmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-rt-armmp-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-s390x");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-s390x-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-kbuild-6.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-libc-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-source");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-source-6.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-support-6.1.0-11");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-11-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-12-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-17-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-modules-6.1.0-20-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-11-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-12-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-17-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:md-modules-6.1.0-20-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:minix-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:minix-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:minix-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:minix-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:minix-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:minix-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:minix-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:minix-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:minix-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:minix-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:minix-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:minix-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:minix-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:minix-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:minix-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:minix-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:minix-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:minix-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:minix-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:minix-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:minix-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:minix-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:minix-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:minix-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:minix-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:minix-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:minix-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-core-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-core-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-core-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-core-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-core-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-core-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-core-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-core-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-core-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-core-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-core-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-core-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-core-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-core-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-core-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-core-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-core-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-core-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-core-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-core-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-core-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-core-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-core-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-core-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-core-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-core-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-core-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mmc-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mouse-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mouse-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mouse-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mouse-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mouse-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mouse-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mouse-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mouse-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mouse-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mouse-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mouse-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mouse-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mouse-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mouse-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mouse-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mouse-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mouse-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mouse-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mouse-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mouse-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mouse-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mouse-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mouse-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mouse-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mouse-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mouse-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mouse-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mouse-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mouse-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mouse-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mouse-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mtd-core-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mtd-core-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mtd-core-modules-6.1.0-11-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mtd-core-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mtd-core-modules-6.1.0-12-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mtd-core-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mtd-core-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mtd-core-modules-6.1.0-17-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mtd-core-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mtd-core-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mtd-core-modules-6.1.0-20-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mtd-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mtd-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mtd-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mtd-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mtd-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mtd-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mtd-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-11-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-12-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-17-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multipath-modules-6.1.0-20-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-11-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-12-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-17-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nbd-modules-6.1.0-20-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nfs-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nfs-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nfs-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nfs-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nfs-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nfs-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nfs-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nfs-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nfs-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nfs-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nfs-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nfs-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nfs-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nfs-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nfs-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nfs-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nfs-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nfs-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nfs-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nfs-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nfs-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nfs-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nfs-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nfs-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-11-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-12-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-17-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-modules-6.1.0-20-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-shared-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-shared-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-shared-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-shared-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-shared-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-shared-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-shared-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-shared-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-shared-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-shared-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-shared-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-shared-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-shared-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-shared-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-shared-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-shared-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-shared-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-shared-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-shared-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-shared-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-shared-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-shared-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-shared-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-shared-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-shared-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-shared-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-shared-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-shared-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-shared-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-shared-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-shared-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-shared-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-shared-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-shared-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-shared-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-usb-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-usb-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-usb-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-usb-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-usb-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-usb-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-usb-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-usb-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-usb-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-usb-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-usb-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-usb-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-usb-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-usb-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-usb-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-usb-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-usb-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-usb-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-usb-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-usb-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-usb-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-usb-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-usb-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-usb-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-usb-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-usb-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-usb-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-usb-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-usb-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-usb-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-usb-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-usb-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-usb-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-usb-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-usb-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-wireless-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-wireless-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-wireless-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-wireless-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-wireless-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-wireless-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-wireless-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-wireless-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-wireless-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-wireless-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-wireless-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-wireless-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-wireless-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-wireless-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-wireless-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-wireless-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-wireless-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-wireless-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-wireless-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-wireless-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-wireless-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-wireless-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-wireless-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-wireless-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-wireless-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-wireless-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-wireless-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-wireless-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-wireless-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-wireless-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-wireless-