{"id": "EULEROS_SA-2019-1450.NASL", "bulletinFamily": "scanner", "title": "EulerOS Virtualization 3.0.1.0 : kvm (EulerOS-SA-2019-1450)", "description": "According to the versions of the kvm package installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in\n the Linux kernel before 4.6.1 supports MSR 0x2f8, which\n allows guest OS users to read or write to the\n kvm_arch_vcpu data structure, and consequently obtain\n sensitive information or cause a denial of service\n (system crash), via a crafted ioctl\n call.(CVE-2016-3713)\n\n - Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support is vulnerable to a null\n pointer dereference flaw. It could occur on x86\n platform, when emulating an undefined instruction. An\n attacker could use this flaw to crash the host kernel\n resulting in DoS.(CVE-2016-8630)\n\n - Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support was vulnerable to an\n incorrect segment selector(SS) value error. The error\n could occur while loading values into the SS register\n in long mode. A user or process inside a guest could\n use this flaw to crash the guest, resulting in DoS or\n potentially escalate their privileges inside the\n guest.(CVE-2017-2583)\n\n - arch/x86/kvm/emulate.c in the Linux kernel through\n 4.9.3 allows local users to obtain sensitive\n information from kernel memory or cause a denial of\n service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave,\n sgdt, and sidt.(CVE-2017-2584)\n\n - A reachable assertion failure flaw was found in the\n Linux kernel built with KVM virtualisation(CONFIG_KVM)\n support with Virtual Function I/O feature (CONFIG_VFIO)\n enabled. This failure could occur if a malicious guest\n device sent a virtual interrupt (guest IRQ) with a\n larger (i1/4z1024) index value.(CVE-2017-1000252)\n\n - An industry-wide issue was found in the way many modern\n microprocessor designs have implemented speculative\n execution of instructions (a commonly used performance\n optimization). There are three primary variants of the\n issue which differ in the way the speculative execution\n can be exploited. Variant CVE-2017-5715 triggers the\n speculative execution by utilizing branch target\n injection. It relies on the presence of a\n precisely-defined instruction sequence in the\n privileged code as well as the fact that memory\n accesses may cause allocation into the microprocessor", "published": "2019-05-14T00:00:00", "modified": "2019-05-14T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/124953", "reporter": "This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?3d6cefe5"], "cvelist": ["CVE-2019-7222", "CVE-2017-2584", "CVE-2017-17741", "CVE-2017-7518", "CVE-2018-10853", "CVE-2017-1000252", "CVE-2016-8630", "CVE-2017-2583", "CVE-2017-5715", "CVE-2019-7221", "CVE-2019-6974", "CVE-2018-3639", "CVE-2016-3713"], "type": "nessus", "lastseen": "2020-03-19T22:31:11", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:huawei:euleros:uvp:3.0.1.0", "p-cpe:/a:huawei:euleros:kvm"], "cvelist": ["CVE-2019-7222", "CVE-2017-2584", "CVE-2017-17741", "CVE-2017-7518", "CVE-2018-10853", "CVE-2017-1000252", "CVE-2016-8630", "CVE-2017-2583", "CVE-2017-5715", "CVE-2019-7221", "CVE-2019-6974", "CVE-2018-3639", "CVE-2016-3713"], "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "description": "According to the versions of the kvm package installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in\n the Linux kernel before 4.6.1 supports MSR 0x2f8, which\n allows guest OS users to read or write to the\n kvm_arch_vcpu data structure, and consequently obtain\n sensitive information or cause a denial of service\n (system crash), via a crafted ioctl\n call.(CVE-2016-3713)\n\n - Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support is vulnerable to a null\n pointer dereference flaw. It could occur on x86\n platform, when emulating an undefined instruction. An\n attacker could use this flaw to crash the host kernel\n resulting in DoS.(CVE-2016-8630)\n\n - Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support was vulnerable to an\n incorrect segment selector(SS) value error. The error\n could occur while loading values into the SS register\n in long mode. A user or process inside a guest could\n use this flaw to crash the guest, resulting in DoS or\n potentially escalate their privileges inside the\n guest.(CVE-2017-2583)\n\n - arch/x86/kvm/emulate.c in the Linux kernel through\n 4.9.3 allows local users to obtain sensitive\n information from kernel memory or cause a denial of\n service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave,\n sgdt, and sidt.(CVE-2017-2584)\n\n - A reachable assertion failure flaw was found in the\n Linux kernel built with KVM virtualisation(CONFIG_KVM)\n support with Virtual Function I/O feature (CONFIG_VFIO)\n enabled. This failure could occur if a malicious guest\n device sent a virtual interrupt (guest IRQ) with a\n larger (>1024) index value.(CVE-2017-1000252)\n\n - An industry-wide issue was found in the way many modern\n microprocessor designs have implemented speculative\n execution of instructions (a commonly used performance\n optimization). There are three primary variants of the\n issue which differ in the way the speculative execution\n can be exploited. Variant CVE-2017-5715 triggers the\n speculative execution by utilizing branch target\n injection. It relies on the presence of a\n precisely-defined instruction sequence in the\n privileged code as well as the fact that memory\n accesses may cause allocation into the microprocessor", "edition": 3, "enchantments": {"dependencies": {"modified": "2019-12-13T06:25:39", "references": [{"idList": ["F5:K29146534", "F5:K11186236", "F5:K81172534", "F5:K91229003", "F5:K08413011"], "type": "f5"}, {"idList": ["SMNTC-104232"], "type": "symantec"}, {"idList": ["CVE-2019-7222", "CVE-2017-2584", "CVE-2017-17741", "CVE-2017-7518", "CVE-2018-10853", "CVE-2017-1000252", "CVE-2016-8630", "CVE-2019-7221", "CVE-2019-6974", "CVE-2016-3713"], "type": "cve"}, {"idList": ["OPENSUSE-SU-2019:0274-1", "OPENSUSE-SU-2019:0203-1"], "type": "suse"}, {"idList": ["CESA-2019:0818"], "type": "centos"}, {"idList": ["ELSA-2019-0818", "ELSA-2019-4612"], "type": "oraclelinux"}, {"idList": ["EDB-ID:46388"], "type": "exploitdb"}, {"idList": ["VZA-2017-004", "VZA-2018-033", "VZA-2019-046", "VZA-2018-034", "VZA-2019-042", "VZA-2018-032", "VZA-2019-045"], "type": "virtuozzo"}, {"idList": ["ALAS-2019-1165"], "type": "amazon"}, {"idList": ["RHSA-2018:1967", "RHSA-2019:0818", "RHSA-2019:0833"], "type": "redhat"}, {"idList": ["KB4284880", "KB4284819", "KB4284860", "KB4467708", "KB4480970", "KB4284867", "KB4480960", "KB4480957", "KB4284826", "KB4467691"], "type": "mskb"}, {"idList": ["VARIANT4_ADVISORY.ASC"], "type": "aix"}, {"idList": ["1337DAY-ID-32199"], "type": "zdt"}, {"idList": ["OPENVAS:1361412562310875458", "OPENVAS:1361412562310883045", "OPENVAS:1361412562310852305", "OPENVAS:1361412562310852327", "OPENVAS:1361412562310812678", "OPENVAS:1361412562310810127", "OPENVAS:1361412562310875952", "OPENVAS:1361412562310876300", "OPENVAS:1361412562310875460"], "type": "openvas"}, {"idList": ["ORACLELINUX_ELSA-2019-0818.NASL", "FEDORA_2019-164946AA7F.NASL", "REDHAT-RHSA-2019-0833.NASL", "CENTOS_RHSA-2019-0818.NASL", "ALA_ALAS-2019-1165.NASL", "REDHAT-RHSA-2019-0818.NASL", "AL2_ALAS-2019-1165.NASL", "SL_20190423_KERNEL_ON_SL7_X.NASL", "VIRTUOZZO_VZA-2017-004.NASL", "FEDORA_2019-3DA64F3E61.NASL"], "type": "nessus"}]}, "score": {"modified": "2019-12-13T06:25:39", "value": 7.5, "vector": "NONE"}}, "hash": "050e3cbbad8d57966095997cc9e90bc897d4a7e6073f02508b7e986677634b32", "hashmap": [{"hash": "ca242c4935f99fbfa5e3b1314b36f1a9", "key": "cpe"}, {"hash": "da686e737f501326a1f02a4a137deca6", "key": "sourceData"}, {"hash": "63a5abe4009475ad91d7968a03c76241", "key": "published"}, {"hash": "11426d38796b01509eda4b19dc12a01e", "key": "reporter"}, {"hash": "8a5e9c3430b33a01566e457cc0776216", "key": "cvelist"}, {"hash": "fef26c93da78369ef4fa36a5a1ae3607", "key": "title"}, {"hash": "4cac367be6dd8242802053610be9dee6", "key": "cvss"}, {"hash": "43f53bd712a56550759b0bb7821d53da", "key": "references"}, {"hash": "2be3803d1c39aa2a24b04fc9254270bb", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "2080b5fb4e23a49c522e5b32b0bc5477", "key": "pluginID"}, {"hash": "5a7504dfe859a7ccbaf560628f6442ad", "key": "modified"}, {"hash": "67933a273737791ab6f71e29a2605c31", "key": "naslFamily"}, {"hash": "8977b58ab2b29663d6b37e214cc18dcd", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/124953", "id": "EULEROS_SA-2019-1450.NASL", "lastseen": "2019-12-13T06:25:39", "modified": "2019-12-02T00:00:00", "naslFamily": "Huawei Local Security Checks", "objectVersion": "1.3", "pluginID": "124953", "published": "2019-05-14T00:00:00", "references": ["http://www.nessus.org/u?3d6cefe5"], "reporter": "This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124953);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/07/11 12:05:35\");\n\n script_cve_id(\n \"CVE-2016-3713\",\n \"CVE-2016-8630\",\n \"CVE-2017-1000252\",\n \"CVE-2017-17741\",\n \"CVE-2017-2583\",\n \"CVE-2017-2584\",\n \"CVE-2017-5715\",\n \"CVE-2017-7518\",\n \"CVE-2018-10853\",\n \"CVE-2018-3639\",\n \"CVE-2019-6974\",\n \"CVE-2019-7221\",\n \"CVE-2019-7222\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : kvm (EulerOS-SA-2019-1450)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kvm package installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in\n the Linux kernel before 4.6.1 supports MSR 0x2f8, which\n allows guest OS users to read or write to the\n kvm_arch_vcpu data structure, and consequently obtain\n sensitive information or cause a denial of service\n (system crash), via a crafted ioctl\n call.(CVE-2016-3713)\n\n - Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support is vulnerable to a null\n pointer dereference flaw. It could occur on x86\n platform, when emulating an undefined instruction. An\n attacker could use this flaw to crash the host kernel\n resulting in DoS.(CVE-2016-8630)\n\n - Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support was vulnerable to an\n incorrect segment selector(SS) value error. The error\n could occur while loading values into the SS register\n in long mode. A user or process inside a guest could\n use this flaw to crash the guest, resulting in DoS or\n potentially escalate their privileges inside the\n guest.(CVE-2017-2583)\n\n - arch/x86/kvm/emulate.c in the Linux kernel through\n 4.9.3 allows local users to obtain sensitive\n information from kernel memory or cause a denial of\n service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave,\n sgdt, and sidt.(CVE-2017-2584)\n\n - A reachable assertion failure flaw was found in the\n Linux kernel built with KVM virtualisation(CONFIG_KVM)\n support with Virtual Function I/O feature (CONFIG_VFIO)\n enabled. This failure could occur if a malicious guest\n device sent a virtual interrupt (guest IRQ) with a\n larger (>1024) index value.(CVE-2017-1000252)\n\n - An industry-wide issue was found in the way many modern\n microprocessor designs have implemented speculative\n execution of instructions (a commonly used performance\n optimization). There are three primary variants of the\n issue which differ in the way the speculative execution\n can be exploited. Variant CVE-2017-5715 triggers the\n speculative execution by utilizing branch target\n injection. It relies on the presence of a\n precisely-defined instruction sequence in the\n privileged code as well as the fact that memory\n accesses may cause allocation into the microprocessor's\n data cache even for speculatively executed instructions\n that never actually commit (retire). As a result, an\n unprivileged attacker could use this flaw to cross the\n syscall and guest/host boundaries and read privileged\n memory by conducting targeted cache side-channel\n attacks.(CVE-2017-5715)\n\n - A flaw was found in the way the Linux KVM module\n processed the trap flag(TF) bit in EFLAGS during\n emulation of the syscall instruction, which leads to a\n debug exception(#DB) being raised in the guest stack. A\n user/process inside a guest could use this flaw to\n potentially escalate their privileges inside the guest.\n Linux guests are not affected by this.(CVE-2017-7518)\n\n - Linux kernel compiled with the KVM virtualization\n (CONFIG_KVM) support is vulnerable to an out-of-bounds\n read access issue. It could occur when emulating vmcall\n instructions invoked by a guest. A guest user/process\n could use this flaw to disclose kernel memory\n bytes.(CVE-2017-17741)\n\n - Systems with microprocessors utilizing speculative\n execution and speculative execution of memory reads\n before the addresses of all prior memory writes are\n known may allow unauthorized disclosure of information\n to an attacker with local user access via a\n side-channel analysis, aka Speculative Store Bypass\n (SSB), Variant 4.(CVE-2018-3639)\n\n - kernel: kvm: guest userspace to guest kernel\n write(CVE-2018-10853)\n\n - In the Linux kernel before 4.20.8,\n kvm_ioctl_create_device in virt/kvm/kvm_main.c\n mishandles reference counting because of a race\n condition, leading to a use-after-free.(CVE-2019-6974)\n\n - The KVM implementation in the Linux kernel through\n 4.20.5 has an Information Leak.(CVE-2019-7222)\n\n - The KVM implementation in the Linux kernel through\n 4.20.5 has a Use-after-Free.(CVE-2019-7221)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1450\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3d6cefe5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kvm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kvm-4.4.11-30.011\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kvm\");\n}\n", "title": "EulerOS Virtualization 3.0.1.0 : kvm (EulerOS-SA-2019-1450)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified"], "edition": 3, "lastseen": "2019-12-13T06:25:39"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:huawei:euleros:uvp:3.0.1.0", "p-cpe:/a:huawei:euleros:kvm"], "cvelist": ["CVE-2019-7222", "CVE-2017-2584", "CVE-2017-17741", "CVE-2017-7518", "CVE-2018-10853", "CVE-2017-1000252", "CVE-2016-8630", "CVE-2017-2583", "CVE-2017-5715", "CVE-2019-7221", "CVE-2019-6974", "CVE-2018-3639", "CVE-2016-3713"], "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "description": "According to the versions of the kvm package installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in\n the Linux kernel before 4.6.1 supports MSR 0x2f8, which\n allows guest OS users to read or write to the\n kvm_arch_vcpu data structure, and consequently obtain\n sensitive information or cause a denial of service\n (system crash), via a crafted ioctl\n call.(CVE-2016-3713)\n\n - Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support is vulnerable to a null\n pointer dereference flaw. It could occur on x86\n platform, when emulating an undefined instruction. An\n attacker could use this flaw to crash the host kernel\n resulting in DoS.(CVE-2016-8630)\n\n - Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support was vulnerable to an\n incorrect segment selector(SS) value error. The error\n could occur while loading values into the SS register\n in long mode. A user or process inside a guest could\n use this flaw to crash the guest, resulting in DoS or\n potentially escalate their privileges inside the\n guest.(CVE-2017-2583)\n\n - arch/x86/kvm/emulate.c in the Linux kernel through\n 4.9.3 allows local users to obtain sensitive\n information from kernel memory or cause a denial of\n service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave,\n sgdt, and sidt.(CVE-2017-2584)\n\n - A reachable assertion failure flaw was found in the\n Linux kernel built with KVM virtualisation(CONFIG_KVM)\n support with Virtual Function I/O feature (CONFIG_VFIO)\n enabled. This failure could occur if a malicious guest\n device sent a virtual interrupt (guest IRQ) with a\n larger (>1024) index value.(CVE-2017-1000252)\n\n - An industry-wide issue was found in the way many modern\n microprocessor designs have implemented speculative\n execution of instructions (a commonly used performance\n optimization). There are three primary variants of the\n issue which differ in the way the speculative execution\n can be exploited. Variant CVE-2017-5715 triggers the\n speculative execution by utilizing branch target\n injection. It relies on the presence of a\n precisely-defined instruction sequence in the\n privileged code as well as the fact that memory\n accesses may cause allocation into the microprocessor", "edition": 2, "enchantments": {"dependencies": {"modified": "2019-11-01T02:06:28", "references": [{"idList": ["OPENVAS:1361412562310871927", "OPENVAS:1361412562310875458", "OPENVAS:1361412562310883045", "OPENVAS:1361412562310852305", "OPENVAS:1361412562310852327", "OPENVAS:1361412562310812678", "OPENVAS:1361412562310810127", "OPENVAS:1361412562310875952", "OPENVAS:1361412562310876300", "OPENVAS:1361412562310875460"], "type": "openvas"}, {"idList": ["F5:K29146534", "F5:K11186236", "F5:K81172534", "F5:K91229003", "F5:K08413011"], "type": "f5"}, {"idList": ["SMNTC-104232"], "type": "symantec"}, {"idList": ["CVE-2019-7222", "CVE-2017-2584", "CVE-2017-17741", "CVE-2017-7518", "CVE-2018-10853", "CVE-2017-1000252", "CVE-2016-8630", "CVE-2019-7221", "CVE-2019-6974", "CVE-2016-3713"], "type": "cve"}, {"idList": ["OPENSUSE-SU-2019:0274-1", "OPENSUSE-SU-2019:0203-1"], "type": "suse"}, {"idList": ["CESA-2019:0818"], "type": "centos"}, {"idList": ["ELSA-2019-0818", "ELSA-2019-4612"], "type": "oraclelinux"}, {"idList": ["EDB-ID:46388"], "type": "exploitdb"}, {"idList": ["VZA-2017-004", "VZA-2018-033", "VZA-2019-046", "VZA-2018-034", "VZA-2019-042", "VZA-2018-032", "VZA-2019-045"], "type": "virtuozzo"}, {"idList": ["ALAS-2019-1165"], "type": "amazon"}, {"idList": ["KB4467696", "KB4480975", "KB4284819", "KB4284860", "KB4467708", "KB4480970", "KB4284867", "KB4467702", "KB4284826", "KB4467691"], "type": "mskb"}, {"idList": ["RHSA-2018:1967", "RHSA-2019:0818", "RHSA-2019:0833"], "type": "redhat"}, {"idList": ["VARIANT4_ADVISORY.ASC"], "type": "aix"}, {"idList": ["ORACLELINUX_ELSA-2019-0818.NASL", "FEDORA_2019-164946AA7F.NASL", "REDHAT-RHSA-2019-0833.NASL", "CENTOS_RHSA-2019-0818.NASL", "ALA_ALAS-2019-1165.NASL", "REDHAT-RHSA-2019-0818.NASL", "AL2_ALAS-2019-1165.NASL", "SL_20190423_KERNEL_ON_SL7_X.NASL", "VIRTUOZZO_VZA-2017-004.NASL", "FEDORA_2019-3DA64F3E61.NASL"], "type": "nessus"}]}, "score": {"modified": "2019-11-01T02:06:28", "value": 7.2, "vector": "NONE"}}, "hash": "9c55495cada332d67bc360fa23c3cc544f1013c4c32d080a311325d66baba2ea", "hashmap": [{"hash": "ca242c4935f99fbfa5e3b1314b36f1a9", "key": "cpe"}, {"hash": "da686e737f501326a1f02a4a137deca6", "key": "sourceData"}, {"hash": "abcf9266f425f12dda38f529cd4a94bc", "key": "modified"}, {"hash": "63a5abe4009475ad91d7968a03c76241", "key": "published"}, {"hash": "11426d38796b01509eda4b19dc12a01e", "key": "reporter"}, {"hash": "8a5e9c3430b33a01566e457cc0776216", "key": "cvelist"}, {"hash": "fef26c93da78369ef4fa36a5a1ae3607", "key": "title"}, {"hash": "4cac367be6dd8242802053610be9dee6", "key": "cvss"}, {"hash": "43f53bd712a56550759b0bb7821d53da", "key": "references"}, {"hash": "2be3803d1c39aa2a24b04fc9254270bb", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "2080b5fb4e23a49c522e5b32b0bc5477", "key": "pluginID"}, {"hash": "67933a273737791ab6f71e29a2605c31", "key": "naslFamily"}, {"hash": "8977b58ab2b29663d6b37e214cc18dcd", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/124953", "id": "EULEROS_SA-2019-1450.NASL", "lastseen": "2019-11-01T02:06:28", "modified": "2019-11-02T00:00:00", "naslFamily": "Huawei Local Security Checks", "objectVersion": "1.3", "pluginID": "124953", "published": "2019-05-14T00:00:00", "references": ["http://www.nessus.org/u?3d6cefe5"], "reporter": "This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124953);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/07/11 12:05:35\");\n\n script_cve_id(\n \"CVE-2016-3713\",\n \"CVE-2016-8630\",\n \"CVE-2017-1000252\",\n \"CVE-2017-17741\",\n \"CVE-2017-2583\",\n \"CVE-2017-2584\",\n \"CVE-2017-5715\",\n \"CVE-2017-7518\",\n \"CVE-2018-10853\",\n \"CVE-2018-3639\",\n \"CVE-2019-6974\",\n \"CVE-2019-7221\",\n \"CVE-2019-7222\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : kvm (EulerOS-SA-2019-1450)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kvm package installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in\n the Linux kernel before 4.6.1 supports MSR 0x2f8, which\n allows guest OS users to read or write to the\n kvm_arch_vcpu data structure, and consequently obtain\n sensitive information or cause a denial of service\n (system crash), via a crafted ioctl\n call.(CVE-2016-3713)\n\n - Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support is vulnerable to a null\n pointer dereference flaw. It could occur on x86\n platform, when emulating an undefined instruction. An\n attacker could use this flaw to crash the host kernel\n resulting in DoS.(CVE-2016-8630)\n\n - Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support was vulnerable to an\n incorrect segment selector(SS) value error. The error\n could occur while loading values into the SS register\n in long mode. A user or process inside a guest could\n use this flaw to crash the guest, resulting in DoS or\n potentially escalate their privileges inside the\n guest.