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nic-wireless-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:pata-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:pata-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:pata-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:pata-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:pata-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:pata-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:pata-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:pata-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:pata-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:pata-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:pata-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:pata-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:pata-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:pata-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:pata-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:pata-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:pata-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:pata-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:pata-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:pata-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:pata-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:pata-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:pata-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:pata-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:pata-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:pata-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:pata-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:pata-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ppp-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ppp-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ppp-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ppp-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ppp-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ppp-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ppp-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ppp-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ppp-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ppp-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ppp-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ppp-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ppp-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ppp-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ppp-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ppp-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ppp-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ppp-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ppp-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ppp-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ppp-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ppp-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ppp-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ppp-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ppp-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ppp-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ppp-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ppp-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ppp-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ppp-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ppp-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ppp-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ppp-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ppp-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ppp-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:rtla");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sata-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sata-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sata-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sata-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sata-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sata-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sata-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sata-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sata-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sata-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sata-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sata-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sata-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sata-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sata-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sata-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sata-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sata-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sata-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sata-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sata-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sata-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sata-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sata-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sata-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sata-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sata-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sata-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sata-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sata-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sata-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sata-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sata-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sata-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sata-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-11-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-12-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-17-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-core-modules-6.1.0-20-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-modules-6.1.0-11-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-modules-6.1.0-12-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-modules-6.1.0-17-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-modules-6.1.0-20-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-nic-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-nic-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-nic-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-nic-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-nic-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-nic-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-nic-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-nic-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-nic-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-nic-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-nic-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-nic-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-nic-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-nic-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-nic-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-nic-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-nic-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-nic-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-nic-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-nic-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-nic-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-nic-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-nic-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-nic-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-nic-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-nic-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-nic-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-nic-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-nic-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-nic-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-nic-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:scsi-nic-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:serial-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:serial-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:serial-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:serial-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sound-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sound-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sound-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sound-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sound-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sound-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sound-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sound-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sound-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sound-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sound-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sound-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sound-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sound-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sound-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sound-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sound-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sound-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sound-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sound-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sound-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sound-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sound-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sound-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sound-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sound-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sound-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sound-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:speakup-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:speakup-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:speakup-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:speakup-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:speakup-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:speakup-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:speakup-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:speakup-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:speakup-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:speakup-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:speakup-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:speakup-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:speakup-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:speakup-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:speakup-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:speakup-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:speakup-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:speakup-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:speakup-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:speakup-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:speakup-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:speakup-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:speakup-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:speakup-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:speakup-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:speakup-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:speakup-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:speakup-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squashfs-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squashfs-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squashfs-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squashfs-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squashfs-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squashfs-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squashfs-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squashfs-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squashfs-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squashfs-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squashfs-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squashfs-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squashfs-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squashfs-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squashfs-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squashfs-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squashfs-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squashfs-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squashfs-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squashfs-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squashfs-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squashfs-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squashfs-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squashfs-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squashfs-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squashfs-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squashfs-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squashfs-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squashfs-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squashfs-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squashfs-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squashfs-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squashfs-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squashfs-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:squashfs-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-11-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-12-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-17-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udf-modules-6.1.0-20-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:uinput-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:uinput-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:uinput-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:uinput-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:uinput-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:uinput-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:uinput-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:uinput-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:uinput-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:uinput-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:uinput-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-serial-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-serial-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-serial-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-serial-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-serial-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-serial-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-serial-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-serial-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-serial-