(CVE-2017-2583)\n\n - arch/x86/kvm/emulate.c in the Linux kernel through\n 4.9.3 allows local users to obtain sensitive\n information from kernel memory or cause a denial of\n service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave,\n sgdt, and sidt.(CVE-2017-2584)\n\n - A reachable assertion failure flaw was found in the\n Linux kernel built with KVM virtualisation(CONFIG_KVM)\n support with Virtual Function I/O feature (CONFIG_VFIO)\n enabled. This failure could occur if a malicious guest\n device sent a virtual interrupt (guest IRQ) with a\n larger (>1024) index value.(CVE-2017-1000252)\n\n - An industry-wide issue was found in the way many modern\n microprocessor designs have implemented speculative\n execution of instructions (a commonly used performance\n optimization). There are three primary variants of the\n issue which differ in the way the speculative execution\n can be exploited. Variant CVE-2017-5715 triggers the\n speculative execution by utilizing branch target\n injection. It relies on the presence of a\n precisely-defined instruction sequence in the\n privileged code as well as the fact that memory\n accesses may cause allocation into the microprocessor's\n data cache even for speculatively executed instructions\n that never actually commit (retire). As a result, an\n unprivileged attacker could use this flaw to cross the\n syscall and guest/host boundaries and read privileged\n memory by conducting targeted cache side-channel\n attacks.(CVE-2017-5715)\n\n - A flaw was found in the way the Linux KVM module\n processed the trap flag(TF) bit in EFLAGS during\n emulation of the syscall instruction, which leads to a\n debug exception(#DB) being raised in the guest stack. A\n user/process inside a guest could use this flaw to\n potentially escalate their privileges inside the guest.\n Linux guests are not affected by this.(CVE-2017-7518)\n\n - Linux kernel compiled with the KVM virtualization\n (CONFIG_KVM) support is vulnerable to an out-of-bounds\n read access issue. It could occur when emulating vmcall\n instructions invoked by a guest. A guest user/process\n could use this flaw to disclose kernel memory\n bytes.(CVE-2017-17741)\n\n - Systems with microprocessors utilizing speculative\n execution and speculative execution of memory reads\n before the addresses of all prior memory writes are\n known may allow unauthorized disclosure of information\n to an attacker with local user access via a\n side-channel analysis, aka Speculative Store Bypass\n (SSB), Variant 4.(CVE-2018-3639)\n\n - kernel: kvm: guest userspace to guest kernel\n write(CVE-2018-10853)\n\n - In the Linux kernel before 4.20.8,\n kvm_ioctl_create_device in virt/kvm/kvm_main.c\n mishandles reference counting because of a race\n condition, leading to a use-after-free.(CVE-2019-6974)\n\n - The KVM implementation in the Linux kernel through\n 4.20.5 has an Information Leak.(CVE-2019-7222)\n\n - The KVM implementation in the Linux kernel through\n 4.20.5 has a Use-after-Free.(CVE-2019-7221)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1450\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3d6cefe5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kvm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kvm-4.4.11-30.011\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kvm\");\n}\n", "title": "EulerOS Virtualization 3.0.1.0 : kvm (EulerOS-SA-2019-1450)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified"], "edition": 2, "lastseen": "2019-11-01T02:06:28"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:huawei:euleros:uvp:3.0.1.0", "p-cpe:/a:huawei:euleros:kvm"], "cvelist": ["CVE-2019-7222", "CVE-2017-2584", "CVE-2017-17741", "CVE-2017-7518", "CVE-2018-10853", "CVE-2017-1000252", "CVE-2016-8630", "CVE-2017-2583", "CVE-2017-5715", "CVE-2019-7221", "CVE-2019-6974", "CVE-2018-3639", "CVE-2016-3713"], "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "description": "According to the versions of the kvm package installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in\n the Linux kernel before 4.6.1 supports MSR 0x2f8, which\n allows guest OS users to read or write to the\n kvm_arch_vcpu data structure, and consequently obtain\n sensitive information or cause a denial of service\n (system crash), via a crafted ioctl\n call.(CVE-2016-3713)\n\n - Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support is vulnerable to a null\n pointer dereference flaw. It could occur on x86\n platform, when emulating an undefined instruction. An\n attacker could use this flaw to crash the host kernel\n resulting in DoS.(CVE-2016-8630)\n\n - Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support was vulnerable to an\n incorrect segment selector(SS) value error. The error\n could occur while loading values into the SS register\n in long mode. A user or process inside a guest could\n use this flaw to crash the guest, resulting in DoS or\n potentially escalate their privileges inside the\n guest.(CVE-2017-2583)\n\n - arch/x86/kvm/emulate.c in the Linux kernel through\n 4.9.3 allows local users to obtain sensitive\n information from kernel memory or cause a denial of\n service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave,\n sgdt, and sidt.(CVE-2017-2584)\n\n - A reachable assertion failure flaw was found in the\n Linux kernel built with KVM virtualisation(CONFIG_KVM)\n support with Virtual Function I/O feature (CONFIG_VFIO)\n enabled. This failure could occur if a malicious guest\n device sent a virtual interrupt (guest IRQ) with a\n larger (>1024) index value.(CVE-2017-1000252)\n\n - An industry-wide issue was found in the way many modern\n microprocessor designs have implemented speculative\n execution of instructions (a commonly used performance\n optimization). There are three primary variants of the\n issue which differ in the way the speculative execution\n can be exploited. Variant CVE-2017-5715 triggers the\n speculative execution by utilizing branch target\n injection. It relies on the presence of a\n precisely-defined instruction sequence in the\n privileged code as well as the fact that memory\n accesses may cause allocation into the microprocessor", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-01-01T06:26:26", "references": [{"idList": ["OPENVAS:1361412562310871927", "OPENVAS:1361412562310875458", "OPENVAS:1361412562310883045", "OPENVAS:1361412562310852305", "OPENVAS:1361412562310852327", "OPENVAS:1361412562310812678", "OPENVAS:1361412562310810127", "OPENVAS:1361412562310875952", "OPENVAS:1361412562310876300", "OPENVAS:1361412562310875460"], "type": "openvas"}, {"idList": ["F5:K29146534", "F5:K11186236", "F5:K81172534", "F5:K91229003", "F5:K08413011"], "type": "f5"}, {"idList": ["SMNTC-104232"], "type": "symantec"}, {"idList": ["CVE-2019-7222", "CVE-2017-2584", "CVE-2017-17741", "CVE-2017-7518", "CVE-2018-10853", "CVE-2017-1000252", "CVE-2016-8630", "CVE-2019-7221", "CVE-2019-6974", "CVE-2016-3713"], "type": "cve"}, {"idList": ["OPENSUSE-SU-2019:0274-1", "OPENSUSE-SU-2019:0203-1"], "type": "suse"}, {"idList": ["CESA-2019:0818"], "type": "centos"}, {"idList": ["ELSA-2019-0818", "ELSA-2019-4612"], "type": "oraclelinux"}, {"idList": ["EDB-ID:46388"], "type": "exploitdb"}, {"idList": ["VZA-2017-004", "VZA-2018-033", "VZA-2019-046", "VZA-2018-034", "VZA-2019-042", "VZA-2018-032", "VZA-2019-045"], "type": "virtuozzo"}, {"idList": ["ALAS-2019-1165"], "type": "amazon"}, {"idList": ["RHSA-2018:1967", "RHSA-2019:0818", "RHSA-2019:0833"], "type": "redhat"}, {"idList": ["KB4284880", "KB4284819", "KB4284860", "KB4467708", "KB4480970", "KB4284867", "KB4480960", "KB4480957", "KB4284826", "KB4467691"], "type": "mskb"}, {"idList": ["VARIANT4_ADVISORY.ASC"], "type": "aix"}, {"idList": ["ORACLELINUX_ELSA-2019-0818.NASL", "FEDORA_2019-164946AA7F.NASL", "REDHAT-RHSA-2019-0833.NASL", "CENTOS_RHSA-2019-0818.NASL", "ALA_ALAS-2019-1165.NASL", "REDHAT-RHSA-2019-0818.NASL", "AL2_ALAS-2019-1165.NASL", "SL_20190423_KERNEL_ON_SL7_X.NASL", "VIRTUOZZO_VZA-2017-004.NASL", "FEDORA_2019-3DA64F3E61.NASL"], "type": "nessus"}]}, "score": {"modified": "2020-01-01T06:26:26", "value": 7.2, "vector": "NONE"}}, "hash": "d90598c5de3d2db19184ac4767466fe23c284c1d99683d0a9189df9097f9a4b4", "hashmap": [{"hash": "ca242c4935f99fbfa5e3b1314b36f1a9", "key": "cpe"}, {"hash": "da686e737f501326a1f02a4a137deca6", "key": "sourceData"}, {"hash": "63a5abe4009475ad91d7968a03c76241", "key": "published"}, {"hash": "11426d38796b01509eda4b19dc12a01e", "key": "reporter"}, {"hash": "8a5e9c3430b33a01566e457cc0776216", "key": "cvelist"}, {"hash": "2249940a684898a70237266de5d6dd6c", "key": "modified"}, {"hash": "fef26c93da78369ef4fa36a5a1ae3607", "key": "title"}, {"hash": "4cac367be6dd8242802053610be9dee6", "key": "cvss"}, {"hash": "43f53bd712a56550759b0bb7821d53da", "key": "references"}, {"hash": "2be3803d1c39aa2a24b04fc9254270bb", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "2080b5fb4e23a49c522e5b32b0bc5477", "key": "pluginID"}, {"hash": "67933a273737791ab6f71e29a2605c31", "key": "naslFamily"}, {"hash": "8977b58ab2b29663d6b37e214cc18dcd", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/124953", "id": "EULEROS_SA-2019-1450.NASL", "lastseen": "2020-01-01T06:26:26", "modified": "2020-01-02T00:00:00", "naslFamily": "Huawei Local Security Checks", "objectVersion": "1.3", "pluginID": "124953", "published": "2019-05-14T00:00:00", "references": ["http://www.nessus.org/u?3d6cefe5"], "reporter": "This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124953);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/07/11 12:05:35\");\n\n script_cve_id(\n \"CVE-2016-3713\",\n \"CVE-2016-8630\",\n \"CVE-2017-1000252\",\n \"CVE-2017-17741\",\n \"CVE-2017-2583\",\n \"CVE-2017-2584\",\n \"CVE-2017-5715\",\n \"CVE-2017-7518\",\n \"CVE-2018-10853\",\n \"CVE-2018-3639\",\n \"CVE-2019-6974\",\n \"CVE-2019-7221\",\n \"CVE-2019-7222\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : kvm (EulerOS-SA-2019-1450)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kvm package installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in\n the Linux kernel before 4.6.1 supports MSR 0x2f8, which\n allows guest OS users to read or write to the\n kvm_arch_vcpu data structure, and consequently obtain\n sensitive information or cause a denial of service\n (system crash), via a crafted ioctl\n call.(CVE-2016-3713)\n\n - Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support is vulnerable to a null\n pointer dereference flaw. It could occur on x86\n platform, when emulating an undefined instruction. An\n attacker could use this flaw to crash the host kernel\n resulting in DoS.(CVE-2016-8630)\n\n - Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support was vulnerable to an\n incorrect segment selector(SS) value error. The error\n could occur while loading values into the SS register\n in long mode. A user or process inside a guest could\n use this flaw to crash the guest, resulting in DoS or\n potentially escalate their privileges inside the\n guest.(CVE-2017-2583)\n\n - arch/x86/kvm/emulate.c in the Linux kernel through\n 4.9.3 allows local users to obtain sensitive\n information from kernel memory or cause a denial of\n service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave,\n sgdt, and sidt.(CVE-2017-2584)\n\n - A reachable assertion failure flaw was found in the\n Linux kernel built with KVM virtualisation(CONFIG_KVM)\n support with Virtual Function I/O feature (CONFIG_VFIO)\n enabled. This failure could occur if a malicious guest\n device sent a virtual interrupt (guest IRQ) with a\n larger (>1024) index value.(CVE-2017-1000252)\n\n - An industry-wide issue was found in the way many modern\n microprocessor designs have implemented speculative\n execution of instructions (a commonly used performance\n optimization). There are three primary variants of the\n issue which differ in the way the speculative execution\n can be exploited. Variant CVE-2017-5715 triggers the\n speculative execution by utilizing branch target\n injection. It relies on the presence of a\n precisely-defined instruction sequence in the\n privileged code as well as the fact that memory\n accesses may cause allocation into the microprocessor's\n data cache even for speculatively executed instructions\n that never actually commit (retire). As a result, an\n unprivileged attacker could use this flaw to cross the\n syscall and guest/host boundaries and read privileged\n memory by conducting targeted cache side-channel\n attacks.(CVE-2017-5715)\n\n - A flaw was found in the way the Linux KVM module\n processed the trap flag(TF) bit in EFLAGS during\n emulation of the syscall instruction, which leads to a\n debug exception(#DB) being raised in the guest stack. A\n user/process inside a guest could use this flaw to\n potentially escalate their privileges inside the guest.\n Linux guests are not affected by this.(CVE-2017-7518)\n\n - Linux kernel compiled with the KVM virtualization\n (CONFIG_KVM) support is vulnerable to an out-of-bounds\n read access issue. It could occur when emulating vmcall\n instructions invoked by a guest. A guest user/process\n could use this flaw to disclose kernel memory\n bytes.(CVE-2017-17741)\n\n - Systems with microprocessors utilizing speculative\n execution and speculative execution of memory reads\n before the addresses of all prior memory writes are\n known may allow unauthorized disclosure of information\n to an attacker with local user access via a\n side-channel analysis, aka Speculative Store Bypass\n (SSB), Variant 4.(CVE-2018-3639)\n\n - kernel: kvm: guest userspace to guest kernel\n write(CVE-2018-10853)\n\n - In the Linux kernel before 4.20.8,\n kvm_ioctl_create_device in virt/kvm/kvm_main.c\n mishandles reference counting because of a race\n condition, leading to a use-after-free.(CVE-2019-6974)\n\n - The KVM implementation in the Linux kernel through\n 4.20.5 has an Information Leak.(CVE-2019-7222)\n\n - The KVM implementation in the Linux kernel through\n 4.20.5 has a Use-after-Free.(CVE-2019-7221)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1450\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3d6cefe5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kvm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kvm-4.4.11-30.011\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kvm\");\n}\n", "title": "EulerOS Virtualization 3.0.1.0 : kvm (EulerOS-SA-2019-1450)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified"], "edition": 4, "lastseen": "2020-01-01T06:26:26"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:huawei:euleros:uvp:3.0.1.0", "p-cpe:/a:huawei:euleros:kvm"], "cvelist": ["CVE-2019-7222", "CVE-2017-2584", "CVE-2017-17741", "CVE-2017-7518", "CVE-2018-10853", "CVE-2017-1000252", "CVE-2016-8630", "CVE-2017-2583", "CVE-2017-5715", "CVE-2019-7221", "CVE-2019-6974", "CVE-2018-3639", "CVE-2016-3713"], "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "description": "According to the versions of the kvm package installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in\n the Linux kernel before 4.6.1 supports MSR 0x2f8, which\n allows guest OS users to read or write to the\n kvm_arch_vcpu data structure, and consequently obtain\n sensitive information or cause a denial of service\n (system crash), via a crafted ioctl\n call.(CVE-2016-3713)\n\n - Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support is vulnerable to a null\n pointer dereference flaw. It could occur on x86\n platform, when emulating an undefined instruction. An\n attacker could use this flaw to crash the host kernel\n resulting in DoS.(CVE-2016-8630)\n\n - Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support was vulnerable to an\n incorrect segment selector(SS) value error. The error\n could occur while loading values into the SS register\n in long mode. A user or process inside a guest could\n use this flaw to crash the guest, resulting in DoS or\n potentially escalate their privileges inside the\n guest.(CVE-2017-2583)\n\n - arch/x86/kvm/emulate.c in the Linux kernel through\n 4.9.3 allows local users to obtain sensitive\n information from kernel memory or cause a denial of\n service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave,\n sgdt, and sidt.(CVE-2017-2584)\n\n - A reachable assertion failure flaw was found in the\n Linux kernel built with KVM virtualisation(CONFIG_KVM)\n support with Virtual Function I/O feature (CONFIG_VFIO)\n enabled. This failure could occur if a malicious guest\n device sent a virtual interrupt (guest IRQ) with a\n larger (>1024) index value.(CVE-2017-1000252)\n\n - An industry-wide issue was found in the way many modern\n microprocessor designs have implemented speculative\n execution of instructions (a commonly used performance\n optimization). There are three primary variants of the\n issue which differ in the way the speculative execution\n can be exploited. Variant CVE-2017-5715 triggers the\n speculative execution by utilizing branch target\n injection. It relies on the presence of a\n precisely-defined instruction sequence in the\n privileged code as well as the fact that memory\n accesses may cause allocation into the microprocessor", "edition": 6, "enchantments": {"dependencies": {"modified": "2020-03-17T22:31:23", "references": [{"idList": ["KB4284819", "KB4284860", "KB4467708", "KB4480970", "KB4284867", "KB4467702", "KB4284826", "KB4480972", "KB4467686", "KB4467691"], "type": "mskb"}, {"idList": ["F5:K29146534", "F5:K11186236", "F5:K81172534", "F5:K91229003", "F5:K08413011"], "type": "f5"}, {"idList": ["SMNTC-104232"], "type": "symantec"}, {"idList": ["CVE-2019-7222", "CVE-2017-2584", "CVE-2017-17741", "CVE-2017-7518", "CVE-2018-10853", "CVE-2017-1000252", "CVE-2016-8630", "CVE-2019-7221", "CVE-2019-6974", "CVE-2016-3713"], "type": "cve"}, {"idList": ["OPENSUSE-SU-2019:0274-1", "OPENSUSE-SU-2019:0203-1"], "type": "suse"}, {"idList": ["RHSA-2020:0103", "RHSA-2018:1967", "RHSA-2019:0818", "RHSA-2019:0833"], "type": "redhat"}, {"idList": ["CESA-2019:0818"], "type": "centos"}, {"idList": ["ELSA-2019-0818", "ELSA-2019-4612"], "type": "oraclelinux"}, {"idList": ["EDB-ID:46388"], "type": "exploitdb"}, {"idList": ["FEDORA_2019-164946AA7F.NASL", "REDHAT-RHSA-2019-0833.NASL", "CENTOS_RHSA-2019-0818.NASL", "ALA_ALAS-2019-1165.NASL", "REDHAT-RHSA-2019-0818.NASL", "VIRTUOZZO_VZA-2019-046.NASL", "VIRTUOZZO_VZA-2019-045.NASL", "AL2_ALAS-2019-1165.NASL", "SL_20190423_KERNEL_ON_SL7_X.NASL", "FEDORA_2019-3DA64F3E61.NASL"], "type": "nessus"}, {"idList": ["VZA-2017-004", "VZA-2018-033", "VZA-2019-046", "VZA-2018-034", "VZA-2019-042", "VZA-2018-032", "VZA-2019-045"], "type": "virtuozzo"}, {"idList": ["ALAS-2019-1165"], "type": "amazon"}, {"idList": ["OPENVAS:1361412562310875458", "OPENVAS:1361412562310883045", "OPENVAS:1361412562311220191450", "OPENVAS:1361412562310852305", "OPENVAS:1361412562310852327", "OPENVAS:1361412562310812678", "OPENVAS:1361412562310810127", "OPENVAS:1361412562310875952", "OPENVAS:1361412562310876300", "OPENVAS:1361412562310875460"], "type": "openvas"}, {"idList": ["VARIANT4_ADVISORY.ASC"], "type": "aix"}]}, "score": {"modified": "2020-03-17T22:31:23", "value": 7.2, "vector": "NONE"}}, "hash": "74444b8a7559beded48806850885bfa61979fb1f3c9e196239b31249694f4b73", "hashmap": [{"hash": "af24fd3fdacb4d500ae9d1e724743016", "key": "modified"}, {"hash": "ca242c4935f99fbfa5e3b1314b36f1a9", "key": "cpe"}, {"hash": "da686e737f501326a1f02a4a137deca6", "key": "sourceData"}, {"hash": "63a5abe4009475ad91d7968a03c76241", "key": "published"}, {"hash": "11426d38796b01509eda4b19dc12a01e", "key": "reporter"}, {"hash": "8a5e9c3430b33a01566e457cc0776216", "key": "cvelist"}, {"hash": "fef26c93da78369ef4fa36a5a1ae3607", "key": "title"}, {"hash": "4cac367be6dd8242802053610be9dee6", "key": "cvss"}, {"hash": "43f53bd712a56550759b0bb7821d53da", "key": "references"}, {"hash": "2be3803d1c39aa2a24b04fc9254270bb", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "2080b5fb4e23a49c522e5b32b0bc5477", "key": "pluginID"}, {"hash": "e2e48fff8027dd7f057a1725e5ba37c8", "key": "cvss3"}, {"hash": "67933a273737791ab6f71e29a2605c31", "key": "naslFamily"}, {"hash": "8977b58ab2b29663d6b37e214cc18dcd", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/124953", "id": "EULEROS_SA-2019-1450.NASL", "lastseen": "2020-03-17T22:31:23", "modified": "2020-03-02T00:00:00", "naslFamily": "Huawei Local Security Checks", "objectVersion": "1.3", "pluginID": "124953", "published": "2019-05-14T00:00:00", "references": ["http://www.nessus.org/u?3d6cefe5"], "reporter": "This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124953);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/07/11 12:05:35\");\n\n script_cve_id(\n \"CVE-2016-3713\",\n \"CVE-2016-8630\",\n \"CVE-2017-1000252\",\n \"CVE-2017-17741\",\n \"CVE-2017-2583\",\n \"CVE-2017-2584\",\n \"CVE-2017-5715\",\n \"CVE-2017-7518\",\n \"CVE-2018-10853\",\n \"CVE-2018-3639\",\n \"CVE-2019-6974\",\n \"CVE-2019-7221\",\n \"CVE-2019-7222\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : kvm (EulerOS-SA-2019-1450)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kvm package installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in\n the Linux kernel before 4.6.1 supports MSR 0x2f8, which\n allows guest OS users to read or write to the\n kvm_arch_vcpu data structure, and consequently obtain\n sensitive information or cause a denial of service\n (system crash), via a crafted ioctl\n call.