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-serial-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-serial-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-serial-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-serial-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-serial-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-serial-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-serial-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-serial-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-serial-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-serial-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-serial-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-serial-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-serial-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-serial-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-serial-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-serial-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-serial-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-serial-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-serial-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-serial-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-serial-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-serial-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-serial-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-serial-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-serial-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-serial-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-storage-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-storage-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-storage-modules-6.1.0-11-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-storage-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-storage-modules-6.1.0-11-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-storage-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-storage-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-storage-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-storage-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-storage-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-storage-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-storage-modules-6.1.0-12-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-storage-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-storage-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-storage-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-storage-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-storage-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-storage-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-storage-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-storage-modules-6.1.0-17-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-storage-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-storage-modules-6.1.0-17-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-storage-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-storage-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-storage-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-storage-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-storage-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-storage-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-storage-modules-6.1.0-20-armmp-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-storage-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-storage-modules-6.1.0-20-marvell-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-storage-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-storage-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-storage-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usb-storage-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usbip");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xfs-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xfs-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xfs-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xfs-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xfs-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xfs-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xfs-modules-6.1.0-11-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xfs-modules-6.1.0-11-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xfs-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xfs-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xfs-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xfs-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xfs-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xfs-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xfs-modules-6.1.0-12-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xfs-modules-6.1.0-12-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xfs-modules-6.1.0-17-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xfs-modules-6.1.0-17-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xfs-modules-6.1.0-17-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xfs-modules-6.1.0-17-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xfs-modules-6.1.0-17-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xfs-modules-6.1.0-17-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xfs-modules-6.1.0-17-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xfs-modules-6.1.0-17-s390x-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xfs-modules-6.1.0-20-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xfs-modules-6.1.0-20-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xfs-modules-6.1.0-20-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xfs-modules-6.1.0-20-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xfs-modules-6.1.0-20-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xfs-modules-6.1.0-20-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xfs-modules-6.1.0-20-powerpc64le-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xfs-modules-6.1.0-20-s390x-di");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:12.0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:affs-modules-6.1.0-11-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:affs-modules-6.1.0-11-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:affs-modules-6.1.0-11-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:affs-modules-6.1.0-11-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:affs-modules-6.1.0-11-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:affs-modules-6.1.0-11-octeon-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:affs-modules-6.1.0-12-4kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:affs-modules-6.1.0-12-5kc-malta-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:affs-modules-6.1.0-12-loongson-3-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:affs-modules-6.1.0-12-mips32r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:affs-modules-6.1.0-12-mips64r2el-di");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:affs-modules-6.1.0-12-octeon-di");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Debian Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
var debian_release = get_kb_item('Host/Debian/release');
if ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');
debian_release = chomp(debian_release);
if (! preg(pattern:"^(12)\.[0-9]+", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 12.0', 'Debian ' + debian_release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);
var pkgs = [
{'release': '12.0', 'prefix': 'affs-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'affs-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'affs-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'affs-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'affs-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'affs-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'affs-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'affs-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'affs-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'affs-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'affs-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'affs-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'affs-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'affs-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'affs-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'affs-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'affs-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'affs-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'affs-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'affs-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'affs-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'affs-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'affs-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'affs-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ata-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ata-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ata-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ata-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ata-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ata-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ata-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ata-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ata-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ata-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ata-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ata-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ata-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ata-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ata-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ata-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ata-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ata-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ata-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ata-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ata-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ata-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ata-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ata-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ata-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ata-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ata-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ata-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ata-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ata-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ata-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ata-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'bpftool', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-11-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-12-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-17-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'btrfs-modules-6.1.0-20-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-11-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-12-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-17-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'cdrom-core-modules-6.1.0-20-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-11-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-12-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-17-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crc-modules-6.1.0-20-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-11-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-12-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-17-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-dm-modules-6.1.0-20-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-11-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-12-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-17-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'crypto-modules-6.1.0-20-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'dasd-extra-modules-6.1.0-11-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'dasd-extra-modules-6.1.0-12-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'dasd-extra-modules-6.1.0-17-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'dasd-extra-modules-6.1.0-20-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'dasd-modules-6.1.0-11-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'dasd-modules-6.1.0-12-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'dasd-modules-6.1.0-17-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'dasd-modules-6.1.0-20-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'efi-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'efi-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'efi-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'efi-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'event-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'event-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'event-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'event-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'event-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'event-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'event-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'event-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'event-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'event-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'event-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'event-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'event-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'event-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'event-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'event-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'event-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'event-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'event-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'event-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'event-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'event-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'event-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'event-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'event-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'event-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'event-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'event-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'event-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'event-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'event-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'event-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'event-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'event-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'event-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-11-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-12-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-17-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ext4-modules-6.1.0-20-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-11-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-12-