(CVE-2016-3713)\n\n - Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support is vulnerable to a null\n pointer dereference flaw. It could occur on x86\n platform, when emulating an undefined instruction. An\n attacker could use this flaw to crash the host kernel\n resulting in DoS.(CVE-2016-8630)\n\n - Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support was vulnerable to an\n incorrect segment selector(SS) value error. The error\n could occur while loading values into the SS register\n in long mode. A user or process inside a guest could\n use this flaw to crash the guest, resulting in DoS or\n potentially escalate their privileges inside the\n guest.(CVE-2017-2583)\n\n - arch/x86/kvm/emulate.c in the Linux kernel through\n 4.9.3 allows local users to obtain sensitive\n information from kernel memory or cause a denial of\n service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave,\n sgdt, and sidt.(CVE-2017-2584)\n\n - A reachable assertion failure flaw was found in the\n Linux kernel built with KVM virtualisation(CONFIG_KVM)\n support with Virtual Function I/O feature (CONFIG_VFIO)\n enabled. This failure could occur if a malicious guest\n device sent a virtual interrupt (guest IRQ) with a\n larger (>1024) index value.(CVE-2017-1000252)\n\n - An industry-wide issue was found in the way many modern\n microprocessor designs have implemented speculative\n execution of instructions (a commonly used performance\n optimization). There are three primary variants of the\n issue which differ in the way the speculative execution\n can be exploited. Variant CVE-2017-5715 triggers the\n speculative execution by utilizing branch target\n injection. It relies on the presence of a\n precisely-defined instruction sequence in the\n privileged code as well as the fact that memory\n accesses may cause allocation into the microprocessor's\n data cache even for speculatively executed instructions\n that never actually commit (retire). As a result, an\n unprivileged attacker could use this flaw to cross the\n syscall and guest/host boundaries and read privileged\n memory by conducting targeted cache side-channel\n attacks.(CVE-2017-5715)\n\n - A flaw was found in the way the Linux KVM module\n processed the trap flag(TF) bit in EFLAGS during\n emulation of the syscall instruction, which leads to a\n debug exception(#DB) being raised in the guest stack. A\n user/process inside a guest could use this flaw to\n potentially escalate their privileges inside the guest.\n Linux guests are not affected by this.(CVE-2017-7518)\n\n - Linux kernel compiled with the KVM virtualization\n (CONFIG_KVM) support is vulnerable to an out-of-bounds\n read access issue. It could occur when emulating vmcall\n instructions invoked by a guest. A guest user/process\n could use this flaw to disclose kernel memory\n bytes.(CVE-2017-17741)\n\n - Systems with microprocessors utilizing speculative\n execution and speculative execution of memory reads\n before the addresses of all prior memory writes are\n known may allow unauthorized disclosure of information\n to an attacker with local user access via a\n side-channel analysis, aka Speculative Store Bypass\n (SSB), Variant 4.(CVE-2018-3639)\n\n - kernel: kvm: guest userspace to guest kernel\n write(CVE-2018-10853)\n\n - In the Linux kernel before 4.20.8,\n kvm_ioctl_create_device in virt/kvm/kvm_main.c\n mishandles reference counting because of a race\n condition, leading to a use-after-free.(CVE-2019-6974)\n\n - The KVM implementation in the Linux kernel through\n 4.20.5 has an Information Leak.(CVE-2019-7222)\n\n - The KVM implementation in the Linux kernel through\n 4.20.5 has a Use-after-Free.(CVE-2019-7221)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1450\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3d6cefe5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kvm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kvm-4.4.11-30.011\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kvm\");\n}\n", "title": "EulerOS Virtualization 3.0.1.0 : kvm (EulerOS-SA-2019-1450)", "type": "nessus", "viewCount": 0}, "differentElements": ["description", "reporter", "modified", "sourceData"], "edition": 6, "lastseen": "2020-03-17T22:31:23"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:huawei:euleros:uvp:3.0.1.0", "p-cpe:/a:huawei:euleros:kvm"], "cvelist": ["CVE-2019-7222", "CVE-2017-2584", "CVE-2017-17741", "CVE-2017-7518", "CVE-2018-10853", "CVE-2017-1000252", "CVE-2016-8630", "CVE-2017-2583", "CVE-2017-5715", "CVE-2019-7221", "CVE-2019-6974", "CVE-2018-3639", "CVE-2016-3713"], "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "description": "According to the versions of the kvm package installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in\n the Linux kernel before 4.6.1 supports MSR 0x2f8, which\n allows guest OS users to read or write to the\n kvm_arch_vcpu data structure, and consequently obtain\n sensitive information or cause a denial of service\n (system crash), via a crafted ioctl\n call.(CVE-2016-3713)\n\n - Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support is vulnerable to a null\n pointer dereference flaw. It could occur on x86\n platform, when emulating an undefined instruction. An\n attacker could use this flaw to crash the host kernel\n resulting in DoS.(CVE-2016-8630)\n\n - Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support was vulnerable to an\n incorrect segment selector(SS) value error. The error\n could occur while loading values into the SS register\n in long mode. A user or process inside a guest could\n use this flaw to crash the guest, resulting in DoS or\n potentially escalate their privileges inside the\n guest.(CVE-2017-2583)\n\n - arch/x86/kvm/emulate.c in the Linux kernel through\n 4.9.3 allows local users to obtain sensitive\n information from kernel memory or cause a denial of\n service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave,\n sgdt, and sidt.(CVE-2017-2584)\n\n - A reachable assertion failure flaw was found in the\n Linux kernel built with KVM virtualisation(CONFIG_KVM)\n support with Virtual Function I/O feature (CONFIG_VFIO)\n enabled. This failure could occur if a malicious guest\n device sent a virtual interrupt (guest IRQ) with a\n larger (>1024) index value.(CVE-2017-1000252)\n\n - An industry-wide issue was found in the way many modern\n microprocessor designs have implemented speculative\n execution of instructions (a commonly used performance\n optimization). There are three primary variants of the\n issue which differ in the way the speculative execution\n can be exploited. Variant CVE-2017-5715 triggers the\n speculative execution by utilizing branch target\n injection. It relies on the presence of a\n precisely-defined instruction sequence in the\n privileged code as well as the fact that memory\n accesses may cause allocation into the microprocessor", "edition": 1, "enchantments": {"dependencies": {"modified": "2019-10-28T19:52:25", "references": [{"idList": ["OPENVAS:1361412562310871927", "OPENVAS:1361412562310875458", "OPENVAS:1361412562310883045", "OPENVAS:1361412562310852305", "OPENVAS:1361412562310852327", "OPENVAS:1361412562310812678", "OPENVAS:1361412562310810127", "OPENVAS:1361412562310875952", "OPENVAS:1361412562310876300", "OPENVAS:1361412562310875460"], "type": "openvas"}, {"idList": ["F5:K29146534", "F5:K11186236", "F5:K81172534", "F5:K91229003", "F5:K08413011"], "type": "f5"}, {"idList": ["SMNTC-104232"], "type": "symantec"}, {"idList": ["CVE-2019-7222", "CVE-2017-2584", "CVE-2017-17741", "CVE-2017-7518", "CVE-2018-10853", "CVE-2017-1000252", "CVE-2016-8630", "CVE-2019-7221", "CVE-2019-6974", "CVE-2016-3713"], "type": "cve"}, {"idList": ["OPENSUSE-SU-2019:0274-1", "OPENSUSE-SU-2019:0203-1"], "type": "suse"}, {"idList": ["KB4284819", "KB4284860", "KB4467708", "KB4480970", "KB4284867", "KB4480960", "KB4467680", "KB4284826", "KB4480968", "KB4467691"], "type": "mskb"}, {"idList": ["CESA-2019:0818"], "type": "centos"}, {"idList": ["ELSA-2019-0818", "ELSA-2019-4612"], "type": "oraclelinux"}, {"idList": ["EDB-ID:46388"], "type": "exploitdb"}, {"idList": ["ALAS-2019-1165"], "type": "amazon"}, {"idList": ["RHSA-2018:1967", "RHSA-2019:0818", "RHSA-2019:0833"], "type": "redhat"}, {"idList": ["VARIANT4_ADVISORY.ASC"], "type": "aix"}, {"idList": ["1337DAY-ID-32199"], "type": "zdt"}, {"idList": ["ORACLELINUX_ELSA-2019-0818.NASL", "FEDORA_2019-164946AA7F.NASL", "REDHAT-RHSA-2019-0833.NASL", "CENTOS_RHSA-2019-0818.NASL", "ALA_ALAS-2019-1165.NASL", "REDHAT-RHSA-2019-0818.NASL", "AL2_ALAS-2019-1165.NASL", "SL_20190423_KERNEL_ON_SL7_X.NASL", "VIRTUOZZO_VZA-2017-004.NASL", "FEDORA_2019-3DA64F3E61.NASL"], "type": "nessus"}]}, "score": {"modified": "2019-10-28T19:52:25", "value": 7.5, "vector": "NONE"}}, "hash": "d5ad723c5f8dc65985a72a464cbfbfd0631cc1109995085734c624d2d33336d6", "hashmap": [{"hash": "ca242c4935f99fbfa5e3b1314b36f1a9", "key": "cpe"}, {"hash": "da686e737f501326a1f02a4a137deca6", "key": "sourceData"}, {"hash": "63a5abe4009475ad91d7968a03c76241", "key": "published"}, {"hash": "11426d38796b01509eda4b19dc12a01e", "key": "reporter"}, {"hash": "8a5e9c3430b33a01566e457cc0776216", "key": "cvelist"}, {"hash": "fef26c93da78369ef4fa36a5a1ae3607", "key": "title"}, {"hash": "4cac367be6dd8242802053610be9dee6", "key": "cvss"}, {"hash": "43f53bd712a56550759b0bb7821d53da", "key": "references"}, {"hash": "2be3803d1c39aa2a24b04fc9254270bb", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0bafb6325bcaf483a25404f785191cc5", "key": "modified"}, {"hash": "2080b5fb4e23a49c522e5b32b0bc5477", "key": "pluginID"}, {"hash": "67933a273737791ab6f71e29a2605c31", "key": "naslFamily"}, {"hash": "8977b58ab2b29663d6b37e214cc18dcd", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/124953", "id": "EULEROS_SA-2019-1450.NASL", "lastseen": "2019-10-28T19:52:25", "modified": "2019-10-02T00:00:00", "naslFamily": "Huawei Local Security Checks", "objectVersion": "1.3", "pluginID": "124953", "published": "2019-05-14T00:00:00", "references": ["http://www.nessus.org/u?3d6cefe5"], "reporter": "This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124953);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/07/11 12:05:35\");\n\n script_cve_id(\n \"CVE-2016-3713\",\n \"CVE-2016-8630\",\n \"CVE-2017-1000252\",\n \"CVE-2017-17741\",\n \"CVE-2017-2583\",\n \"CVE-2017-2584\",\n \"CVE-2017-5715\",\n \"CVE-2017-7518\",\n \"CVE-2018-10853\",\n \"CVE-2018-3639\",\n \"CVE-2019-6974\",\n \"CVE-2019-7221\",\n \"CVE-2019-7222\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : kvm (EulerOS-SA-2019-1450)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kvm package installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in\n the Linux kernel before 4.6.1 supports MSR 0x2f8, which\n allows guest OS users to read or write to the\n kvm_arch_vcpu data structure, and consequently obtain\n sensitive information or cause a denial of service\n (system crash), via a crafted ioctl\n call.(CVE-2016-3713)\n\n - Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support is vulnerable to a null\n pointer dereference flaw. It could occur on x86\n platform, when emulating an undefined instruction. An\n attacker could use this flaw to crash the host kernel\n resulting in DoS.(CVE-2016-8630)\n\n - Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support was vulnerable to an\n incorrect segment selector(SS) value error. The error\n could occur while loading values into the SS register\n in long mode. A user or process inside a guest could\n use this flaw to crash the guest, resulting in DoS or\n potentially escalate their privileges inside the\n guest.(CVE-2017-2583)\n\n - arch/x86/kvm/emulate.c in the Linux kernel through\n 4.9.3 allows local users to obtain sensitive\n information from kernel memory or cause a denial of\n service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave,\n sgdt, and sidt.(CVE-2017-2584)\n\n - A reachable assertion failure flaw was found in the\n Linux kernel built with KVM virtualisation(CONFIG_KVM)\n support with Virtual Function I/O feature (CONFIG_VFIO)\n enabled. This failure could occur if a malicious guest\n device sent a virtual interrupt (guest IRQ) with a\n larger (>1024) index value.(CVE-2017-1000252)\n\n - An industry-wide issue was found in the way many modern\n microprocessor designs have implemented speculative\n execution of instructions (a commonly used performance\n optimization). There are three primary variants of the\n issue which differ in the way the speculative execution\n can be exploited. Variant CVE-2017-5715 triggers the\n speculative execution by utilizing branch target\n injection. It relies on the presence of a\n precisely-defined instruction sequence in the\n privileged code as well as the fact that memory\n accesses may cause allocation into the microprocessor's\n data cache even for speculatively executed instructions\n that never actually commit (retire). As a result, an\n unprivileged attacker could use this flaw to cross the\n syscall and guest/host boundaries and read privileged\n memory by conducting targeted cache side-channel\n attacks.(CVE-2017-5715)\n\n - A flaw was found in the way the Linux KVM module\n processed the trap flag(TF) bit in EFLAGS during\n emulation of the syscall instruction, which leads to a\n debug exception(#DB) being raised in the guest stack. A\n user/process inside a guest could use this flaw to\n potentially escalate their privileges inside the guest.\n Linux guests are not affected by this.(CVE-2017-7518)\n\n - Linux kernel compiled with the KVM virtualization\n (CONFIG_KVM) support is vulnerable to an out-of-bounds\n read access issue. It could occur when emulating vmcall\n instructions invoked by a guest. A guest user/process\n could use this flaw to disclose kernel memory\n bytes.(CVE-2017-17741)\n\n - Systems with microprocessors utilizing speculative\n execution and speculative execution of memory reads\n before the addresses of all prior memory writes are\n known may allow unauthorized disclosure of information\n to an attacker with local user access via a\n side-channel analysis, aka Speculative Store Bypass\n (SSB), Variant 4.(CVE-2018-3639)\n\n - kernel: kvm: guest userspace to guest kernel\n write(CVE-2018-10853)\n\n - In the Linux kernel before 4.20.8,\n kvm_ioctl_create_device in virt/kvm/kvm_main.c\n mishandles reference counting because of a race\n condition, leading to a use-after-free.(CVE-2019-6974)\n\n - The KVM implementation in the Linux kernel through\n 4.20.5 has an Information Leak.(CVE-2019-7222)\n\n - The KVM implementation in the Linux kernel through\n 4.20.5 has a Use-after-Free.(CVE-2019-7221)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1450\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3d6cefe5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kvm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kvm-4.4.11-30.011\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kvm\");\n}\n", "title": "EulerOS Virtualization 3.0.1.0 : kvm (EulerOS-SA-2019-1450)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified"], "edition": 1, "lastseen": "2019-10-28T19:52:25"}], "edition": 7, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "ca242c4935f99fbfa5e3b1314b36f1a9"}, {"key": "cvelist", "hash": "8a5e9c3430b33a01566e457cc0776216"}, {"key": "cvss", "hash": "4cac367be6dd8242802053610be9dee6"}, {"key": "cvss3", "hash": "e2e48fff8027dd7f057a1725e5ba37c8"}, {"key": "description", "hash": "1e967b1cb579d35afd1f41e6426060e4"}, {"key": "href", "hash": "2be3803d1c39aa2a24b04fc9254270bb"}, {"key": "modified", "hash": "63a5abe4009475ad91d7968a03c76241"}, {"key": "naslFamily", "hash": "67933a273737791ab6f71e29a2605c31"}, {"key": "pluginID", "hash": "2080b5fb4e23a49c522e5b32b0bc5477"}, {"key": "published", "hash": "63a5abe4009475ad91d7968a03c76241"}, {"key": "references", "hash": "43f53bd712a56550759b0bb7821d53da"}, {"key": "reporter", "hash": "fb990daaf8c857a86bab9781b4ab4b5e"}, {"key": "sourceData", "hash": "41806ddffbd3032b2f9e49408c0da723"}, {"key": "title", "hash": "fef26c93da78369ef4fa36a5a1ae3607"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "0f600361181c153d2e54f8852b620cd5457e84e364717128641c4be2866e36ad", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562311220191450", "OPENVAS:1361412562310875458", "OPENVAS:1361412562310875952", "OPENVAS:1361412562310875460", "OPENVAS:1361412562310876300", "OPENVAS:1361412562310883045", "OPENVAS:1361412562310812678", "OPENVAS:1361412562310852305", "OPENVAS:1361412562310852327", "OPENVAS:1361412562310810127"]}, {"type": "cve", "idList": ["CVE-2017-7518", "CVE-2017-1000252", "CVE-2016-3713", "CVE-2017-17741", "CVE-2019-7222", "CVE-2016-8630", "CVE-2019-7221", "CVE-2018-10853", "CVE-2019-6974", "CVE-2017-2584"]}, {"type": "f5", "idList": ["F5:K08413011", "F5:K11186236", "F5:K81172534", "F5:K29146534", "F5:K91229003"]}, {"type": "amazon", "idList": ["ALAS-2019-1165"]}, {"type": "nessus", "idList": ["ALA_ALAS-2019-1165.NASL", "FEDORA_2019-164946AA7F.NASL", "AL2_ALAS-2019-1165.NASL", "FEDORA_2019-3DA64F3E61.NASL", "REDHAT-RHSA-2019-0818.NASL", "REDHAT-RHSA-2019-0833.NASL", "VIRTUOZZO_VZA-2019-046.NASL", "SL_20190423_KERNEL_ON_SL7_X.NASL", "VIRTUOZZO_VZA-2017-004.NASL", "CENTOS_RHSA-2019-0818.NASL"]}, {"type": "symantec", "idList": ["SMNTC-104232"]}, {"type": "virtuozzo", "idList": ["VZA-2019-045", "VZA-2019-046", "VZA-2019-042", "VZA-2017-004", "VZA-2018-033", "VZA-2018-032", "VZA-2018-034"]}, {"type": "redhat", "idList": ["RHSA-2019:0833", "RHSA-2019:0818", "RHSA-2018:1967", "RHSA-2020:0103"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-0818", "ELSA-2019-4612"]}, {"type": "centos", "idList": ["CESA-2019:0818"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:0203-1", "OPENSUSE-SU-2019:0274-1"]}, {"type": "aix", "idList": ["VARIANT4_ADVISORY.ASC"]}, {"type": "mskb", "idList": ["KB4284867", "KB4467708", "KB4284826", "KB4284860", "KB4480970", "KB4284819", "KB4467691", "KB4480964", "KB4467686", "KB4480963"]}], "modified": "2020-03-19T22:31:11"}, "score": {"value": 6.7, "vector": "NONE", "modified": "2020-03-19T22:31:11"}, "vulnersScore": 6.7}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124953);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/19\");\n\n script_cve_id(\n \"CVE-2016-3713\",\n \"CVE-2016-8630\",\n \"CVE-2017-1000252\",\n \"CVE-2017-17741\",\n \"CVE-2017-2583\",\n \"CVE-2017-2584\",\n \"CVE-2017-5715\",\n \"CVE-2017-7518\",\n \"CVE-2018-10853\",\n \"CVE-2018-3639\",\n \"CVE-2019-6974\",\n \"CVE-2019-7221\",\n \"CVE-2019-7222\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : kvm (EulerOS-SA-2019-1450)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kvm package installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in\n the Linux kernel before 4.6.1 supports MSR 0x2f8, which\n allows guest OS users to read or write to the\n kvm_arch_vcpu data structure, and consequently obtain\n sensitive information or cause a denial of service\n (system crash), via a crafted ioctl\n call.(CVE-2016-3713)\n\n - Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support is vulnerable to a null\n pointer dereference flaw. It could occur on x86\n platform, when emulating an undefined instruction. An\n attacker could use this flaw to crash the host kernel\n resulting in DoS.(CVE-2016-8630)\n\n - Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support was vulnerable to an\n incorrect segment selector(SS) value error. The error\n could occur while loading values into the SS register\n in long mode. A user or process inside a guest could\n use this flaw to crash the guest, resulting in DoS or\n potentially escalate their privileges inside the\n guest.(CVE-2017-2583)\n\n - arch/x86/kvm/emulate.c in the Linux kernel through\n 4.9.3 allows local users to obtain sensitive\n information from kernel memory or cause a denial of\n service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave,\n sgdt, and sidt.(CVE-2017-2584)\n\n - A reachable assertion failure flaw was found in the\n Linux kernel built with KVM virtualisation(CONFIG_KVM)\n support with Virtual Function I/O feature (CONFIG_VFIO)\n enabled. This failure could occur if a malicious guest\n device sent a virtual interrupt (guest IRQ) with a\n larger (i1/4z1024) index value.(CVE-2017-1000252)\n\n - An industry-wide issue was found in the way many modern\n microprocessor designs have implemented speculative\n execution of instructions (a commonly used performance\n optimization). There are three primary variants of the\n issue which differ in the way the speculative execution\n can be exploited. Variant CVE-2017-5715 triggers the\n speculative execution by utilizing branch target\n injection. It relies on the presence of a\n precisely-defined instruction sequence in the\n privileged code as well as the fact that memory\n accesses may cause allocation into the microprocessor's\n data cache even for speculatively executed instructions\n that never actually commit (retire). As a result, an\n unprivileged attacker could use this flaw to cross the\n syscall and guest/host boundaries and read privileged\n memory by conducting targeted cache side-channel\n attacks.(CVE-2017-5715)\n\n - A flaw was found in the way the Linux KVM module\n processed the trap flag(TF) bit in EFLAGS during\n emulation of the syscall instruction, which leads to a\n debug exception(#DB) being raised in the guest stack. A\n user/process inside a guest could use this flaw to\n potentially escalate their privileges inside the guest.\n Linux guests are not affected by this.(CVE-2017-7518)\n\n - Linux kernel compiled with the KVM virtualization\n (CONFIG_KVM) support is vulnerable to an out-of-bounds\n read access issue. It could occur when emulating vmcall\n instructions invoked by a guest. A guest user/process\n could use this flaw to disclose kernel memory\n bytes.(CVE-2017-17741)\n\n - Systems with microprocessors utilizing speculative\n execution and speculative execution of memory reads\n before the addresses of all prior memory writes are\n known may allow unauthorized disclosure of information\n to an attacker with local user access via a\n side-channel analysis, aka Speculative Store Bypass\n (SSB), Variant 4.(CVE-2018-3639)\n\n - kernel: kvm: guest userspace to guest kernel\n write(CVE-2018-10853)\n\n - In the Linux kernel before 4.20.8,\n kvm_ioctl_create_device in virt/kvm/kvm_main.c\n mishandles reference counting because of a race\n condition, leading to a use-after-free.(CVE-2019-6974)\n\n - The KVM implementation in the Linux kernel through\n 4.20.5 has an Information Leak.(CVE-2019-7222)\n\n - The KVM implementation in the Linux kernel through\n 4.20.5 has a Use-after-Free.(CVE-2019-7221)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1450\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3d6cefe5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kvm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kvm-4.4.11-30.011\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kvm\");\n}\n", "naslFamily": "Huawei Local Security Checks", "pluginID": "124953", "cpe": ["cpe:/o:huawei:euleros:uvp:3.0.1.0", "p-cpe:/a:huawei:euleros:kvm"], "scheme": null, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}}

{"openvas": [{"lastseen": "2020-01-27T18:37:34", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191450", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191450", "title": "Huawei EulerOS: Security Advisory for kvm (EulerOS-SA-2019-1450)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1450\");\n script_version(\"2020-01-23T11:47:36+0000\");\n script_cve_id(\"CVE-2016-3713\", \"CVE-2016-8630\", \"CVE-2017-1000252\", \"CVE-2017-17741\", \"CVE-2017-2583\", \"CVE-2017-2584\", \"CVE-2017-5715\", \"CVE-2017-7518\", \"CVE-2018-10853\", \"CVE-2018-3639\", \"CVE-2019-6974\", \"CVE-2019-7221\", \"CVE-2019-7222\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:47:36 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:47:36 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kvm (EulerOS-SA-2019-1450)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1450\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1450\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kvm' package(s) announced via the EulerOS-SA-2019-1450 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in the Linux kernel before 4.6.1 supports MSR 0x2f8, which allows guest OS users to read or write to the kvm_arch_vcpu data structure, and consequently obtain sensitive information or cause a denial of service (system crash), via a crafted ioctl call.(CVE-2016-3713)\n\nLinux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to a null pointer dereference flaw. It could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS.(CVE-2016-8630)\n\nLinux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was vulnerable to an incorrect segment selector(SS) value error. The error could occur while loading values into the SS register in long mode. A user or process inside a guest could use this flaw to crash the guest, resulting in DoS or potentially escalate their privileges inside the guest.(CVE-2017-2583)\n\narch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt.(CVE-2017-2584)\n\nA reachable assertion failure flaw was found in the Linux kernel built with KVM virtualisation(CONFIG_KVM) support with Virtual Function I/O feature (CONFIG_VFIO) enabled. This failure could occur if a malicious guest device sent a virtual interrupt (guest IRQ) with a larger (1024) index value.(CVE-2017-1000252)\n\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.(CVE-2017-5715)\n\nA flaw was found in the way the Linux KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug excep ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kvm' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kvm\", rpm:\"kvm~4.4.11~30.011\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:12", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the\n ", "modified": "2019-03-29T00:00:00", "published": "2019-02-16T00:00:00", "id": "OPENVAS:1361412562310875458", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875458", "title": "Fedora Update for kernel-tools FEDORA-2019-3da64f3e61", "type": "openvas", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875458\");\n script_version(\"2019-03-29T08:13:51+0000\");\n script_cve_id(\"CVE-2019-7222\", \"CVE-2019-6974\", \"CVE-2019-7221\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-03-29 08:13:51 +0000 (Fri, 29 Mar 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-02-16 04:07:14 +0100 (Sat, 16 Feb 2019)\");\n script_name(\"Fedora Update for kernel-tools FEDORA-2019-3da64f3e61\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2019-3da64f3e61\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3X72TKZZ4IT3MTC2NWQCO53ZCJ2FKSZC\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'kernel-tools' package(s) announced via the FEDORA-2019-3da64f3e61 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"affected\", value:\"kernel-tools on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.20.8~100.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:16", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-05-14T00:00:00", "published": "2019-05-07T00:00:00", "id": "OPENVAS:1361412562310875952", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875952", "title": "Fedora Update for kernel-tools FEDORA-2019-164946aa7f", "type": "openvas", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875952\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2019-7222\", \"CVE-2019-6974\", \"CVE-2019-7221\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:29:30 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for kernel-tools FEDORA-2019-164946aa7f\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-164946aa7f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46R6LVGCMPBTPT2FCJQDSB5X27JMQKOF\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel-tools'\n package(s) announced via the FEDORA-2019-164946aa7f advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This package contains the tools/ directory from the kernel source\nand the supporting documentation.\");\n\n script_tag(name:\"affected\", value:\"'kernel-tools' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.20.8~200.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:17", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the\n ", "modified": "2019-03-29T00:00:00", "published": "2019-02-16T00:00:00", "id": "OPENVAS:1361412562310875460", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875460", "title": "Fedora Update for kernel-headers FEDORA-2019-3da64f3e61", "type": "openvas", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875460\");\n script_version(\"2019-03-29T08:13:51+0000\");\n script_cve_id(\"CVE-2019-7222\", \"CVE-2019-6974\", \"CVE-2019-7221\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-03-29 08:13:51 +0000 (Fri, 29 Mar 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-02-16 04:09:07 +0100 (Sat, 16 Feb 2019)\");\n script_name(\"Fedora Update for kernel-headers FEDORA-2019-3da64f3e61\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2019-3da64f3e61\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INV5MYGVXPJHLJQOEB4SEQTRKP3LBKGG\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'kernel-headers' package(s) announced via the FEDORA-2019-3da64f3e61 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"affected\", value:\"kernel-headers on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.20.8~100.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:16", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-05-14T00:00:00", "published": "2019-05-07T00:00:00", "id": "OPENVAS:1361412562310876300", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876300", "title": "Fedora Update for kernel-headers FEDORA-2019-164946aa7f", "type": "openvas", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876300\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2019-7222\", \"CVE-2019-6974\", \"CVE-2019-7221\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:43:19 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for kernel-headers FEDORA-2019-164946aa7f\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-164946aa7f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BFPBVTFKHIC7CCIVD6NKPWXRZNOCG74\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel-headers'\n package(s) announced via the FEDORA-2019-164946aa7f advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Kernel-headers includes the C header files that specify the interface\nbetween the Linux kernel and userspace libraries and programs. The\nheader files define structures and constants that are needed for\nbuilding most standard programs and are also needed for rebuilding the\nglibc package.\");\n\n script_tag(name:\"affected\", value:\"'kernel-headers' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.20.8~200.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-09-05T14:51:50", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-09-05T00:00:00", "published": "2019-05-01T00:00:00", "id": "OPENVAS:1361412562310883045", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310883045", "title": "CentOS Update for kernel CESA-2019:0818 centos7 ", "type": "openvas", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.883045\");\n script_version(\"2019-09-05T05:22:48+0000\");\n script_cve_id(\"CVE-2019-6974\", \"CVE-2019-7221\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-09-05 05:22:48 +0000 (Thu, 05 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-01 02:00:59 +0000 (Wed, 01 May 2019)\");\n script_name(\"CentOS Update for kernel CESA-2019:0818 centos7 \");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n\n script_xref(name:\"CESA\", value:\"2019:0818\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2019-April/023278.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the CESA-2019:0818 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es):\n\n * Kernel: KVM: potential use-after-free via kvm_ioctl_create_device()\n(CVE-2019-6974)\n\n * Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the\npreemption timer (CVE-2019-7221)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nBug Fix(es):\n\n * rbd: avoid corruption on partially completed bios [rhel-7.6.z]\n(BZ#1672514)\n\n * xfs_vm_writepages deadly embrace between kworker and user task.\n[rhel-7.6.z] (BZ#1673281)\n\n * Offload Connections always get vlan priority 0 [rhel-7.6.z] (BZ#1673821)\n\n * [NOKIA] RHEL sends flood of Neighbour Solicitations under specific\nconditions [rhel-7.6.z] (BZ#1677179)\n\n * RHEL 7.6 - Host crash occurred on NVMe/IB system while running controller\nreset [rhel-7.6.z] (BZ#1678214)\n\n * [rhel7] raid0 md workqueue deadlock with stacked md devices [rhel-7.6.z]\n(BZ#1678215)\n\n * [PureStorage7.6]nvme disconnect following an unsuccessful Admin queue\ncreation causes kernel panic [rhel-7.6.z] (BZ#1678216)\n\n * RFC: Regression with -fstack-check in 'backport upstream large stack\nguard patch to RHEL6' patch [rhel-7.6.z] (BZ#1678221)\n\n * [Hyper-V] [RHEL 7.6]hv_netvsc: Fix a network regression after ifdown/ifup\n[rhel-7.6.z] (BZ#1679997)\n\n * rtc_cmos: probe of 00:01 failed with error -16 [rhel-7.6.z] (BZ#1683078)\n\n * ACPI WDAT watchdog update [rhel-7.6.z] (BZ#1683079)\n\n * high ovs-vswitchd CPU usage when VRRP over VXLAN tunnel causing qrouter\nfail-over [rhel-7.6.z] (BZ#1683093)\n\n * Openshift node drops outgoing POD traffic due to NAT hashtable race in\n__ip_conntrack_confirm() [rhel-7.6.z] (BZ#1686766)\n\n * [Backport] [v3, 2/2] net: igmp: Allow user-space configuration of igmp\nunsolicited report interval [rhel-7.6.z] (BZ#1686771)\n\n * [RHEL7.6]: Intermittently seen FIFO parity error on T6225-SO adapter\n[rhel-7.6.z] (BZ#1687487)\n\n * The number of unsolict report about IGMP is incorrect [rhel-7.6.z]\n(BZ#1688225)\n\n * RDT driver causing failure to boot on AMD Rome system with more than 255\nCPUs [rhel-7.6.z] (BZ#1689120)\n\n * mpt3sas_cm0: fault_state(0x2100)! [rhel-7.6.z] (BZ#1689379)\n\n * rwsem in inconsistent state leading system to hung [rhel-7.6.z]\n(BZ#1690323)\n\nUsers of kernel are advised to upgrade to these updated packages, which fix\nthese bugs.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on CentOS 7.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS7\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bpftool\", rpm:\"bpftool~3.10.0~957.12.1.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~957.12.1.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~957.12.1.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~957.12.1.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~957.12.1.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~957.12.1.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~957.12.1.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~957.12.1.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~957.12.1.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~957.12.1.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~957.12.1.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~957.12.1.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~957.12.1.el7\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-08T13:28:56", "bulletinFamily": "scanner", "description": "This host is missing a critical update\n according to Microsoft KB4078130", "modified": "2019-12-20T00:00:00", "published": "2018-01-29T00:00:00", "id": "OPENVAS:1361412562310812678", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812678", "title": "Spectre Variant 2 (CVE 2017-5715) Branch Target Injection Update Disable (KB4078130)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Spectre Variant 2 (CVE 2017-5715) Branch Target Injection Update Disable (KB4078130)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812678\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-01-29 16:17:29 +0530 (Mon, 29 Jan 2018)\");\n script_name(\"Spectre Variant 2 (CVE 2017-5715) Branch Target Injection Update Disable (KB4078130)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical update\n according to Microsoft KB4078130\");\n\n script_tag(name:\"vuldetect\", value:\"Check if the Spectre Variant 2 update is\n disabled or not.\");\n\n script_tag(name:\"insight\", value:\"Intel has reported issues with recently\n released microcode meant to address Spectre variant 2 (CVE 2017-5715 Branch\n Target Injection) specifically Intel noted that this microcode can cause\n 'higher than expected reboots and other unpredictable system behavior'. On\n January 22, 2018 Intel recommended that customers stop deploying the current\n microcode version on impacted processors while they perform additional testing\n on the updated solution. While Intel tests, updates and deploys new microcode,\n Microsoft is providing update KB4078130 that specifically disables only the\n mitigation against CVE-2017-5715 'Branch target injection vulnerability'.\n This update has been found to prevent the behavior described.\");\n\n script_tag(name:\"impact\", value:\"Installing and enabling update for Spectre\n Variant 2 may result in 'data loss or corruption'. Also system instability can\n in some circumstances cause data loss or corruption.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows Server 2016\n\n - Microsoft Windows Server 2012 R2\n\n - Microsoft Windows 8.1 for 32-bit/x64\n\n - Microsoft Windows 10\n\n Windows 7 for 32-bit/x64 Systems Service Pack 1\n\n Windows Server 2008 R2 for x64-based Systems Service Pack 1\n\n - Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4078130\");\n script_xref(name:\"URL\", value:\"https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2, win8_1:1, win8_1x64:1, win2012R2:1,\n win2008:3, win2008x64:3, win2016:1, win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nkey = \"SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Memory Management\" ;\n\noverride = registry_get_dword(key:key, item:\"FeatureSettingsOverride\");\noverridemask = registry_get_dword(key:key, item:\"FeatureSettingsOverrideMask\");\n\nif(!override || !overridemask)\n exit(0);\n\nif((override == 1 && overridemask == 1)|| (override == 3 && overridemask == 3)){\n exit(0);\n} else if((override == 0 && overridemask == 1) || (override == 0 && overridemask == 3))\n{\n report = report_fixed_ver(installed_version: \"Spectre Variant 2 Mitigation Enabled\", fixed_version: \"Disable Spectre Variant 2 Mitigation\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-01-31T16:50:57", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-02-19T00:00:00", "id": "OPENVAS:1361412562310852305", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852305", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2019:0203-1)", "type": "openvas", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852305\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-20669\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-6974\", \"CVE-2019-7221\", \"CVE-2019-7222\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-02-19 04:07:48 +0100 (Tue, 19 Feb 2019)\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2019:0203-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:0203-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the openSUSE-SU-2019:0203-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE Leap 15.0 kernel was updated to\n receive various security and bugfixes.\n\n\n The following security bugs were fixed:\n\n - CVE-2019-3459, CVE-2019-3460: Two information leaks in the bluetooth\n stack were fixed. (bnc#1120758).\n\n - CVE-2019-7221: A use-after-free in the KVM nVMX hrtimer was fixed.\n (bnc#1124732).\n\n - CVE-2019-7222: A information leak in exception handling in KVM could be\n used to expose host memory to guests. (bnc#1124735).\n\n - CVE-2019-6974: A use-after-free in the KVM device control API was\n fixed. (bnc#1124728).\n\n - CVE-2018-20669: Missing access control checks in ioctl of gpu/drm/i915\n driver were fixed which might have lead to information leaks.\n (bnc#1122971).\n\n The following non-security bugs were fixed:\n\n - 6lowpan: iphc: reset mac_header after decompress to fix panic\n (bsc#1051510).\n\n - 9p: clear dangling pointers in p9stat_free (bsc#1051510).\n\n - 9p locks: fix glock.client_id leak in do_lock (bsc#1051510).\n\n - 9p/net: put a lower bound on msize (bsc#1051510).\n\n - acpi/nfit: Block function zero DSMs (bsc#1051510).\n\n - acpi, nfit: Fix Address Range Scrub completion tracking (bsc#1124969).\n\n - acpi/nfit: Fix command-supported detection (bsc#1051510).\n\n - acpi/nfit: Fix race accessing memdev in nfit_get_smbios_id()\n (bsc#1122662).\n\n - acpi/nfit: Fix user-initiated ARS to be 'ARS-long' rather than\n 'ARS-short' (bsc#1124969).\n\n - ACPI: power: Skip duplicate power resource references in _PRx\n (bsc#1051510).\n\n - Add delay-init quirk for Corsair K70 RGB keyboards (bsc#1087092).\n\n - af_iucv: Move sockaddr length checks to before accessing sa_family in\n bind and connect handlers (bsc#1051510).\n\n - alsa: bebob: fix model-id of unit for Apogee Ensemble (bsc#1051510).\n\n - alsa: compress: Fix stop handling on compressed capture streams\n (bsc#1051510).\n\n - alsa: hda - Add mute LED support for HP ProBook 470 G5 (bsc#1051510).\n\n - alsa: hda/ca0132 - Fix build error without CONFIG_PCI (bsc#1051510).\n\n - alsa: hda/realtek - Fixed hp_pin no value (bsc#1051510).\n\n - alsa: hda/realtek - Fix lose hp_pins for disable auto mute (bsc#1051510).\n\n - alsa: hda/realtek - Use a common helper for hp pin reference\n (bsc#1051510).\n\n - alsa: hda - Serialize codec registrations (bsc#1122944).\n\n - alsa: hda - Use standard device registration for beep (bsc#1122944).\n\n - alsa: oxfw: add support for APOGEE duet FireWire (bsc#1051510).\n\n - alsa: usb-audio: Add Opus #3 to quirks for native DSD support\n (bsc#1051510).\n\n - alsa: usb-audio: Add support for new T+A USB DAC (bsc#1051510).\n\n - amd-xgbe: Fix mdio access for non-zero ports and clause 45 PHYs\n (bsc#1122927).\n\n - arm: ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"the on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.12.14~lp150.12.48.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~4.12.14~lp150.12.48.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-html\", rpm:\"kernel-docs-html~4.12.14~lp150.12.48.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~4.12.14~lp150.12.48.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.12.14~lp150.12.48.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~4.12.14~lp150.12.48.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~4.12.14~lp150.12.48.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~4.12.14~lp150.12.48.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~4.12.14~lp150.12.48.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~4.12.14~lp150.12.48.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~4.12.14~lp150.12.48.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~4.12.14~lp150.12.48.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~4.12.14~lp150.12.48.