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-17-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'f2fs-modules-6.1.0-20-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fancontrol-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fancontrol-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fancontrol-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fancontrol-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-11-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-12-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-17-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fat-modules-6.1.0-20-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fb-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fb-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fb-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fb-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fb-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fb-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fb-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fb-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fb-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fb-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fb-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fb-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fb-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fb-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fb-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fb-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fb-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fb-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fb-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fb-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fb-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fb-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fb-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fb-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fb-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fb-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fb-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fb-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fb-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fb-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fb-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fb-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fb-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fb-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fb-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'firewire-core-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'firewire-core-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'firewire-core-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'firewire-core-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'firewire-core-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'firewire-core-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'firewire-core-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'firewire-core-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'firewire-core-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'firewire-core-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'firewire-core-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'firewire-core-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'firewire-core-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'firewire-core-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'firewire-core-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'firewire-core-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'firewire-core-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'firewire-core-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'firewire-core-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'firewire-core-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'firewire-core-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'firewire-core-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'firewire-core-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'firewire-core-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'firewire-core-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'firewire-core-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'firewire-core-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'firewire-core-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-11-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-12-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-17-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'fuse-modules-6.1.0-20-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'hyperv-daemons', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'hypervisor-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'hypervisor-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'hypervisor-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'hypervisor-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'i2c-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'i2c-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'i2c-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'i2c-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'i2c-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'i2c-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'i2c-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'i2c-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'input-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'input-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'input-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'input-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'input-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'input-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'input-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'input-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'input-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'input-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'input-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'input-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'input-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'input-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'input-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'input-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'input-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'input-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'input-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'input-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'input-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'input-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'input-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'input-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'input-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'input-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'input-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'input-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'input-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'input-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'input-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'input-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'input-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'input-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'input-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ipv6-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ipv6-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ipv6-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-11-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-12-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-17-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'isofs-modules-6.1.0-20-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'jffs2-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'jffs2-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'jffs2-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'jfs-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'jfs-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'jfs-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'jfs-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'jfs-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'jfs-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'jfs-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'jfs-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'jfs-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'jfs-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'jfs-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'jfs-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'jfs-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'jfs-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'jfs-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'jfs-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'jfs-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'jfs-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'jfs-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'jfs-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'jfs-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'jfs-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'jfs-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'jfs-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'jfs-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'jfs-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'jfs-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'jfs-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'jfs-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'jfs-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'jfs-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'jfs-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'jfs-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'jfs-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'jfs-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-11-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-12-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-17-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'kernel-image-6.1.0-20-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'leds-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'leds-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'leds-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'leds-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'leds-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'leds-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'leds-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'libcpupower-dev', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'libcpupower1', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-compiler-gcc-12-arm', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-compiler-gcc-12-s390', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-compiler-gcc-12-x86', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-config-6.1', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-cpupower', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-doc', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-doc-6.1', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-headers-4kc-malta', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-headers-5kc-malta', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-headers-6.1.0-11-4kc-malta', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-headers-6.1.0-11-5kc-malta', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-headers-6.1.0-11-686', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-headers-6.1.0-11-686-pae', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-headers-6.1.0-11-amd64', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-headers-6.1.0-11-arm64', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-headers-6.1.0-11-armmp', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-headers-6.1.0-11-armmp-lpae', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-headers-6.1.0-11-cloud-amd64', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-headers-6.1.0-11-cloud-arm64', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-headers-6.1.0-11-common', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-headers-6.1.0-11-common-rt', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-headers-6.1.0-11-loongson-3', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-headers-6.1.0-11-marvell', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-headers-6.1.0-11-mips32r2el', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-headers-6.1.0-11-mips64r2el', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-headers-6.1.0-11-octeon', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-headers-6.1.0-11-powerpc64le', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-headers-6.1.0-11-rpi', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-headers-6.1.0-11-rt-686-pae', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-headers-6.1.0-11-rt-amd64', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-headers-6.1.0-11-rt-arm64', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-headers-6.1.0-11-rt-armmp', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-headers-6.1.0-11-s390x', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-headers-armmp', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-headers-armmp-lpae', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-headers-loongson-3', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-headers-marvell', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-headers-mips32r2el', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-headers-mips64r2el', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-headers-octeon', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-headers-powerpc64le', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-headers-rpi', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-headers-rt-armmp', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-headers-s390x', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-4kc-malta', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-4kc-malta-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-5kc-malta', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-5kc-malta-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-6.1.0-11-4kc-malta', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-6.1.0-11-4kc-malta-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-6.1.0-11-5kc-malta', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-6.1.0-11-5kc-malta-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-6.1.0-11-686-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-6.1.0-11-686-pae-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-6.1.0-11-amd64-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-6.1.0-11-arm64-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-6.1.0-11-armmp', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-6.1.0-11-armmp-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-6.1.0-11-armmp-lpae', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