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~4.12.14~lp150.12.48.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~4.12.14~lp150.12.48.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~4.12.14~lp150.12.48.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~4.12.14~lp150.12.48.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~4.12.14~lp150.12.48.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~4.12.14~lp150.12.48.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel-debuginfo\", rpm:\"kernel-default-devel-debuginfo~4.12.14~lp150.12.48.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall\", rpm:\"kernel-kvmsmall~4.12.14~lp150.12.48.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall-base\", rpm:\"kernel-kvmsmall-base~4.12.14~lp150.12.48.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall-base-debuginfo\", rpm:\"kernel-kvmsmall-base-debuginfo~4.12.14~lp150.12.48.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall-debuginfo\", rpm:\"kernel-kvmsmall-debuginfo~4.12.14~lp150.12.48.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall-debugsource\", rpm:\"kernel-kvmsmall-debugsource~4.12.14~lp150.12.48.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall-devel\", rpm:\"kernel-kvmsmall-devel~4.12.14~lp150.12.48.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-kvmsmall-devel-debuginfo\", rpm:\"kernel-kvmsmall-devel-debuginfo~4.12.14~lp150.12.48.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~4.12.14~lp150.12.48.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~4.12.14~lp150.12.48.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~4.12.14~lp150.12.48.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~4.12.14~lp150.12.48.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~4.12.14~lp150.12.48.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base\", rpm:\"kernel-vanilla-base~4.12.14~lp150.12.48.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base-debuginfo\", rpm:\"kernel-vanilla-base-debuginfo~4.12.14~lp150.12.48.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~4.12.14~lp150.12.48.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~4.12.14~lp150.12.48.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~4.12.14~lp150.12.48.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel-debuginfo\", rpm:\"kernel-vanilla-devel-debuginfo~4.12.14~lp150.12.48.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T16:47:35", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-03-02T00:00:00", "id": "OPENVAS:1361412562310852327", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852327", "title": "openSUSE: Security Advisory for the (openSUSE-SU-2019:0274-1)", "type": "openvas", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852327\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-5391\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-7221\", \"CVE-2019-7222\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-03-02 04:07:53 +0100 (Sat, 02 Mar 2019)\");\n script_name(\"openSUSE: Security Advisory for the (openSUSE-SU-2019:0274-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:0274-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-03/msg00000.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'the'\n package(s) announced via the openSUSE-SU-2019:0274-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE Leap 42.3 kernel was updated to 4.4.175 to receive various\n bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2018-5391: Fixed a vulnerability, which allowed an attacker to cause\n a denial of service attack with low rates of packets targeting IP\n fragment re-assembly. (bsc#1103097)\n\n - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM\n hypervisor related to the emulation of a preemption timer, allowing an\n guest user/process to crash the host kernel. (bsc#1124732).\n\n - CVE-2019-7222: Fixed an information leakage in the KVM hypervisor\n related to handling page fault exceptions, which allowed a guest\n user/process to use this flaw to leak the host's stack memory contents\n to a guest (bsc#1124735).\n\n The following non-security bugs were fixed:\n\n - ASoC: Intel: mrfld: fix uninitialized variable access (bnc#1012382).\n\n - ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages\n (bnc#1012382).\n\n - ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M (bnc#1012382).\n\n - Documentation/network: reword kernel version reference (bnc#1012382).\n\n - IB/core: type promotion bug in rdma_rw_init_one_mr() ().\n\n - IB/rxe: Fix incorrect cache cleanup in error flow ().\n\n - IB/rxe: replace kvfree with vfree ().\n\n - NFC: nxp-nci: Include unaligned.h instead of access_ok.h (bnc#1012382).\n\n - RDMA/bnxt_re: Fix a couple off by one bugs (bsc#1020413, ).\n\n - RDMA/bnxt_re: Synchronize destroy_qp with poll_cq (bsc#1125446).\n\n - Revert 'Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire\n F5-573G' (bnc#1012382).\n\n - Revert 'cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy\n (insecure cifs)' (bnc#1012382).\n\n - Revert 'exec: load_script: do not blindly truncate shebang string'\n (bnc#1012382).\n\n - Revert 'loop: Fix double mutex_unlock(&amp loop_ctl_mutex) in\n loop_control_ioctl()' (bnc#1012382).\n\n - Revert 'loop: Fold __loop_release into loop_release' (bnc#1012382).\n\n - Revert 'loop: Get rid of loop_index_mutex' (bnc#1012382).\n\n - Revert 'mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1120902).'\n\n - Revert most of 4.4.174 (kabi).\n\n - acpi, nfit: Fix ARS overflow continuation (bsc#1125000).\n\n - acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value\n (bsc#1124775).\n\n - alpha: Fix Eiger NR_IRQS to 128 (bnc#1012382).\n\n - alpha: fix page fault handling for r16-r18 targets (bnc#1012382).\n\n - alsa: compress: Fix stop handling on compressed capture streams\n (bnc#1012382).\n\n - alsa: hda - Add quirk for HP EliteBook 840 G5 (bnc#1012382).\n\n - alsa: hda - Serialize codec registrations (bnc#1012382).\n\n - alsa: usb-audio: Fix implicit fb e ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"the on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.4.175~89.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~4.4.175~89.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-html\", rpm:\"kernel-docs-html~4.4.175~89.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-pdf\", rpm:\"kernel-docs-pdf~4.4.175~89.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~4.4.175~89.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.4.175~89.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~4.4.175~89.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~4.4.175~89.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~4.4.175~89.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~4.4.175~89.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~4.4.175~89.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~4.4.175~89.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~4.4.175~89.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~4.4.175~89.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~4.4.175~89.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~4.4.175~89.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~4.4.175~89.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~4.4.175~89.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~4.4.175~89.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~4.4.175~89.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~4.4.175~89.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~4.4.175~89.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~4.4.175~89.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~4.4.175~89.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~4.4.175~89.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base\", rpm:\"kernel-vanilla-base~4.4.175~89.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base-debuginfo\", rpm:\"kernel-vanilla-base-debuginfo~4.4.175~89.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~4.4.175~89.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~4.4.175~89.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~4.4.175~89.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:00", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-12-02T00:00:00", "id": "OPENVAS:1361412562310810127", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810127", "title": "Fedora Update for kernel FEDORA-2016-14c4187e3a", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2016-14c4187e3a\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810127\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-02 14:04:28 +0100 (Fri, 02 Dec 2016)\");\n script_cve_id(\"CVE-2016-8630\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2016-14c4187e3a\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-14c4187e3a\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3WA5MYDRY3QJVY6IVR26CQWNLKQRBYB\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.8.7~200.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "cve": [{"lastseen": "2019-10-04T12:18:46", "bulletinFamily": "NVD", "description": "The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c.", "modified": "2019-10-03T00:03:00", "id": "CVE-2017-1000252", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000252", "published": "2017-09-26T05:29:00", "title": "CVE-2017-1000252", "type": "cve", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-01T13:25:17", "bulletinFamily": "NVD", "description": "A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this.", "modified": "2019-10-09T23:29:00", "id": "CVE-2017-7518", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7518", "published": "2018-07-30T15:29:00", "title": "CVE-2017-7518", "type": "cve", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:16:56", "bulletinFamily": "NVD", "description": "The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h.", "modified": "2018-04-25T01:29:00", "id": "CVE-2017-17741", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17741", "published": "2017-12-18T08:29:00", "title": "CVE-2017-17741", "type": "cve", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:15:36", "bulletinFamily": "NVD", "description": "The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in the Linux kernel before 4.6.1 supports MSR 0x2f8, which allows guest OS users to read or write to the kvm_arch_vcpu data structure, and consequently obtain sensitive information or cause a denial of service (system crash), via a crafted ioctl call.", "modified": "2016-06-27T17:57:00", "id": "CVE-2016-3713", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3713", "published": "2016-06-27T10:59:00", "title": "CVE-2016-3713", "type": "cve", "cvss": {"score": 5.6, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2019-11-07T13:16:42", "bulletinFamily": "NVD", "description": "The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.", "modified": "2019-08-06T17:15:00", "id": "CVE-2019-7222", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7222", "published": "2019-03-21T16:01:00", "title": "CVE-2019-7222", "type": "cve", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:15:40", "bulletinFamily": "NVD", "description": "The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction.", "modified": "2018-01-05T02:31:00", "id": "CVE-2016-8630", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8630", "published": "2016-11-28T03:59:00", "title": "CVE-2016-8630", "type": "cve", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-12-04T12:23:16", "bulletinFamily": "NVD", "description": "The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.", "modified": "2019-06-15T01:29:00", "id": "CVE-2019-7221", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7221", "published": "2019-03-21T16:01:00", "title": "CVE-2019-7221", "type": "cve", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-29T13:33:20", "bulletinFamily": "NVD", "description": "A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest.", "modified": "2019-10-03T00:03:00", "id": "CVE-2018-10853", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10853", "published": "2018-09-11T14:29:00", "title": "CVE-2018-10853", "type": "cve", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-29T12:46:39", "bulletinFamily": "NVD", "description": "In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.", "modified": "2019-09-20T14:15:00", "id": "CVE-2019-6974", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-6974", "published": "2019-02-15T15:29:00", "title": "CVE-2019-6974", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:16:58", "bulletinFamily": "NVD", "description": "arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt.", "modified": "2018-08-24T10:29:00", "id": "CVE-2017-2584", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2584", "published": "2017-01-15T02:59:00", "title": "CVE-2017-2584", "type": "cve", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:P"}}], "f5": [{"lastseen": "2020-04-01T14:40:25", "bulletinFamily": "software", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "modified": "2019-06-15T02:21:00", "published": "2019-06-15T02:21:00", "id": "F5:K08413011", "href": "https://support.f5.com/csp/article/K08413011", "title": "Linux kernel vulnerability CVE-2019-7221", "type": "f5", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-19T02:20:05", "bulletinFamily": "software", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP AAM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP ASM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP DNS| None| 13.0.0 \n12.0.0 - 12.1.2| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1| Not vulnerable| None \nBIG-IP GTM| None| 11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP Link Controller| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP PEM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.1| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1| Not vulnerable| None \nBIG-IP WebSafe| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.3.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.2.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.2| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2017-07-19T00:57:00", "published": "2017-07-19T00:57:00", "href": "https://support.f5.com/csp/article/K81172534", "id": "F5:K81172534", "title": "Linux kernel vulnerability CVE-2017-2583", "type": "f5", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-04-01T14:41:31", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 769589 (BIG-IP) to this vulnerability. Additionally, [BIG-IP iHealth](<https://www.f5.com/services/support/support-offerings/big-ip-ihealth-diagnostic-tool>) may list Heuristic H11186236 on the **Diagnostics** &gt; **Identified** &gt; **High** page.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 15.x | 15.0.0 - 15.0.1 | 15.1.0 | High | [7.8](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H>) | vCMP guest and host \n14.x | 14.0.0 - 14.1.0 | None \n13.x | 13.0.0 - 13.1.3 | 13.1.3.2 \n12.x | None | Not applicable \n11.x | None | Not applicable \nEnterprise Manager | 3.x | None | Not applicable | Not vulnerable | None | None \nBIG-IQ Centralized Management | 6.x | None | Not applicable | Not vulnerable | None | None \n5.x | None | Not applicable \nF5 iWorkflow | 2.x | None | Not applicable | Not vulnerable | None | None \nTraffix SDC | 5.x | None | Not applicable | Not vulnerable | None | None \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nTo mitigate this vulnerability, you should restrict privileged access for affected systems to trusted users. For more information, refer to [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "modified": "2019-12-12T12:02:00", "published": "2019-04-19T19:32:00", "id": "F5:K11186236", "href": "https://support.f5.com/csp/article/K11186236", "title": "Linux kernel KVM subsystem vulnerability CVE-2019-6974", "type": "f5", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-01T14:40:59", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned IDs 721319, 721555, and 721556 (BIG-IP), ID 721949 (BIG-IQ), ID 721945 (Enterprise Manager), and CPF-24903 and CPF-24904 (Traffix) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 14.x | 14.0.0 - 14.1.0 | None | Medium | [5.6](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N>) | F5 hardware platforms* \n13.x | 13.0.0 - 13.1.1 | None \n12.x | 12.1.0 - 12.1.4 | None \n11.x | 11.2.1 - 11.6.3 | None \nARX | 6.x | None | Not applicable | Not vulnerable | None | None \nEnterprise Manager | 3.x | 3.1.1 | None | Medium | [4.3](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N>) | F5 hardware platforms* \nBIG-IQ Centralized Management | 6.x | 6.0.0 | None | Medium | [4.3](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N>) | F5 hardware platforms* \n5.x | 5.0.0 - 5.4.0 | None \n4.x | 4.6.0 | None \nBIG-IQ Cloud and Orchestration | 1.x | 1.0.0 | None | Medium | [4.3](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N>) | F5 hardware platforms* \nF5 iWorkflow | 2.x | 2.1.0 - 2.3.0 | None | Medium | [4.3](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N>) | F5 hardware platforms* \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Medium | [5.6](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N>) | F5 hardware platforms* \n4.x | 4.4.0 | None \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n*For information about the affected hardware platforms, refer to the **Vulnerable platforms** section.\n\nVulnerable platforms\n\nSome platforms may have processors from multiple vendors and may have a vulnerable ARM processor in one or more subsystems. F5 investigated the use of ARM processors and, while vulnerable processors are used, those processors do not handle privileged information; they are limited to running signed firmware from F5 with no capability to execute user-specified code.\n\nThe following tables list only one entry for platform models that have several variants. For example, BIG-IP 11000, BIG-IP 11050, BIG-IP 11050F, and BIG-IP 11050N are all vulnerable and included in the table as \"BIG-IP 110x0.\" \n\nBIG-IP \n\nModel | Processor types | Vulnerable \n---|---|--- \nVIPRION B21x0 | Intel | Y \nVIPRION B2250 | Intel | Y \nVIPRION B4100 | AMD | Y* \nVIPRION B4200 | AMD | Y* \nVIPRION B43x0 | Intel | Y \nVIPRION B44x0 | Intel | Y \nBIG-IP 2xx0 | Intel | Y \nBIG-IP 4xx0 | Intel | Y \nBIG-IP 5xx0 | Intel | Y \nBIG-IP 7xx0 | Intel | Y \nBIG-IP 10xxx | Intel | Y \nBIG-IP 12xx0 | Intel | Y \nBIG-IP i2x00 | Intel, ARM | Y \nBIG-IP i4x00 | Intel, ARM | Y \nBIG-IP i5x00 | Intel, ARM | Y \nBIG-IP i7x00 | Intel, ARM | Y \nBIG-IP i10x00 | Intel, ARM | Y \nBIG-IP 800 | Intel | Y \nBIG-IP 1600 | Intel | Y \nBIG-IP 3600 | Intel | Y \nBIG-IP 3900 | Intel | Y \nBIG-IP 6900 | AMD | Y* \nBIG-IP 89x0 | AMD | Y* \nBIG-IP 110x0 | AMD | Y* \nBIG-IP 6400 | AMD | Y* \n \n*F5 believes these platforms are vulnerable, but AMD has yet to confirm. AMD has not published plans to provide fixes for these CPUs.\n\nBIG-IQ, Enterprise Manager, FirePass, and ARX\n\nModel | Processor type | Vulnerable \n---|---|--- \nBIG-IQ 7000 | Intel | Y \nEnterprise Manager 4000 | Intel | Y \nFirePass 12xx | Intel | N \nFirePass 41xx | AMD | Y* \nFirePass 43xx | AMD | Y* \nARX 1500+ | Intel | Y \nARX 2500 | Intel | Y \nARX 4000/4000+ | Intel | Y \n \n*Intel and AMD have not responded to repeated requests for information about the processors in these platforms. Therefore, based on their general public statements, we must assume that they are vulnerable.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9502: BIG-IP hotfix and point release matrix](<https://support.f5.com/csp/article/K9502>)\n * [K48955220: Installing an OPSWAT Endpoint Security update on BIG-IP APM systems (11.4.x and later)](<https://support.f5.com/csp/article/K48955220>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>)\n", "modified": "2019-07-01T18:29:00", "published": "2018-07-10T21:22:00", "id": "F5:K29146534", "href": "https://support.f5.com/csp/article/K29146534", "title": "SSB Variant 4 vulnerability CVE-2018-3639", "type": "f5", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-04-01T14:41:16", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned IDs 698651, 701445, 701447, 704490, and 704483 (BIG-IP); 702233, 702236, and 702237 (BIG-IQ); 702353, 702354, and 702355 (Enterprise Manager); 702355, 702377, and 702378 (iWorkflow); CPF-24782, CPF-24783, and CPF-24784 (Traffix); LRS-65859, LRS-65860, and LRS-65861 (LineRate) to this vulnerability. Additionally, [BIG-IP iHealth](<https://www.f5.com/support/support-tools/big-ip-ihealth>) may list Heuristic H91229003 on the **Diagnostics** &gt; **Identified** &gt; **Medium** page.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) | 15.x | None | 15.0.0 | Medium (CVE-2017-5715) \nMedium (CVE-2017-5753) \nMedium (CVE-2017-5754) | [6.4](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C>) CVE-2017-5715 \n[5.3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:U/RC:C>) CVE-2017-5753 \n[6.4](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C>) CVE-2017-5754 | CPU, BIOS, and kernel \n14.x | None | 14.0.02 \n13.x | 13.0.0 - 13.1.0 | 13.1.0.42 \n13.0.12 \n12.x | 12.1.0 - 12.1.3 | 12.1.3.32 \n11.x | 11.6.1 - 11.6.3 \n11.5.1 - 11.5.5 \n11.2.1 | 11.6.3.12 \n11.5.62 \nEnterprise Manager | 3.x | 3.1.1 | None | Medium (CVE-2017-5715) \nMedium (CVE-2017-5753) \nMedium (CVE-2017-5754) | [6.4](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C>) CVE-2017-5715 \n[5.3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:U/RC:C>) CVE-2017-5753 \n[6.4](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C>) CVE-2017-5754 | CPU, BIOS, and kernel \nBIG-IQ (Cloud, Device, Security, ADC) | 4.x | 4.5.0 | None | Medium (CVE-2017-5715) \nMedium (CVE-2017-5753) \nMedium (CVE-2017-5754) | [6.4](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C>) CVE-2017-5715 \n[5.3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:U/RC:C>) CVE-2017-5753 \n[6.4](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C>) CVE-2017-5754 | CPU, BIOS, and kernel \nBIG-IQ Centralized Management | 6.x | 6.0.0 | 6.0.12 | Medium (CVE-2017-5715) \nMedium (CVE-2017-5753) \nMedium (CVE-2017-5754) | [6.4](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C>) CVE-2017-5715 \n[5.3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:U/RC:C>) CVE-2017-5753 \n[6.4](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C>) CVE-2017-5754 | CPU, BIOS, and kernel \n5.x | 5.0.0 - 5.4.0 | None \n4.x | 4.6.0 | None \nBIG-IQ Cloud and Orchestration | 1.x | 1.0.0 | None | Medium (CVE-2017-5715) \nMedium (CVE-2017-5753) \nMedium (CVE-2017-5754) | [6.4](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C>) CVE-2017-5715 \n[5.3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:U/RC:C>) CVE-2017-5753 \n[6.4](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C>) CVE-2017-5754 | CPU, BIOS, and kernel \nF5 iWorkflow | 2.x | 2.3.0 \n2.2.0 \n2.1.0 \n2.0.1 - 2.0.2 | None | Medium (CVE-2017-5715) \nMedium (CVE-2017-5753) \nMedium (CVE-2017-5754) | [6.4](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C>) CVE-2017-5715 \n[5.3](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:U/RC:C>) CVE-2017-5753 \n[6.4](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C>) CVE-2017-5754 | CPU, BIOS, and kernel \nLineRate | 2.x | 2.6.0 | None | Medium | ** | CPU, BIOS, and kernel \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | Security bulletin build 93 (5.1.0) \nSecurity bulletin build 32 (5.0.0) | Medium (CVE-2017-5715) \nHigh (CVE-2017-5753) \nHigh (CVE-2017-5754) | [6.7](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N>) (CVE-2017-5715) \n[8.2](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N>) (CVE-2017-5753) \n[7.9](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N>) (CVE-2017-5754) | CPU, BIOS, and kernel \n4.x | 4.0.0 - 4.4.0 | Security bulletin build 14 (4.4.0) \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n2Notes about fixes for CVE-2017-5753 (Spectre-PHT) and CVE-2017-5754 (Meltdown-US):\n\n**Important**: F5 does not plan to release an official fix for CVE-2017-5715 (Spectre-BTB) that is based on Intel's microcode updates. The rationale for this decision is based on significant performance degradation when enabling Intel's microcode fixes in our platforms. During testing of the microcode fix, F5 has observed from 10 percent to more than 50 percent performance degradation for many workloads.\n\n**Important**: Only CVE-2017-5754 (Meltdown-US) is fixed in BIG-IQ.\n\n * Performance impact: \n * CVE-2017-5753 (Spectre-PHT)\n\nF5 does not anticipate a performance impact as a result of the fix for CVE-2017-5753 Spectre-PHT.\n\n * CVE-2017-5754 (Meltdown-US)\n\nIn most scenarios, the fix for Meltdown-US has a negligible performance impact. F5 recommends testing the performance impact before deploying the fix in a production environment, or testing the fix during a maintenance window with consideration to the possible impact on your specific environment. If you encounter unacceptable performance issues in testing and choose to disable the Meltdown-US fix, you can do so by typing the following command:\n\ntmsh modify sys db kernel.pti value disable\n\n**Note:** This database variable change is applied without requirement for a reboot.\n\n**Important:** If you choose to disable the Meltdown-US fix, the system will be vulnerable to the Meltdown-US vulnerability. However, in order to take advantage of this vulnerability, the attacker must already possess the ability to run arbitrary code on the system. For non-vCMP systems, good access controls and keeping your system up-to-date with security fixes will mitigate this risk. For vCMP systems with multiple tenants, F5 recommends that you leave the Meltdown-US fix enabled.\n\n * Virtual F5 products/vCMP guests:\n\nThe Meltdown-US and Spectre-PHT fixes block the ability for those exploits to be executed on the patched OS. If the exploit allows cross-VM boundary information leaks, then a fixed VM is still vulnerable to attacks from a non-fixed VM or the host. Therefore, it is important to apply fixes to both guest VMs and the host that runs them.\n\n * Known issues:\n\nDue to a known issue with the Meltdown-US fix on BIG-IP platforms equipped with an AMD processor, the system may spontaneously reboot. Refer to the table in the **Impact** section for information about which BIG-IP platforms have an AMD processor. F5 Product Development has assigned ID 719711 to this issue. To work around the issue, you can disable the Meltdown-US fix (BIG-IP platforms with an AMD processor are not vulnerable to Meltdown-US per the table in the** Impact** section). To do so, perform the following procedure:\n\n**Note**: Performing the procedure to disable kernel page-table isolation does not disable the Spectre-PHT fix.\n\n 1. Log in to the BIG-IP command line.\n 2. Disable the kernel page-table isolation (PTI) database key by typing the following command: \n\ntmsh modify sys db kernel.pti value disable\n\n 3. Reboot the BIG-IP system by typing the following command: \n\nreboot\n\n**Note**: A reboot is required for this workaround.\n\n**Important**: This command will interrupt traffic while the BIG-IP system either fails over to a peer system or completes the reboot process. \n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nBIG-IP\n\nThe only roles on a BIG-IP system that can exploit these vulnerabilities are the Administrator, Resource Administrator, Manager, and iRules Manager roles. To mitigate against all three vulnerabilities, ensure that you limit access to these roles to only trusted employees.\n\nTo mitigate the Spectre-BTB vulnerability in multi-tenancy vCMP configurations, ensure that all guests are set to at least two **Cores Per Guest**.\n\nTraffix SDC\n\nFixes for CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754 are available from F5 via the following security bulletins for Traffix SDC 5.1.0, 5.0.0, and 4.4.0:\n\n * **5.1.0** \\- security bulletin build 93\n * **5.0.0** \\- security bulletin build 32\n * **4.4.0** \\- security bulletin build 14\n\nFor more information, contact your Traffix SDC Technical Support representative.\n\n * <https://googleprojectzero.blogspot.ca/2018/01/reading-privileged-memory-with-side.html>\n\n**Note**: This link takes you to a resource outside of AskF5. The third party could remove the document without our knowledge.\n\n * <https://meltdownattack.com/>\n\n**Note**: This link takes you to a resource outside of AskF5. The third party could remove the document without our knowledge.\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9502: BIG-IP hotfix and point release matrix](<https://support.f5.com/csp/article/K9502>)\n", "modified": "2019-05-28T22:51:00", "published": "2018-01-04T04:46:00", "id": "F5:K91229003", "href": "https://support.f5.com/csp/article/K91229003", "title": "Side-channel processor vulnerabilities CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754", "type": "f5", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "amazon": [{"lastseen": "2019-05-29T19:20:45", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nA use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor emulates a preemption timer for L2 guests when nested (=1) virtualization is enabled. This high resolution timer(hrtimer) runs when a L2 guest is active. After VM exit, the sync_vmcs12() timer object is stopped. The use-after-free occurs if the timer object is freed before calling sync_vmcs12() routine. A guest user/process could use this flaw to crash the host kernel resulting in a denial of service or, potentially, gain privileged access to a system. ([CVE-2019-7221 __](<https://access.redhat.com/security/cve/CVE-2019-7221>))\n\nA use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor implements its device control API. While creating a device via kvm_ioctl_create_device(), the device holds a reference to a VM object, later this reference is transferred to the caller's file descriptor table. If such file descriptor was to be closed, reference count to the VM object could become zero, potentially leading to a use-after-free issue. A user/process could use this flaw to crash the guest VM resulting in a denial of service issue or, potentially, gain privileged access to a system. ([CVE-2019-6974 __](<https://access.redhat.com/security/cve/CVE-2019-6974>))\n\nAn information leakage issue was found in the way Linux kernel's KVM hypervisor handled page fault exceptions while emulating instructions like VMXON, VMCLEAR, VMPTRLD, and VMWRITE with memory address as an operand. It occurs if the operand is a mmio address, as the returned exception object holds uninitialized stack memory contents. A guest user/process could use this flaw to leak host's stack memory contents to a guest. ([CVE-2019-7222 __](<https://access.redhat.com/security/cve/CVE-2019-7222>))\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n kernel-4.14.101-75.76.amzn1.i686 \n kernel-tools-devel-4.14.101-75.76.amzn1.i686 \n kernel-tools-debuginfo-4.14.101-75.76.amzn1.i686 \n kernel-debuginfo-4.14.101-75.76.amzn1.i686 \n kernel-headers-4.14.101-75.76.amzn1.i686 \n perf-debuginfo-4.14.101-75.76.amzn1.i686 \n kernel-tools-4.14.101-75.76.amzn1.i686 \n perf-4.14.101-75.76.amzn1.i686 \n kernel-debuginfo-common-i686-4.14.101-75.76.amzn1.i686 \n kernel-devel-4.14.101-75.76.amzn1.i686 \n \n src: \n kernel-4.14.101-75.76.amzn1.src \n \n x86_64: \n kernel-debuginfo-common-x86_64-4.14.101-75.76.amzn1.x86_64 \n perf-debuginfo-4.14.101-75.76.amzn1.x86_64 \n kernel-tools-debuginfo-4.14.101-75.76.amzn1.x86_64 \n kernel-tools-devel-4.14.101-75.76.amzn1.x86_64 \n kernel-headers-4.14.101-75.76.amzn1.x86_64 \n kernel-debuginfo-4.14.101-75.76.amzn1.x86_64 \n kernel-4.14.101-75.76.amzn1.x86_64 \n perf-4.14.101-75.76.amzn1.x86_64 \n kernel-devel-4.14.101-75.76.amzn1.x86_64 \n kernel-tools-4.14.101-75.76.amzn1.x86_64 \n \n \n", "modified": "2019-03-04T23:51:00", "published": "2019-03-04T23:51:00", "id": "ALAS-2019-1165", "href": "https://alas.aws.amazon.com/ALAS-2019-1165.html", "title": "Important: kernel", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2020-04-01T06:47:55", "bulletinFamily": "scanner", "description": "A use-after-free vulnerability was found in the way the Linux kernel", "modified": "2020-04-02T00:00:00", "id": "ALA_ALAS-2019-1165.NASL", "href": "https://www.tenable.com/plugins/nessus/122602", "published": "2019-03-05T00:00:00", "title": "Amazon Linux AMI : kernel (ALAS-2019-1165)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2019-1165.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122602);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/04/02 21:54:16\");\n\n script_cve_id(\"CVE-2019-6974\", \"CVE-2019-7221\", \"CVE-2019-7222\");\n script_xref(name:\"ALAS\", value:\"2019-1165\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2019-1165)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A use-after-free vulnerability was found in the way the Linux kernel's\nKVM hypervisor emulates a preemption timer for L2 guests when nested\n(=1) virtualization is enabled. This high resolution timer(hrtimer)\nruns when a L2 guest is active. After VM exit, the sync_vmcs12() timer\nobject is stopped. The use-after-free occurs if the timer object is\nfreed before calling sync_vmcs12() routine. A guest user/process could\nuse this flaw to crash the host kernel resulting in a denial of\nservice or, potentially, gain privileged access to a system.\n(CVE-2019-7221)\n\nA use-after-free vulnerability was found in the way the Linux kernel's\nKVM hypervisor implements its device control API. While creating a\ndevice via kvm_ioctl_create_device(), the device holds a reference to\na VM object, later this reference is transferred to the caller's file\ndescriptor table. If such file descriptor was to be closed, reference\ncount to the VM object could become zero, potentially leading to a\nuse-after-free issue. A user/process could use this flaw to crash the\nguest VM resulting in a denial of service issue or, potentially, gain\nprivileged access to a system. (CVE-2019-6974)\n\nAn information leakage issue was found in the way Linux kernel's KVM\nhypervisor handled page fault exceptions while emulating instructions\nlike VMXON, VMCLEAR, VMPTRLD, and VMWRITE with memory address as an\noperand. It occurs if the operand is a mmio address, as the returned\nexception object holds uninitialized stack memory contents. A guest\nuser/process could use this flaw to leak host's stack memory contents\nto a guest. (CVE-2019-7222)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2019-1165.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update kernel' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-4.14.101-75.76.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-4.14.101-75.76.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-4.14.101-75.76.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.14.101-75.76.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-4.14.101-75.76.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-4.14.101-75.76.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-4.14.101-75.76.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-4.14.101-75.76.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-devel-4.14.101-75.76.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-4.14.101-75.76.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-debuginfo-4.14.101-75.76.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-01T06:46:26", "bulletinFamily": "scanner", "description": "A use-after-free vulnerability was found in the way the Linux kernel", "modified": "2020-04-02T00:00:00", "id": "AL2_ALAS-2019-1165.NASL", "href": "https://www.tenable.com/plugins/nessus/122671", "published": "2019-03-08T00:00:00", "title": "Amazon Linux 2 : kernel (ALAS-2019-1165)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1165.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122671);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/04/02 21:54:16\");\n\n script_cve_id(\"CVE-2019-6974\", \"CVE-2019-7221\", \"CVE-2019-7222\");\n script_xref(name:\"ALAS\", value:\"2019-1165\");\n\n script_name(english:\"Amazon Linux 2 : kernel (ALAS-2019-1165)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A use-after-free vulnerability was found in the way the Linux kernel's\nKVM hypervisor implements its device control API. While creating a\ndevice via kvm_ioctl_create_device(), the device holds a reference to\na VM object, later this reference is transferred to the caller's file\ndescriptor table. If such file descriptor was to be closed, reference\ncount to the VM object could become zero, potentially leading to a\nuse-after-free issue. A user/process could use this flaw to crash the\nguest VM resulting in a denial of service issue or, potentially, gain\nprivileged access to a system.(CVE-2019-6974)\n\nAn information leakage issue was found in the way Linux kernel's KVM\nhypervisor handled page fault exceptions while emulating instructions\nlike VMXON, VMCLEAR, VMPTRLD, and VMWRITE with memory address as an\noperand. It occurs if the operand is a mmio address, as the returned\nexception object holds uninitialized stack memory contents. A guest\nuser/process could use this flaw to leak host's stack memory contents\nto a guest.(CVE-2019-7222)\n\nA use-after-free vulnerability was found in the way the Linux kernel's\nKVM hypervisor emulates a preemption timer for L2 guests when nested\n(=1) virtualization is enabled. This high resolution timer(hrtimer)\nruns when a L2 guest is active. After VM exit, the sync_vmcs12() timer\nobject is stopped. The use-after-free occurs if the timer object is\nfreed before calling sync_vmcs12() routine. A guest user/process could\nuse this flaw to crash the host kernel resulting in a denial of\nservice or, potentially, gain privileged access to a\nsystem.(CVE-2019-7221)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2019-1165.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update kernel' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-4.14.101-91.76.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-debuginfo-4.14.101-91.76.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.14.101-91.76.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-devel-4.14.101-91.76.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"kernel-headers-4.14.101-91.76.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-tools-4.14.101-91.76.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-4.14.101-91.76.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-tools-devel-4.14.101-91.76.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"perf-4.14.101-91.76.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"perf-debuginfo-4.14.101-91.76.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"python-perf-4.14.101-91.76.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-4.14.101-91.76.amzn2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-01T07:39:37", "bulletinFamily": "scanner", "description": "The 4.20.8 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "modified": "2020-04-02T00:00:00", "id": "FEDORA_2019-164946AA7F.NASL", "href": "https://www.tenable.com/plugins/nessus/122275", "published": "2019-02-19T00:00:00", "title": "Fedora 29 : kernel / kernel-headers / kernel-tools (2019-164946aa7f)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-164946aa7f.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122275);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/09/23 11:21:09\");\n\n script_cve_id(\"CVE-2019-6974\", \"CVE-2019-7221\", \"CVE-2019-7222\");\n script_xref(name:\"FEDORA\", value:\"2019-164946aa7f\");\n\n script_name(english:\"Fedora 29 : kernel / kernel-headers / kernel-tools (2019-164946aa7f)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.20.8 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-164946aa7f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected kernel, kernel-headers and / or kernel-tools\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-6974\", \"CVE-2019-7221\", \"CVE-2019-7222\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2019-164946aa7f\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"kernel-4.20.8-200.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"kernel-headers-4.20.8-200.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"kernel-tools-4.20.8-200.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-headers / kernel-tools\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-01T07:42:52", "bulletinFamily": "scanner", "description": "The 4.20.8 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "modified": "2020-04-02T00:00:00", "id": "FEDORA_2019-3DA64F3E61.NASL", "href": "https://www.tenable.com/plugins/nessus/122278", "published": "2019-02-19T00:00:00", "title": "Fedora 28 : kernel / kernel-headers / kernel-tools (2019-3da64f3e61)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-3da64f3e61.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122278);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/09/23 11:21:10\");\n\n script_cve_id(\"CVE-2019-6974\", \"CVE-2019-7221\", \"CVE-2019-7222\");\n script_xref(name:\"FEDORA\", value:\"2019-3da64f3e61\");\n\n script_name(english:\"Fedora 28 : kernel / kernel-headers / kernel-tools (2019-3da64f3e61)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.20.8 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-3da64f3e61\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected kernel, kernel-headers and / or kernel-tools\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-6974\", \"CVE-2019-7221\", \"CVE-2019-7222\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2019-3da64f3e61\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"kernel-4.20.8-100.fc28\")) flag++;\nif (rpm_check(release:\"FC28\", reference:\"kernel-headers-4.20.8-100.fc28\")) flag++;\nif (rpm_check(release:\"FC28\", reference:\"kernel-tools-4.20.8-100.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-headers / kernel-tools\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-01T06:43:51", "bulletinFamily": "scanner", "description": "According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - A use-after-free vulnerability was found in the way KVM\n implements its device control API. When a device is\n created via kvm_ioctl_create_device(), it holds a\n reference to a VM object. This reference is transferred\n to file descriptor table of the caller. If such file\n descriptor was closed, reference count to the VM object\n could become zero, which could lead to a use-after-free\n issue. A user/process could use this flaw to crash the\n guest VM resulting in a denial of service or,\n potentially, gain privileged access to a system.