-6.1.0-11-armmp-lpae-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-6.1.0-11-cloud-amd64-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-6.1.0-11-cloud-arm64-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-6.1.0-11-loongson-3', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-6.1.0-11-loongson-3-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-6.1.0-11-marvell', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-6.1.0-11-marvell-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-6.1.0-11-mips32r2el', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-6.1.0-11-mips32r2el-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-6.1.0-11-mips64r2el', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-6.1.0-11-mips64r2el-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-6.1.0-11-octeon', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-6.1.0-11-octeon-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-6.1.0-11-powerpc64le', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-6.1.0-11-powerpc64le-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-6.1.0-11-rpi', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-6.1.0-11-rpi-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-6.1.0-11-rt-686-pae-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-6.1.0-11-rt-amd64-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-6.1.0-11-rt-arm64-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-6.1.0-11-rt-armmp', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-6.1.0-11-rt-armmp-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-6.1.0-11-s390x', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-6.1.0-11-s390x-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-686-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-686-pae-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-amd64-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-amd64-signed-template', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-arm64-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-arm64-signed-template', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-armmp', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-armmp-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-armmp-lpae', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-armmp-lpae-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-cloud-amd64-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-cloud-arm64-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-i386-signed-template', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-loongson-3', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-loongson-3-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-marvell', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-marvell-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-mips32r2el', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-mips32r2el-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-mips64r2el', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-mips64r2el-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-octeon', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-octeon-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-powerpc64le', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-powerpc64le-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-rpi', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-rpi-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-rt-686-pae-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-rt-amd64-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-rt-arm64-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-rt-armmp', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-rt-armmp-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-s390x', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-image-s390x-dbg', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-kbuild-6.1', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-libc-dev', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-perf', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-source', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-source-6.1', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'linux-support-6.1.0-11', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-11-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-12-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-17-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'loop-modules-6.1.0-20-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-11-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-12-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-17-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'md-modules-6.1.0-20-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'minix-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'minix-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'minix-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'minix-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'minix-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'minix-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'minix-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'minix-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'minix-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'minix-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'minix-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'minix-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'minix-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'minix-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'minix-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'minix-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'minix-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'minix-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'minix-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'minix-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'minix-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'minix-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'minix-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'minix-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'minix-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'minix-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'minix-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-core-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-core-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-core-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-core-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-core-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-core-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-core-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-core-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-core-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-core-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-core-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-core-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-core-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-core-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-core-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-core-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-core-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-core-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-core-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-core-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-core-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-core-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-core-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-core-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-core-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-core-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-core-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mmc-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mouse-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mouse-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mouse-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mouse-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mouse-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mouse-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mouse-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mouse-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mouse-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mouse-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mouse-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mouse-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mouse-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mouse-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mouse-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mouse-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mouse-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mouse-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mouse-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mouse-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mouse-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mouse-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mouse-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mouse-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mouse-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mouse-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mouse-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mouse-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mouse-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mouse-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mouse-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mtd-core-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mtd-core-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mtd-core-modules-6.1.0-11-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mtd-core-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mtd-core-modules-6.1.0-12-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mtd-core-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mtd-core-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mtd-core-modules-6.1.0-17-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mtd-core-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mtd-core-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mtd-core-modules-6.1.0-20-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mtd-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mtd-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mtd-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mtd-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mtd-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mtd-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'mtd-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-11-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-12-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-17-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'multipath-modules-6.1.0-20-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-11-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-12-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-17-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nbd-modules-6.1.0-20-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nfs-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nfs-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nfs-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nfs-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nfs-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nfs-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nfs-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nfs-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nfs-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nfs-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nfs-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nfs-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nfs-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nfs-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nfs-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nfs-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nfs-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nfs-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nfs-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nfs-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nfs-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nfs-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nfs-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nfs-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-11-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-12-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-17-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-modules-6.1.0-20-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-shared-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-shared-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-shared-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-shared-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-shared-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-shared-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-shared-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-shared-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-shared-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-shared-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-shared-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-shared-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-shared-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-shared-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-shared-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-shared-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-shared-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-shared-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-shared-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-shared-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-shared-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-shared-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-shared-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-shared-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-shared-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-shared-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-shared-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-shared-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-shared-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-shared-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-shared-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-shared-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-shared-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-shared-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-shared-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-usb-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-usb-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-usb-