\n\n - A use-after-free vulnerability was found in the way KVM\n emulates a preemption timer for L2 guests when nested\n virtualization is enabled. A guest user/process could\n use this flaw to crash the host kernel resulting in a\n denial of service or, potentially, gain privileged\n access to a system.\n\n - It was discovered that a certain sequence of operations\n related to IPv4 routing could trigger a kernel memory\n leak. An attacker could potentially exploit that from a\n container to cause a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "modified": "2020-04-02T00:00:00", "id": "VIRTUOZZO_VZA-2019-046.NASL", "href": "https://www.tenable.com/plugins/nessus/133455", "published": "2020-02-04T00:00:00", "title": "Virtuozzo 7 : readykernel-patch (VZA-2019-046)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133455);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/02/07\");\n\n script_cve_id(\n \"CVE-2019-6974\",\n \"CVE-2019-7221\"\n );\n\n script_name(english:\"Virtuozzo 7 : readykernel-patch (VZA-2019-046)\");\n script_summary(english:\"Checks the readykernel output for the updated patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - A use-after-free vulnerability was found in the way KVM\n implements its device control API. When a device is\n created via kvm_ioctl_create_device(), it holds a\n reference to a VM object. This reference is transferred\n to file descriptor table of the caller. If such file\n descriptor was closed, reference count to the VM object\n could become zero, which could lead to a use-after-free\n issue. A user/process could use this flaw to crash the\n guest VM resulting in a denial of service or,\n potentially, gain privileged access to a system.\n\n - A use-after-free vulnerability was found in the way KVM\n emulates a preemption timer for L2 guests when nested\n virtualization is enabled. A guest user/process could\n use this flaw to crash the host kernel resulting in a\n denial of service or, potentially, gain privileged\n access to a system.\n\n - It was discovered that a certain sequence of operations\n related to IPv4 routing could trigger a kernel memory\n leak. An attacker could potentially exploit that from a\n container to cause a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://virtuozzosupport.force.com/s/article/VZA-2019-046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://readykernel.com/patch/1528/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://readykernel.com/patch/1530/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://readykernel.com/patch/1532/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://readykernel.com/patch/1534/\");\n script_set_attribute(attribute:\"solution\", value:\"Update the readykernel patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:readykernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\", \"Host/readykernel-info\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"readykernel.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nrk_info = get_kb_item(\"Host/readykernel-info\");\nif (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\n\nchecks = make_list2(\n make_array(\n \"kernel\",\"vzkernel-3.10.0-693.17.1.vz7.43.10\",\n \"patch\",\"readykernel-patch-43.10-80.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-693.21.1.vz7.46.7\",\n \"patch\",\"readykernel-patch-46.7-80.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-693.21.1.vz7.48.2\",\n \"patch\",\"readykernel-patch-48.2-80.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-862.9.1.vz7.63.3\",\n \"patch\",\"readykernel-patch-63.3-80.0-1.vl7\"\n )\n);\nreadykernel_execute_checks(checks:checks, severity:SECURITY_WARNING, release:\"Virtuozzo-7\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-01T02:25:59", "bulletinFamily": "scanner", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: potential use-after-free via kvm_ioctl_create_device()\n(CVE-2019-6974)\n\n* Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of\nthe preemption timer (CVE-2019-7221)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* rbd: avoid corruption on partially completed bios [rhel-7.6.z]\n(BZ#1672514)\n\n* xfs_vm_writepages deadly embrace between kworker and user task.\n[rhel-7.6.z] (BZ#1673281)\n\n* Offload Connections always get vlan priority 0 [rhel-7.6.z]\n(BZ#1673821)\n\n* [NOKIA] RHEL sends flood of Neighbour Solicitations under specific\nconditions [rhel-7.6.z] (BZ#1677179)\n\n* RHEL 7.6 - Host crash occurred on NVMe/IB system while running\ncontroller reset [rhel-7.6.z] (BZ#1678214)\n\n* [rhel7] raid0 md workqueue deadlock with stacked md devices\n[rhel-7.6.z] (BZ#1678215)\n\n* [PureStorage7.6]nvme disconnect following an unsuccessful Admin\nqueue creation causes kernel panic [rhel-7.6.z] (BZ#1678216)\n\n* RFC: Regression with -fstack-check in ", "modified": "2020-04-02T00:00:00", "id": "REDHAT-RHSA-2019-0818.NASL", "href": "https://www.tenable.com/plugins/nessus/124256", "published": "2019-04-24T00:00:00", "title": "RHEL 7 : kernel (RHSA-2019:0818)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:0818. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124256);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/24 15:35:46\");\n\n script_cve_id(\"CVE-2019-6974\", \"CVE-2019-7221\");\n script_xref(name:\"RHSA\", value:\"2019:0818\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2019:0818)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: potential use-after-free via kvm_ioctl_create_device()\n(CVE-2019-6974)\n\n* Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of\nthe preemption timer (CVE-2019-7221)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* rbd: avoid corruption on partially completed bios [rhel-7.6.z]\n(BZ#1672514)\n\n* xfs_vm_writepages deadly embrace between kworker and user task.\n[rhel-7.6.z] (BZ#1673281)\n\n* Offload Connections always get vlan priority 0 [rhel-7.6.z]\n(BZ#1673821)\n\n* [NOKIA] RHEL sends flood of Neighbour Solicitations under specific\nconditions [rhel-7.6.z] (BZ#1677179)\n\n* RHEL 7.6 - Host crash occurred on NVMe/IB system while running\ncontroller reset [rhel-7.6.z] (BZ#1678214)\n\n* [rhel7] raid0 md workqueue deadlock with stacked md devices\n[rhel-7.6.z] (BZ#1678215)\n\n* [PureStorage7.6]nvme disconnect following an unsuccessful Admin\nqueue creation causes kernel panic [rhel-7.6.z] (BZ#1678216)\n\n* RFC: Regression with -fstack-check in 'backport upstream large stack\nguard patch to RHEL6' patch [rhel-7.6.z] (BZ#1678221)\n\n* [Hyper-V] [RHEL 7.6]hv_netvsc: Fix a network regression after\nifdown/ifup [rhel-7.6.z] (BZ#1679997)\n\n* rtc_cmos: probe of 00:01 failed with error -16 [rhel-7.6.z]\n(BZ#1683078)\n\n* ACPI WDAT watchdog update [rhel-7.6.z] (BZ#1683079)\n\n* high ovs-vswitchd CPU usage when VRRP over VXLAN tunnel causing\nqrouter fail-over [rhel-7.6.z] (BZ#1683093)\n\n* Openshift node drops outgoing POD traffic due to NAT hashtable race\nin __ip_conntrack_confirm() [rhel-7.6.z] (BZ#1686766)\n\n* [Backport] [v3,2/2] net: igmp: Allow user-space configuration of\nigmp unsolicited report interval [rhel-7.6.z] (BZ#1686771)\n\n* [RHEL7.6]: Intermittently seen FIFO parity error on T6225-SO adapter\n[rhel-7.6.z] (BZ#1687487)\n\n* The number of unsolict report about IGMP is incorrect [rhel-7.6.z]\n(BZ# 1688225)\n\n* RDT driver causing failure to boot on AMD Rome system with more than\n255 CPUs [rhel-7.6.z] (BZ#1689120)\n\n* mpt3sas_cm0: fault_state(0x2100)! [rhel-7.6.z] (BZ#1689379)\n\n* rwsem in inconsistent state leading system to hung [rhel-7.6.z] (BZ#\n1690323)\n\nUsers of kernel are advised to upgrade to these updated packages,\nwhich fix these bugs.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:0818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-6974\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-7221\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-6974\", \"CVE-2019-7221\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:0818\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:0818\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-abi-whitelists-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-devel-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-devel-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-doc-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-headers-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-devel-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-debuginfo-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-debuginfo-3.10.0-957.12.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-957.12.1.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-01T02:26:06", "bulletinFamily": "scanner", "description": "An update for kernel-rt is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: potential use-after-free via kvm_ioctl_create_device()\n(CVE-2019-6974)\n\n* Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of\nthe preemption timer (CVE-2019-7221)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* VM hangs on RHEL rt-kernel and OSP 13 [rhel-7.6.z] (BZ#1688673)\n\n* kernel-rt: update to the RHEL7.6.z batch#4 source tree (BZ#1689417)\n\nUsers of kernel are advised to upgrade to these updated packages,\nwhich fix these bugs.", "modified": "2020-04-02T00:00:00", "id": "REDHAT-RHSA-2019-0833.NASL", "href": "https://www.tenable.com/plugins/nessus/124259", "published": "2019-04-24T00:00:00", "title": "RHEL 7 : kernel-rt (RHSA-2019:0833)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:0833. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124259);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/24 15:35:46\");\n\n script_cve_id(\"CVE-2019-6974\", \"CVE-2019-7221\");\n script_xref(name:\"RHSA\", value:\"2019:0833\");\n\n script_name(english:\"RHEL 7 : kernel-rt (RHSA-2019:0833)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel-rt is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: potential use-after-free via kvm_ioctl_create_device()\n(CVE-2019-6974)\n\n* Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of\nthe preemption timer (CVE-2019-7221)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* VM hangs on RHEL rt-kernel and OSP 13 [rhel-7.6.z] (BZ#1688673)\n\n* kernel-rt: update to the RHEL7.6.z batch#4 source tree (BZ#1689417)\n\nUsers of kernel are advised to upgrade to these updated packages,\nwhich fix these bugs.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:0833\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-6974\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-7221\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-6974\", \"CVE-2019-7221\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:0833\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:0833\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-3.10.0-957.12.1.rt56.927.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.10.0-957.12.1.rt56.927.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.10.0-957.12.1.rt56.927.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.10.0-957.12.1.rt56.927.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-3.10.0-957.12.1.rt56.927.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-debuginfo-3.10.0-957.12.1.rt56.927.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.10.0-957.12.1.rt56.927.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.10.0-957.12.1.rt56.927.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.10.0-957.12.1.rt56.927.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-rt-doc-3.10.0-957.12.1.rt56.927.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-3.10.0-957.12.1.rt56.927.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-debuginfo-3.10.0-957.12.1.rt56.927.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.10.0-957.12.1.rt56.927.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.10.0-957.12.1.rt56.927.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.10.0-957.12.1.rt56.927.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-3.10.0-957.12.1.rt56.927.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-debuginfo-3.10.0-957.12.1.rt56.927.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-18T02:49:52", "bulletinFamily": "scanner", "description": "Security Fix(es) :\n\n - Kernel: KVM: potential use-after-free via\n kvm_ioctl_create_device() (CVE-2019-6974)\n\n - Kernel: KVM: nVMX: use-after-free of the hrtimer for\n emulation of the preemption timer (CVE-2019-7221)\n\nBug Fix(es) :\n\n - rbd: avoid corruption on partially completed bios\n [rhel-7.6.z]\n\n - xfs_vm_writepages deadly embrace between kworker and\n user task. [rhel-7.6.z]\n\n - Offload Connections always get vlan priority 0\n [rhel-7.6.z]\n\n - [NOKIA] SL sends flood of Neighbour Solicitations under\n specific conditions [rhel-7.6.z]\n\n - SL 7.6 - Host crash occurred on NVMe/IB system while\n running controller reset [rhel-7.6.z]\n\n - [rhel7] raid0 md workqueue deadlock with stacked md\n devices [rhel-7.6.z]\n\n - [PureStorage7.6]nvme disconnect following an\n unsuccessful Admin queue creation causes kernel panic\n [rhel-7.6.z]\n\n - RFC: Regression with -fstack-check in ", "modified": "2019-04-25T00:00:00", "id": "SL_20190423_KERNEL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/124290", "published": "2019-04-25T00:00:00", "title": "Scientific Linux Security Update : kernel on SL7.x x86_64 (20190423)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124290);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2019-6974\", \"CVE-2019-7221\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL7.x x86_64 (20190423)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - Kernel: KVM: potential use-after-free via\n kvm_ioctl_create_device() (CVE-2019-6974)\n\n - Kernel: KVM: nVMX: use-after-free of the hrtimer for\n emulation of the preemption timer (CVE-2019-7221)\n\nBug Fix(es) :\n\n - rbd: avoid corruption on partially completed bios\n [rhel-7.6.z]\n\n - xfs_vm_writepages deadly embrace between kworker and\n user task. [rhel-7.6.z]\n\n - Offload Connections always get vlan priority 0\n [rhel-7.6.z]\n\n - [NOKIA] SL sends flood of Neighbour Solicitations under\n specific conditions [rhel-7.6.z]\n\n - SL 7.6 - Host crash occurred on NVMe/IB system while\n running controller reset [rhel-7.6.z]\n\n - [rhel7] raid0 md workqueue deadlock with stacked md\n devices [rhel-7.6.z]\n\n - [PureStorage7.6]nvme disconnect following an\n unsuccessful Admin queue creation causes kernel panic\n [rhel-7.6.z]\n\n - RFC: Regression with -fstack-check in 'backport upstream\n large stack guard patch to SL6' patch [rhel-7.6.z]\n\n - [Hyper-V] [SL 7.6]hv_netvsc: Fix a network regression\n after ifdown/ifup [rhel-7.6.z]\n\n - rtc_cmos: probe of 00:01 failed with error -16\n [rhel-7.6.z]\n\n - ACPI WDAT watchdog update [rhel-7.6.z]\n\n - high ovs-vswitchd CPU usage when VRRP over VXLAN tunnel\n causing qrouter fail-over [rhel-7.6.z]\n\n - Openshift node drops outgoing POD traffic due to NAT\n hashtable race in __ip_conntrack_confirm() [rhel-7.6.z]\n\n - [Backport] [v3,2/2] net: igmp: Allow user-space\n configuration of igmp unsolicited report interval\n [rhel-7.6.z]\n\n - [SL7.6]: Intermittently seen FIFO parity error on\n T6225-SO adapter [rhel-7.6.z]\n\n - The number of unsolict report about IGMP is incorrect\n [rhel-7.6.z]\n\n - RDT driver causing failure to boot on AMD Rome system\n with more than 255 CPUs [rhel-7.6.z]\n\n - mpt3sas_cm0: fault_state(0x2100)! [rhel-7.6.z]\n\n - rwsem in inconsistent state leading system to hung\n [rhel-7.6.z]\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1904&L=SCIENTIFIC-LINUX-ERRATA&P=6935\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7cab843a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-abi-whitelists-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-doc-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-957.12.1.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-01T06:43:08", "bulletinFamily": "scanner", "description": "According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support is vulnerable to an\n incorrect segment selector(SS) value error. The error\n could occur while loading values into the SS register\n in long mode. A user/process inside guest could use\n this flaw to crash the guest resulting in DoS or\n potentially escalate their privileges inside guest.\n\n - arch/x86/kvm/emulate.c in the Linux kernel through\n 4.9.3 allows local users to obtain sensitive\n information from kernel memory or cause a denial of\n service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave,\n sgdt, and sidt.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "modified": "2020-04-02T00:00:00", "id": "VIRTUOZZO_VZA-2017-004.NASL", "href": "https://www.tenable.com/plugins/nessus/97976", "published": "2017-03-27T00:00:00", "title": "Virtuozzo 7 : readykernel-patch (VZA-2017-004)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97976);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/01/14 10:10:15\");\n\n script_cve_id(\n \"CVE-2017-2583\",\n \"CVE-2017-2584\"\n );\n\n script_name(english:\"Virtuozzo 7 : readykernel-patch (VZA-2017-004)\");\n script_summary(english:\"Checks the readykernel output for the updated patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support is vulnerable to an\n incorrect segment selector(SS) value error. The error\n could occur while loading values into the SS register\n in long mode. A user/process inside guest could use\n this flaw to crash the guest resulting in DoS or\n potentially escalate their privileges inside guest.\n\n - arch/x86/kvm/emulate.c in the Linux kernel through\n 4.9.3 allows local users to obtain sensitive\n information from kernel memory or cause a denial of\n service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave,\n sgdt, and sidt.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.virtuozzo.com/customer/portal/articles/2734643\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-15.2-10.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?84a60371\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-18.7-10.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2dca61ae\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-20.18-10.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7af5a350\");\n script_set_attribute(attribute:\"solution\", value:\"Update the readykernel patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:readykernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\", \"Host/readykernel-info\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"readykernel.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nrk_info = get_kb_item(\"Host/readykernel-info\");\nif (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\n\nchecks = make_list2(\n make_array(\n \"kernel\",\"vzkernel-3.10.0-327.18.2.vz7.15.2\",\n \"patch\",\"readykernel-patch-15.2-10.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-327.36.1.vz7.18.7\",\n \"patch\",\"readykernel-patch-18.7-10.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-327.36.1.vz7.20.18\",\n \"patch\",\"readykernel-patch-20.18-10.0-1.vl7\"\n )\n);\nreadykernel_execute_checks(checks:checks, severity:SECURITY_WARNING, release:\"Virtuozzo-7\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-01T02:06:27", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2019:0818 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: potential use-after-free via kvm_ioctl_create_device()\n(CVE-2019-6974)\n\n* Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of\nthe preemption timer (CVE-2019-7221)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* rbd: avoid corruption on partially completed bios [rhel-7.6.z]\n(BZ#1672514)\n\n* xfs_vm_writepages deadly embrace between kworker and user task.\n[rhel-7.6.z] (BZ#1673281)\n\n* Offload Connections always get vlan priority 0 [rhel-7.6.z]\n(BZ#1673821)\n\n* [NOKIA] RHEL sends flood of Neighbour Solicitations under specific\nconditions [rhel-7.6.z] (BZ#1677179)\n\n* RHEL 7.6 - Host crash occurred on NVMe/IB system while running\ncontroller reset [rhel-7.6.z] (BZ#1678214)\n\n* [rhel7] raid0 md workqueue deadlock with stacked md devices\n[rhel-7.6.z] (BZ#1678215)\n\n* [PureStorage7.6]nvme disconnect following an unsuccessful Admin\nqueue creation causes kernel panic [rhel-7.6.z] (BZ#1678216)\n\n* RFC: Regression with -fstack-check in ", "modified": "2020-04-02T00:00:00", "id": "ORACLELINUX_ELSA-2019-0818.NASL", "href": "https://www.tenable.com/plugins/nessus/124254", "published": "2019-04-24T00:00:00", "title": "Oracle Linux 7 : kernel (ELSA-2019-0818)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:0818 and \n# Oracle Linux Security Advisory ELSA-2019-0818 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124254);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/09/27 13:00:39\");\n\n script_cve_id(\"CVE-2019-6974\", \"CVE-2019-7221\");\n script_xref(name:\"RHSA\", value:\"2019:0818\");\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2019-0818)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2019:0818 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: potential use-after-free via kvm_ioctl_create_device()\n(CVE-2019-6974)\n\n* Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of\nthe preemption timer (CVE-2019-7221)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* rbd: avoid corruption on partially completed bios [rhel-7.6.z]\n(BZ#1672514)\n\n* xfs_vm_writepages deadly embrace between kworker and user task.