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-usb-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-usb-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-usb-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-usb-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-usb-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-usb-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-usb-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-usb-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-usb-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-usb-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-usb-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-usb-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-usb-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-usb-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-usb-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-usb-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-usb-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-usb-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-usb-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-usb-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-usb-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-usb-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-usb-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-usb-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-usb-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-usb-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-usb-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-usb-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-usb-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-usb-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-usb-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-usb-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-wireless-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-wireless-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-wireless-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-wireless-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-wireless-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-wireless-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-wireless-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-wireless-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-wireless-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-wireless-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-wireless-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-wireless-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-wireless-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-wireless-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-wireless-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-wireless-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-wireless-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-wireless-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-wireless-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-wireless-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-wireless-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-wireless-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-wireless-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-wireless-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-wireless-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-wireless-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-wireless-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-wireless-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-wireless-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-wireless-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-wireless-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'nic-wireless-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'pata-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'pata-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'pata-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'pata-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'pata-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'pata-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'pata-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'pata-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'pata-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'pata-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'pata-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'pata-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'pata-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'pata-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'pata-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'pata-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'pata-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'pata-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'pata-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'pata-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'pata-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'pata-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'pata-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'pata-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'pata-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'pata-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'pata-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'pata-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ppp-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ppp-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ppp-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ppp-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ppp-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ppp-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ppp-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ppp-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ppp-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ppp-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ppp-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ppp-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ppp-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ppp-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ppp-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ppp-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ppp-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ppp-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ppp-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ppp-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ppp-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ppp-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ppp-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ppp-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ppp-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ppp-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ppp-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ppp-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ppp-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ppp-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ppp-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ppp-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ppp-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ppp-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'ppp-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'rtla', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sata-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sata-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sata-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sata-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sata-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sata-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sata-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sata-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sata-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sata-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sata-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sata-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sata-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sata-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sata-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sata-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sata-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sata-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sata-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sata-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sata-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sata-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sata-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sata-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sata-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sata-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sata-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sata-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sata-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sata-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sata-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sata-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sata-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sata-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sata-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-11-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-12-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-17-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-core-modules-6.1.0-20-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-modules-6.1.0-11-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-modules-6.1.0-12-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-modules-6.1.0-17-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-modules-6.1.0-20-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-nic-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-nic-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-nic-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-nic-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-nic-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-nic-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-nic-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-nic-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-nic-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-nic-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-nic-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-nic-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-nic-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-nic-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-nic-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-nic-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-nic-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-nic-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-nic-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-nic-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-nic-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-nic-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-nic-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-nic-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-nic-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-nic-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-nic-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-nic-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-nic-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-nic-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-nic-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'scsi-nic-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'serial-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'serial-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'serial-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'serial-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sound-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sound-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sound-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sound-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sound-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sound-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sound-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sound-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sound-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sound-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sound-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sound-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sound-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sound-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sound-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sound-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sound-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sound-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sound-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sound-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sound-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sound-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sound-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sound-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sound-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sound-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sound-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'sound-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'speakup-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'speakup-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'speakup-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'speakup-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'speakup-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'speakup-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'speakup-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'speakup-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'speakup-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'speakup-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'speakup-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'speakup-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'speakup-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'speakup-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'speakup-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'speakup-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'speakup-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'speakup-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'speakup-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'speakup-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'speakup-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'speakup-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'speakup-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'speakup-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'speakup-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'speakup-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'speakup-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'speakup-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'squashfs-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'squashfs-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'squashfs-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'squashfs-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'squashfs-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'squashfs-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'squashfs-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'squashfs-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'squashfs-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'squashfs-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'squashfs-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'squashfs-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'squashfs-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'squashfs-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'squashfs-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'squashfs-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'squashfs-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'squashfs-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'squashfs-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'squashfs-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'squashfs-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'squashfs-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'squashfs-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'squashfs-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'squashfs-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'squashfs-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'squashfs-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'squashfs-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'squashfs-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'squashfs-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'squashfs-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'squashfs-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'squashfs-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'squashfs-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'squashfs-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-11-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-12-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-17-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'udf-modules-6.1.0-20-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'uinput-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'uinput-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'uinput-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'uinput-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'uinput-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'uinput-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'uinput-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'uinput-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'uinput-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'uinput-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'uinput-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-serial-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-serial-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-serial-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-serial-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-serial-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-serial-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-serial-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-serial-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-serial-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-serial-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-serial-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-serial-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-serial-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-serial-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-serial-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-serial-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-serial-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-serial-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-serial-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-serial-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-serial-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-serial-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-serial-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-serial-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-serial-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-serial-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-serial-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-serial-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-serial-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-serial-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-serial-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-serial-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-serial-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-serial-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-serial-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-storage-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-storage-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-storage-modules-6.1.0-11-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-storage-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-storage-modules-6.1.0-11-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-storage-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-storage-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-storage-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-storage-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-storage-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-storage-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-storage-modules-6.1.0-12-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-storage-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-storage-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-storage-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-storage-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-storage-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-storage-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-storage-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-storage-modules-6.1.0-17-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-storage-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-storage-modules-6.1.0-17-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-storage-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-storage-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-storage-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-storage-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-storage-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-storage-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-storage-modules-6.1.0-20-armmp-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-storage-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-storage-modules-6.1.0-20-marvell-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-storage-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-storage-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-storage-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usb-storage-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'usbip', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'xfs-modules-6.1.0-11-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'xfs-modules-6.1.0-11-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'xfs-modules-6.1.0-11-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'xfs-modules-6.1.0-11-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'xfs-modules-6.1.0-11-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'xfs-modules-6.1.0-11-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'xfs-modules-6.1.0-11-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'xfs-modules-6.1.0-11-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'xfs-modules-6.1.0-12-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'xfs-modules-6.1.0-12-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'xfs-modules-6.1.0-12-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'xfs-modules-6.1.0-12-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'xfs-modules-6.1.0-12-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'xfs-modules-6.1.0-12-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'xfs-modules-6.1.0-12-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'xfs-modules-6.1.0-12-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'xfs-modules-6.1.0-17-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'xfs-modules-6.1.0-17-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'xfs-modules-6.1.0-17-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'xfs-modules-6.1.0-17-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'xfs-modules-6.1.0-17-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'xfs-modules-6.1.0-17-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'xfs-modules-6.1.0-17-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'xfs-modules-6.1.0-17-s390x-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'xfs-modules-6.1.0-20-4kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'xfs-modules-6.1.0-20-5kc-malta-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'xfs-modules-6.1.0-20-loongson-3-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'xfs-modules-6.1.0-20-mips32r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'xfs-modules-6.1.0-20-mips64r2el-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'xfs-modules-6.1.0-20-octeon-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'xfs-modules-6.1.0-20-powerpc64le-di', 'reference': '6.1.85-1'},
{'release': '12.0', 'prefix': 'xfs-modules-6.1.0-20-s390x-di', 'reference': '6.1.85-1'}
];
var flag = 0;
foreach package_array ( pkgs ) {
var _release = NULL;
var prefix = NULL;
var reference = NULL;
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (_release && prefix && reference) {
if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : deb_report_get()
);
exit(0);
}
else
{
var tested = deb_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'affs-modules-6.1.0-11-4kc-malta-di / etc');
}
Vendor | Product | Version | CPE |
---|---|---|---|
debian | debian_linux | affs-modules-6.1.0-17-4kc-malta-di | p-cpe:/a:debian:debian_linux:affs-modules-6.1.0-17-4kc-malta-di |
debian | debian_linux | affs-modules-6.1.0-17-5kc-malta-di | p-cpe:/a:debian:debian_linux:affs-modules-6.1.0-17-5kc-malta-di |
debian | debian_linux | affs-modules-6.1.0-17-loongson-3-di | p-cpe:/a:debian:debian_linux:affs-modules-6.1.0-17-loongson-3-di |
debian | debian_linux | affs-modules-6.1.0-17-mips32r2el-di | p-cpe:/a:debian:debian_linux:affs-modules-6.1.0-17-mips32r2el-di |
debian | debian_linux | affs-modules-6.1.0-17-mips64r2el-di | p-cpe:/a:debian:debian_linux:affs-modules-6.1.0-17-mips64r2el-di |
debian | debian_linux | affs-modules-6.1.0-17-octeon-di | p-cpe:/a:debian:debian_linux:affs-modules-6.1.0-17-octeon-di |
debian | debian_linux | affs-modules-6.1.0-20-4kc-malta-di | p-cpe:/a:debian:debian_linux:affs-modules-6.1.0-20-4kc-malta-di |
debian | debian_linux | affs-modules-6.1.0-20-5kc-malta-di | p-cpe:/a:debian:debian_linux:affs-modules-6.1.0-20-5kc-malta-di |
debian | debian_linux | affs-modules-6.1.0-20-loongson-3-di | p-cpe:/a:debian:debian_linux:affs-modules-6.1.0-20-loongson-3-di |
debian | debian_linux | affs-modules-6.1.0-20-mips32r2el-di | p-cpe:/a:debian:debian_linux:affs-modules-6.1.0-20-mips32r2el-di |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2176
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47233
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52429
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52434
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52435
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52583
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52584
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52587
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52588
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52589
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52593
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52594
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52595
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52597
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52598
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52599
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52600
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52601
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52602
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52603
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52604
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52606
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52607
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52616
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52617
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52618
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52620
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52621
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52630
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52631
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52632
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52633
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52635
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52637
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52638
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52639
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52640
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52641
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6270
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7042
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0340
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0841
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1151
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22099
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23850
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23851
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24857
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24858
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26581
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26582
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26583
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26584
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26585
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26590
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26593
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26600
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26601
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26602
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26603
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26606
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26621
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26622
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26625
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26626
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26627
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26629
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26639
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26641
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26642
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26643
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26651
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26654
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26659
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26663
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26664
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26665
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26667
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26671
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26673
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26675
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26676
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26679
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26680
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26681
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26684
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26685
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26687
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26688
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26689
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26695
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26696
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26697
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26700
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26702
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26706
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26707
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26710
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26712
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26714
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26715
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26717
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26718
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26720
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26722
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26723
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26726
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26727
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26731
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26735
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26736
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26737
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26741
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26742
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26743
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26744
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26745
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26747
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26748
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26749
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26750
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26751
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26752
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26753
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26754
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26759
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26760
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26761
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26763
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26764
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26765
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26766
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26769
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26771
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26774
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26775
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26776
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26777
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26778
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26779
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26780
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26781
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26782
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26787
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26788
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26789
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26790
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26791
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26792
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26793
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26795
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26798
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26800
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26801
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26803
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26804
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26805
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26809
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26811
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26812
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26813
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26814
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26815
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26816
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27437
packages.debian.org/source/bookworm/linux
security-tracker.debian.org/tracker/CVE-2023-2176
security-tracker.debian.org/tracker/CVE-2023-28746
security-tracker.debian.org/tracker/CVE-2023-47233
security-tracker.debian.org/tracker/CVE-2023-52429
security-tracker.debian.org/tracker/CVE-2023-52434
security-tracker.debian.org/tracker/CVE-2023-52435
security-tracker.debian.org/tracker/CVE-2023-52583
security-tracker.debian.org/tracker/CVE-2023-52584
security-tracker.debian.org/tracker/CVE-2023-52587
security-tracker.debian.org/tracker/CVE-2023-52588
security-tracker.debian.org/tracker/CVE-2023-52589
security-tracker.debian.org/tracker/CVE-2023-52593
security-tracker.debian.org/tracker/CVE-2023-52594
security-tracker.debian.org/tracker/CVE-2023-52595
security-tracker.debian.org/tracker/CVE-2023-52597
security-tracker.debian.org/tracker/CVE-2023-52598
security-tracker.debian.org/tracker/CVE-2023-52599
security-tracker.debian.org/tracker/CVE-2023-52600
security-tracker.debian.org/tracker/CVE-2023-52601
security-tracker.debian.org/tracker/CVE-2023-52602
security-tracker.debian.org/tracker/CVE-2023-52603
security-tracker.debian.org/tracker/CVE-2023-52604
security-tracker.debian.org/tracker/CVE-2023-52606
security-tracker.debian.org/tracker/CVE-2023-52607
security-tracker.debian.org/tracker/CVE-2023-52616
security-tracker.debian.org/tracker/CVE-2023-52617
security-tracker.debian.org/tracker/CVE-2023-52618
security-tracker.debian.org/tracker/CVE-2023-52619
security-tracker.debian.org/tracker/CVE-2023-52620
security-tracker.debian.org/tracker/CVE-2023-52621
security-tracker.debian.org/tracker/CVE-2023-52622
security-tracker.debian.org/tracker/CVE-2023-52623
security-tracker.debian.org/tracker/CVE-2023-52630
security-tracker.debian.org/tracker/CVE-2023-52631
security-tracker.debian.org/tracker/CVE-2023-52632
security-tracker.debian.org/tracker/CVE-2023-52633
security-tracker.debian.org/tracker/CVE-2023-52635
security-tracker.debian.org/tracker/CVE-2023-52637
security-tracker.debian.org/tracker/CVE-2023-52638
security-tracker.debian.org/tracker/CVE-2023-52639
security-tracker.debian.org/tracker/CVE-2023-52640
security-tracker.debian.org/tracker/CVE-2023-52641
security-tracker.debian.org/tracker/CVE-2023-6270
security-tracker.debian.org/tracker/CVE-2023-7042
security-tracker.debian.org/tracker/CVE-2024-0340
security-tracker.debian.org/tracker/CVE-2024-0841
security-tracker.debian.org/tracker/CVE-2024-1151
security-tracker.debian.org/tracker/CVE-2024-2201
security-tracker.debian.org/tracker/CVE-2024-22099
security-tracker.debian.org/tracker/CVE-2024-23850
security-tracker.debian.org/tracker/CVE-2024-23851
security-tracker.debian.org/tracker/CVE-2024-24857
security-tracker.debian.org/tracker/CVE-2024-24858
security-tracker.debian.org/tracker/CVE-2024-26581
security-tracker.debian.org/tracker/CVE-2024-26582
security-tracker.debian.org/tracker/CVE-2024-26583
security-tracker.debian.org/tracker/CVE-2024-26584
security-tracker.debian.org/tracker/CVE-2024-26585
security-tracker.debian.org/tracker/CVE-2024-26586
security-tracker.debian.org/tracker/CVE-2024-26590
security-tracker.debian.org/tracker/CVE-2024-26593
security-tracker.debian.org/tracker/CVE-2024-26600
security-tracker.debian.org/tracker/CVE-2024-26601
security-tracker.debian.org/tracker/CVE-2024-26602
security-tracker.debian.org/tracker/CVE-2024-26603
security-tracker.debian.org/tracker/CVE-2024-26606
security-tracker.debian.org/tracker/CVE-2024-26621
security-tracker.debian.org/tracker/CVE-2024-26622
security-tracker.debian.org/tracker/CVE-2024-26625
security-tracker.debian.org/tracker/CVE-2024-26626
security-tracker.debian.org/tracker/CVE-2024-26627
security-tracker.debian.org/tracker/CVE-2024-26629
security-tracker.debian.org/tracker/CVE-2024-26639
security-tracker.debian.org/tracker/CVE-2024-26640
security-tracker.debian.org/tracker/CVE-2024-26641
security-tracker.debian.org/tracker/CVE-2024-26642
security-tracker.debian.org/tracker/CVE-2024-26643
security-tracker.debian.org/tracker/CVE-2024-26651
security-tracker.debian.org/tracker/CVE-2024-26654
security-tracker.debian.org/tracker/CVE-2024-26659
security-tracker.debian.org/tracker/CVE-2024-26660
security-tracker.debian.org/tracker/CVE-2024-26663
security-tracker.debian.org/tracker/CVE-2024-26664
security-tracker.debian.org/tracker/CVE-2024-26665
security-tracker.debian.org/tracker/CVE-2024-26667
security-tracker.debian.org/tracker/CVE-2024-26671
security-tracker.debian.org/tracker/CVE-2024-26673
security-tracker.debian.org/tracker/CVE-2024-26675
security-tracker.debian.org/tracker/CVE-2024-26676
security-tracker.debian.org/tracker/CVE-2024-26679
security-tracker.debian.org/tracker/CVE-2024-26680
security-tracker.debian.org/tracker/CVE-2024-26681
security-tracker.debian.org/tracker/CVE-2024-26684
security-tracker.debian.org/tracker/CVE-2024-26685
security-tracker.debian.org/tracker/CVE-2024-26686
security-tracker.debian.org/tracker/CVE-2024-26687
security-tracker.debian.org/tracker/CVE-2024-26688
security-tracker.debian.org/tracker/CVE-2024-26689
security-tracker.debian.org/tracker/CVE-2024-26695
security-tracker.debian.org/tracker/CVE-2024-26696
security-tracker.debian.org/tracker/CVE-2024-26697
security-tracker.debian.org/tracker/CVE-2024-26698
security-tracker.debian.org/tracker/CVE-2024-26700
security-tracker.debian.org/tracker/CVE-2024-26702
security-tracker.debian.org/tracker/CVE-2024-26704
security-tracker.debian.org/tracker/CVE-2024-26706
security-tracker.debian.org/tracker/CVE-2024-26707
security-tracker.debian.org/tracker/CVE-2024-26710
security-tracker.debian.org/tracker/CVE-2024-26712
security-tracker.debian.org/tracker/CVE-2024-26714
security-tracker.debian.org/tracker/CVE-2024-26715
security-tracker.debian.org/tracker/CVE-2024-26717
security-tracker.debian.org/tracker/CVE-2024-26718
security-tracker.debian.org/tracker/CVE-2024-26720
security-tracker.debian.org/tracker/CVE-2024-26722
security-tracker.debian.org/tracker/CVE-2024-26723
security-tracker.debian.org/tracker/CVE-2024-26726
security-tracker.debian.org/tracker/CVE-2024-26727
security-tracker.debian.org/tracker/CVE-2024-26731
security-tracker.debian.org/tracker/CVE-2024-26733
security-tracker.debian.org/tracker/CVE-2024-26735
security-tracker.debian.org/tracker/CVE-2024-26736
security-tracker.debian.org/tracker/CVE-2024-26737
security-tracker.debian.org/tracker/CVE-2024-26741
security-tracker.debian.org/tracker/CVE-2024-26742
security-tracker.debian.org/tracker/CVE-2024-26743
security-tracker.debian.org/tracker/CVE-2024-26744
security-tracker.debian.org/tracker/CVE-2024-26745
security-tracker.debian.org/tracker/CVE-2024-26747
security-tracker.debian.org/tracker/CVE-2024-26748
security-tracker.debian.org/tracker/CVE-2024-26749
security-tracker.debian.org/tracker/CVE-2024-26750
security-tracker.debian.org/tracker/CVE-2024-26751
security-tracker.debian.org/tracker/CVE-2024-26752
security-tracker.debian.org/tracker/CVE-2024-26753
security-tracker.debian.org/tracker/CVE-2024-26754
security-tracker.debian.org/tracker/CVE-2024-26759
security-tracker.debian.org/tracker/CVE-2024-26760
security-tracker.debian.org/tracker/CVE-2024-26761
security-tracker.debian.org/tracker/CVE-2024-26763
security-tracker.debian.org/tracker/CVE-2024-26764
security-tracker.debian.org/tracker/CVE-2024-26765
security-tracker.debian.org/tracker/CVE-2024-26766
security-tracker.debian.org/tracker/CVE-2024-26769
security-tracker.debian.org/tracker/CVE-2024-26771
security-tracker.debian.org/tracker/CVE-2024-26772
security-tracker.debian.org/tracker/CVE-2024-26773
security-tracker.debian.org/tracker/CVE-2024-26774
security-tracker.debian.org/tracker/CVE-2024-26775
security-tracker.debian.org/tracker/CVE-2024-26776
security-tracker.debian.org/tracker/CVE-2024-26777
security-tracker.debian.org/tracker/CVE-2024-26778
security-tracker.debian.org/tracker/CVE-2024-26779
security-tracker.debian.org/tracker/CVE-2024-26780
security-tracker.debian.org/tracker/CVE-2024-26781
security-tracker.debian.org/tracker/CVE-2024-26782
security-tracker.debian.org/tracker/CVE-2024-26787
security-tracker.debian.org/tracker/CVE-2024-26788
security-tracker.debian.org/tracker/CVE-2024-26789
security-tracker.debian.org/tracker/CVE-2024-26790
security-tracker.debian.org/tracker/CVE-2024-26791
security-tracker.debian.org/tracker/CVE-2024-26792
security-tracker.debian.org/tracker/CVE-2024-26793
security-tracker.debian.org/tracker/CVE-2024-26795
security-tracker.debian.org/tracker/CVE-2024-26798
security-tracker.debian.org/tracker/CVE-2024-26800
security-tracker.debian.org/tracker/CVE-2024-26801
security-tracker.debian.org/tracker/CVE-2024-26802
security-tracker.debian.org/tracker/CVE-2024-26803
security-tracker.debian.org/tracker/CVE-2024-26804
security-tracker.debian.org/tracker/CVE-2024-26805
security-tracker.debian.org/tracker/CVE-2024-26809
security-tracker.debian.org/tracker/CVE-2024-26810
security-tracker.debian.org/tracker/CVE-2024-26811
security-tracker.debian.org/tracker/CVE-2024-26812
security-tracker.debian.org/tracker/CVE-2024-26813
security-tracker.debian.org/tracker/CVE-2024-26814
security-tracker.debian.org/tracker/CVE-2024-26815
security-tracker.debian.org/tracker/CVE-2024-26816
security-tracker.debian.org/tracker/CVE-2024-27437
security-tracker.debian.org/tracker/source-package/linux