\n[rhel-7.6.z] (BZ#1673281)\n\n* Offload Connections always get vlan priority 0 [rhel-7.6.z]\n(BZ#1673821)\n\n* [NOKIA] RHEL sends flood of Neighbour Solicitations under specific\nconditions [rhel-7.6.z] (BZ#1677179)\n\n* RHEL 7.6 - Host crash occurred on NVMe/IB system while running\ncontroller reset [rhel-7.6.z] (BZ#1678214)\n\n* [rhel7] raid0 md workqueue deadlock with stacked md devices\n[rhel-7.6.z] (BZ#1678215)\n\n* [PureStorage7.6]nvme disconnect following an unsuccessful Admin\nqueue creation causes kernel panic [rhel-7.6.z] (BZ#1678216)\n\n* RFC: Regression with -fstack-check in 'backport upstream large stack\nguard patch to RHEL6' patch [rhel-7.6.z] (BZ#1678221)\n\n* [Hyper-V] [RHEL 7.6]hv_netvsc: Fix a network regression after\nifdown/ifup [rhel-7.6.z] (BZ#1679997)\n\n* rtc_cmos: probe of 00:01 failed with error -16 [rhel-7.6.z]\n(BZ#1683078)\n\n* ACPI WDAT watchdog update [rhel-7.6.z] (BZ#1683079)\n\n* high ovs-vswitchd CPU usage when VRRP over VXLAN tunnel causing\nqrouter fail-over [rhel-7.6.z] (BZ#1683093)\n\n* Openshift node drops outgoing POD traffic due to NAT hashtable race\nin __ip_conntrack_confirm() [rhel-7.6.z] (BZ#1686766)\n\n* [Backport] [v3,2/2] net: igmp: Allow user-space configuration of\nigmp unsolicited report interval [rhel-7.6.z] (BZ#1686771)\n\n* [RHEL7.6]: Intermittently seen FIFO parity error on T6225-SO adapter\n[rhel-7.6.z] (BZ#1687487)\n\n* The number of unsolict report about IGMP is incorrect [rhel-7.6.z]\n(BZ# 1688225)\n\n* RDT driver causing failure to boot on AMD Rome system with more than\n255 CPUs [rhel-7.6.z] (BZ#1689120)\n\n* mpt3sas_cm0: fault_state(0x2100)! [rhel-7.6.z] (BZ#1689379)\n\n* rwsem in inconsistent state leading system to hung [rhel-7.6.z] (BZ#\n1690323)\n\nUsers of kernel are advised to upgrade to these updated packages,\nwhich fix these bugs.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2019-April/008667.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-6974\", \"CVE-2019-7221\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2019-0818\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"3.10\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-abi-whitelists-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-debug-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-debug-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-doc-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-headers-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-libs-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-libs-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-957.12.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-957.12.1.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "symantec": [{"lastseen": "2019-10-09T00:30:35", "bulletinFamily": "software", "description": "### Description\n\nMultiple CPU Hardware are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks.\n\n### Technologies Affected\n\n * ARM Cortex A15 \n * ARM Cortex A57 \n * ARM Cortex A72 \n * IBM AIX 5.3 \n * IBM AIX 6.1 \n * IBM AIX 7.1 \n * IBM Aix 7.2 \n * IBM Vios 2.2.0 \n * Intel 2nd generation Core processors \n * Intel 3rd generation Core processors \n * Intel 4th generation Core processors \n * Intel 5th generation Core processors \n * Intel 6th generation Core processors \n * Intel 7th generation Core processors \n * Intel 8th generation Core processors \n * Intel Atom Processor A Series \n * Intel Atom Processor C Series \n * Intel Atom Processor E Series \n * Intel Atom Processor T Series \n * Intel Atom Processor X Series \n * Intel Atom Processor Z Series \n * Intel Celeron Processor J Series \n * Intel Celeron Processor N Series \n * Intel Core M processor family \n * Intel Core X-series Processor Family for Intel X299 platforms \n * Intel Core X-series Processor Family for Intel X99 platforms \n * Intel Pentium Processor J Series \n * Intel Pentium Processor N Series \n * Intel Pentium Processor Silver Series \n * Intel Xeon Processor E3 Family \n * Intel Xeon Processor E3 v2 Family \n * Intel Xeon Processor E3 v3 Family \n * Intel Xeon Processor E3 v4 Family \n * Intel Xeon Processor E3 v5 Family \n * Intel Xeon Processor E3 v6 Family \n * Intel Xeon Processor E5 Family \n * Intel Xeon Processor E5 v2 Family \n * Intel Xeon Processor E5 v3 Family \n * Intel Xeon Processor E5 v4 Family \n * Intel Xeon Processor E7 Family \n * Intel Xeon Processor E7 v2 Family \n * Intel Xeon Processor E7 v3 Family \n * Intel Xeon Processor E7 v4 Family \n * Intel Xeon processor 3400 series \n * Intel Xeon processor 3600 series \n * Intel Xeon processor 5500 series \n * Intel Xeon processor 5600 series \n * Intel Xeon processor 6500 series \n * Intel Xeon processor 7500 series \n * Microsoft Surface Book 2 \n * Microsoft Surface Laptop \n * Microsoft Surface Pro 3 \n * Microsoft Surface Pro 4 \n * Microsoft Surface Pro Model 1796 \n * Microsoft Surface Pro with Advanced LTE Model 1807 \n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 Version 1803 for 32-bit Systems \n * Microsoft Windows 10 Version 1803 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 10 version 1709 for 32-bit Systems \n * Microsoft Windows 10 version 1709 for x64-based Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for 64-bit Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 1709 \n * Microsoft Windows Server 1803 \n * Microsoft Windows Server 2008 R2 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 R2 for x64-based Systems (Server Core instal SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems (Server Core installation SP2 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems (Server Core installat SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 \n * NetApp SolidFire Element OS Management Node \n * Oracle Solaris 11 \n * Redhat Enterprise Linux Desktop 6 \n * Redhat Enterprise Linux Desktop 7 \n * Redhat Enterprise Linux EUS Compute Node 6.7 \n * Redhat Enterprise Linux EUS Compute Node 7.3 \n * Redhat Enterprise Linux EUS Compute Node 7.4 \n * Redhat Enterprise Linux EUS Compute Node 7.5 \n * Redhat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.3 \n * Redhat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.4 \n * Redhat Enterprise Linux Server - AUS 6.6 \n * Redhat Enterprise Linux Server - AUS 7.2 \n * Redhat Enterprise Linux Server - AUS 7.3 \n * Redhat Enterprise Linux Server - AUS 7.4 \n * Redhat Enterprise Linux Server - Extended Update Support 6.7 \n * Redhat Enterprise Linux Server - Extended Update Support 7.3 \n * Redhat Enterprise Linux Server - Extended Update Support 7.4 \n * Redhat Enterprise Linux Server - Extended Update Support 7.5 \n * Redhat Enterprise Linux Server - TUS 6.6 \n * Redhat Enterprise Linux Server - TUS 7.2 \n * Redhat Enterprise Linux Server - TUS 7.3 \n * Redhat Enterprise Linux Server - TUS 7.4 \n * Redhat Enterprise Linux Server - Update Services for SAP Solutions 7.2 \n * Redhat Enterprise Linux Server - Update Services for SAP Solutions 7.3 \n * Redhat Enterprise Linux Server - Update Services for SAP Solutions 7.4 \n * Redhat Enterprise Linux Server 6 \n * Redhat Enterprise Linux Server 7 \n * Redhat Enterprise Linux Server AUS 6.4 \n * Redhat Enterprise Linux Server AUS 6.5 \n * Redhat Enterprise Linux Workstation 6 \n * Redhat Enterprise Linux Workstation 7 \n * Redhat Enterprise Linux for ARM 64 7 \n * Redhat Enterprise Linux for IBM System z (Structure A) 7 \n * Redhat Enterprise Linux for IBM z Systems - Extended Update Support 6.7 \n * Redhat Enterprise Linux for IBM z Systems - Extended Update Support 7.3 \n * Redhat Enterprise Linux for IBM z Systems - Extended Update Support 7.4 \n * Redhat Enterprise Linux for IBM z Systems - Extended Update Support 7.5 \n * Redhat Enterprise Linux for IBM z Systems 7 \n * Redhat Enterprise Linux for Power 9 7 \n * Redhat Enterprise Linux for Power, big endian - Extended Update Support 6.7 \n * Redhat Enterprise Linux for Power, big endian - Extended Update Support 7.3 \n * Redhat Enterprise Linux for Power, big endian - Extended Update Support 7.4 \n * Redhat Enterprise Linux for Power, big endian - Extended Update Support 7.5 \n * Redhat Enterprise Linux for Power, big endian 6 \n * Redhat Enterprise Linux for Power, big endian 7 \n * Redhat Enterprise Linux for Power, little endian - Extended Update Supp 7.3 \n * Redhat Enterprise Linux for Power, little endian - Extended Update Supp 7.4 \n * Redhat Enterprise Linux for Power, little endian - Extended Update Supp 7.5 \n * Redhat Enterprise Linux for Power, little endian 7 \n * Redhat Enterprise Linux for Real Time 7 \n * Redhat Enterprise Linux for Real Time for NFV 7 \n * Redhat Enterprise Linux for Scientific Computing 6 \n * Redhat Enterprise Linux for Scientific Computing 7 \n * Redhat Gluster Storage Server for On-premise 3 for RHEL 7 \n * Redhat MRG Realtime 2 \n * Redhat OpenStack 10.0 \n * Redhat OpenStack 12.0 \n * Redhat OpenStack 7.0 \n * Redhat OpenStack 8.0 \n * Redhat OpenStack 9.0 \n * Redhat OpenStack for IBM Power 12.0 \n * Redhat Virtualization - ELS 3 \n * Redhat Virtualization 4 \n * Redhat Virtualization Host 4 \n * Redhat Virtualization Manager 4.2 \n * Redhat Virtualization for IBM Power LE 4 \n * Synology Dsm 5.2 \n * Synology Dsm 6.0 \n * Synology Dsm 6.1 \n * Synology Sky NAS \n * Synology Virtual DSM \n * Ubuntu Ubuntu Linux 14.04 LTS \n * Ubuntu Ubuntu Linux 16.04 LTS \n * Ubuntu Ubuntu Linux 17.10 \n * Ubuntu Ubuntu Linux 18.04 LTS \n * VMWare Fusion 10.0 \n * VMWare Fusion 10.1.1 \n * VMWare Fusion Pro 10.0 \n * VMWare Fusion Pro 10.1.1 \n * VMWare Workstation Player 14.0 \n * VMWare Workstation Player 14.1 \n * VMWare Workstation Player 14.1.1 \n * VMWare Workstation Pro 14.0 \n * VMWare Workstation Pro 14.1 \n * VMWare Workstation Pro 14.1.1 \n * VMWare vCenter Server 5.5 \n * VMWare vCenter Server 6.0 \n * VMWare vCenter Server 6.5 \n * VMWare vCenter Server 6.7 \n * VMWare vSphere ESXi 5.5 \n * VMWare vSphere ESXi 6.0 \n * VMWare vSphere ESXi 6.5 \n * VMWare vSphere ESXi 6.7 \n * Xen Xen \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nGiven the local nature of this issue, grant only trusted and accountable individuals access to affected computers. \n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2018-05-21T00:00:00", "published": "2018-05-21T00:00:00", "id": "SMNTC-104232", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/104232", "title": "Multiple CPU Hardware CVE-2018-3639 Information Disclosure Vulnerability", "type": "symantec", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}], "virtuozzo": [{"lastseen": "2019-11-05T11:27:47", "bulletinFamily": "unix", "description": "The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to the kernels 3.10.0-693.1.1.vz7.37.30 (Virtuozzo 7.0.6) and 3.10.0-693.11.6.vz7.40.4 (Virtuozzo 7.0.6 HF3). NOTE: No more patches are planned for kernel 3.10.0-693.1.1.vz7.37.30, support for which ends with this update.\n**Vulnerability id:** CVE-2019-6974\nA use-after-free vulnerability was found in the way KVM implements its device control API. When a device is created via kvm_ioctl_create_device(), it holds a reference to a VM object. This reference is transferred to file descriptor table of the caller. If such file descriptor was closed, reference count to the VM object could become zero, which could lead to a use-after-free issue. A user/process could use this flaw to crash the guest VM resulting in a denial of service or, potentially, gain privileged access to a system.\n\n**Vulnerability id:** CVE-2019-7221\nA use-after-free vulnerability was found in the way KVM emulates a preemption timer for L2 guests when nested virtualization is enabled. A guest user/process could use this flaw to crash the host kernel resulting in a denial of service or, potentially, gain privileged access to a system.\n\n**Vulnerability id:** PSBM-94535\nIt was discovered that a certain sequence of operations related to IPv4 routing could trigger a kernel memory leak. An attacker could potentially exploit that from a container to cause a denial of service.\n\n", "modified": "2019-06-03T00:00:00", "published": "2019-06-03T00:00:00", "id": "VZA-2019-045", "href": "https://help.virtuozzo.com/s/article/VZA-2019-045", "title": "Important kernel security update: Virtuozzo ReadyKernel patch 80.0 for Virtuozzo 7.0.6 and 7.0.6 HF3", "type": "virtuozzo", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-05T11:27:46", "bulletinFamily": "unix", "description": "The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to the kernels 3.10.0-693.17.1.vz7.43.10 (Virtuozzo 7.0.7), 3.10.0-693.21.1.vz7.46.7 (Virtuozzo 7.0.7 HF2), 3.10.0-693.21.1.vz7.48.2 (Virtuozzo 7.0.7 HF3), 3.10.0-862.9.1.vz7.63.3 (Virtuozzo 7.0.8).\n**Vulnerability id:** CVE-2019-6974\nA use-after-free vulnerability was found in the way KVM implements its device control API. When a device is created via kvm_ioctl_create_device(), it holds a reference to a VM object. This reference is transferred to file descriptor table of the caller. If such file descriptor was closed, reference count to the VM object could become zero, which could lead to a use-after-free issue. A user/process could use this flaw to crash the guest VM resulting in a denial of service or, potentially, gain privileged access to a system.\n\n**Vulnerability id:** CVE-2019-7221\nA use-after-free vulnerability was found in the way KVM emulates a preemption timer for L2 guests when nested virtualization is enabled. A guest user/process could use this flaw to crash the host kernel resulting in a denial of service or, potentially, gain privileged access to a system.\n\n**Vulnerability id:** PSBM-94535\nIt was discovered that a certain sequence of operations related to IPv4 routing could trigger a kernel memory leak. An attacker could potentially exploit that from a container to cause a denial of service.\n\n", "modified": "2019-06-03T00:00:00", "published": "2019-06-03T00:00:00", "id": "VZA-2019-046", "href": "https://help.virtuozzo.com/s/article/VZA-2019-046", "title": "Important kernel security update: Virtuozzo ReadyKernel patch 80.0 for Virtuozzo 7.0.7 to 7.0.8", "type": "virtuozzo", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-05T11:27:42", "bulletinFamily": "unix", "description": "The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to the kernels 3.10.0-862.11.6.vz7.64.7 (Virtuozzo 7.0.8 HF1), 3.10.0-862.20.2.vz7.73.24 and 3.10.0-862.20.2.vz7.73.29 (Virtuozzo 7.0 Update 9 and Virtuozzo Infrastructure Platform 2.5).\n**Vulnerability id:** CVE-2019-6974\nA use-after-free vulnerability was found in the way KVM implements its device control API. When a device is created via kvm_ioctl_create_device(), it holds a reference to a VM object. This reference is transferred to file descriptor table of the caller. If such file descriptor was closed, reference count to the VM object could become zero, which could lead to a use-after-free issue. A user/process could use this flaw to crash the guest VM resulting in a denial of service or, potentially, gain privileged access to a system.\n\n**Vulnerability id:** CVE-2019-7221\nA use-after-free vulnerability was found in the way KVM emulates a preemption timer for L2 guests when nested virtualization is enabled. A guest user/process could use this flaw to crash the host kernel resulting in a denial of service or, potentially, gain privileged access to a system.\n\n**Vulnerability id:** PSBM-94535\nIt was discovered that a certain sequence of operations related to IPv4 routing could trigger a kernel memory leak. An attacker could potentially exploit that from a container to cause a denial of service.\n\n", "modified": "2019-05-30T00:00:00", "published": "2019-05-30T00:00:00", "id": "VZA-2019-042", "href": "https://help.virtuozzo.com/s/article/VZA-2019-042", "title": "Important kernel security update: Virtuozzo ReadyKernel patch 80.0 for Virtuozzo 7.0 Update 9 and Virtuozzo Infrastructure Platform 2.5", "type": "virtuozzo", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-05T11:28:16", "bulletinFamily": "unix", "description": "The cumulative Virtuozzo ReadyKernel patch updated with security fixes. The patch applies to Virtuozzo versions 7.0.0, 7.0.1, and 7.0.3.\n**Vulnerability id:** CVE-2017-2583\nLinux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to an incorrect segment selector(SS) value error. The error could occur while loading values into the SS register in long mode. A user/process inside guest could use this flaw to crash the guest resulting in DoS or potentially escalate their privileges inside guest.\n\n**Vulnerability id:** CVE-2017-2584\narch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt.\n\n", "modified": "2017-02-03T00:00:00", "published": "2017-02-03T00:00:00", "id": "VZA-2017-004", "href": "https://help.virtuozzo.com/customer/portal/articles/2734643", "title": "Kernel security update: Virtuozzo ReadyKernel patch 10.0 for kernels 3.10.0-327.18.2.vz7.15.2 (Virtuozzo 7.0.0), 3.10.0-327.36.1.vz7.18.7 (Virtuozzo 7.0.1), and 3.10.0-327.36.1.vz7.20.18 (Virtuozzo 7.0.3)", "type": "virtuozzo", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-05T11:28:22", "bulletinFamily": "unix", "description": "This update provides a new kernel 2.6.32-042stab130.1 for Virtuozzo 6.0 that is a rebase to the Red Hat Enterprise Linux 6.9 kernel 2.6.32-696.30.1.el6. The new kernel introduces security and stability fixes.\n**Vulnerability id:** CVE-2018-3639\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.\n\n", "modified": "2018-05-23T00:00:00", "published": "2018-05-23T00:00:00", "id": "VZA-2018-033", "href": "https://help.virtuozzo.com/customer/portal/articles/2940774", "title": "Important kernel security update: CVE-2018-3639; new kernel 2.6.32-042stab130.1; Virtuozzo 6.0 Update 12 Hotfix 25 (6.0.12-3705)", "type": "virtuozzo", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-11-05T11:27:58", "bulletinFamily": "unix", "description": "This update provides a new kernel 2.6.32-042stab130.1 for Virtuozzo Containers for Linux 4.7 and Server Bare Metal 5.0 that is a rebase to the Red Hat Enterprise Linux 6.9 kernel 2.6.32-696.30.1.el6. The new kernel introduces security and stability fixes.\n**Vulnerability id:** CVE-2018-3639\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.\n\n", "modified": "2018-05-23T00:00:00", "published": "2018-05-23T00:00:00", "id": "VZA-2018-032", "href": "https://help.virtuozzo.com/customer/portal/articles/2940773", "title": "Important kernel security update: CVE-2018-3639; new kernel 2.6.32-042stab130.1 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0", "type": "virtuozzo", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-11-05T11:27:54", "bulletinFamily": "unix", "description": "This hotfix provides security fixes for the hypervisor part of Virtuozzo 6.0 Update 12.\n**Vulnerability id:** CVE-2018-1087\nA flaw was found in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest.\n\n**Vulnerability id:** CVE-2018-3639\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.\n\n", "modified": "2018-05-28T00:00:00", "published": "2018-05-28T00:00:00", "id": "VZA-2018-034", "href": "https://help.virtuozzo.com/customer/portal/articles/2941425", "title": "Important product update: Fixes for CVE-2018-3639 and CVE-2018-1087 in virtual machines; Virtuozzo 6.0 Update 12 Hotfix 26 (6.0.12-3707)", "type": "virtuozzo", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:45:56", "bulletinFamily": "unix", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974)\n\n* Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer (CVE-2019-7221)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* VM hangs on RHEL rt-kernel and OSP 13 [rhel-7.6.z] (BZ#1688673)\n\n* kernel-rt: update to the RHEL7.6.z batch#4 source tree (BZ#1689417)\n\nUsers of kernel are advised to upgrade to these updated packages, which fix these bugs.", "modified": "2019-04-23T16:53:48", "published": "2019-04-23T16:42:49", "id": "RHSA-2019:0833", "href": "https://access.redhat.com/errata/RHSA-2019:0833", "type": "redhat", "title": "(RHSA-2019:0833) Important: kernel-rt security and bug fix update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:44:41", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974)\n\n* Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer (CVE-2019-7221)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* rbd: avoid corruption on partially completed bios [rhel-7.6.z] (BZ#1672514)\n\n* xfs_vm_writepages deadly embrace between kworker and user task. [rhel-7.6.z] (BZ#1673281)\n\n* Offload Connections always get vlan priority 0 [rhel-7.6.z] (BZ#1673821)\n\n* [NOKIA] RHEL sends flood of Neighbour Solicitations under specific conditions [rhel-7.6.z] (BZ#1677179)\n\n* RHEL 7.6 - Host crash occurred on NVMe/IB system while running controller reset [rhel-7.6.z] (BZ#1678214)\n\n* [rhel7] raid0 md workqueue deadlock with stacked md devices [rhel-7.6.z] (BZ#1678215)\n\n* [PureStorage7.6]nvme disconnect following an unsuccessful Admin queue creation causes kernel panic [rhel-7.6.z] (BZ#1678216)\n\n* RFC: Regression with -fstack-check in 'backport upstream large stack guard patch to RHEL6' patch [rhel-7.6.z] (BZ#1678221)\n\n* [Hyper-V] [RHEL 7.6]hv_netvsc: Fix a network regression after ifdown/ifup [rhel-7.6.z] (BZ#1679997)\n\n* rtc_cmos: probe of 00:01 failed with error -16 [rhel-7.6.z] (BZ#1683078)\n\n* ACPI WDAT watchdog update [rhel-7.6.z] (BZ#1683079)\n\n* high ovs-vswitchd CPU usage when VRRP over VXLAN tunnel causing qrouter fail-over [rhel-7.6.z] (BZ#1683093)\n\n* Openshift node drops outgoing POD traffic due to NAT hashtable race in __ip_conntrack_confirm() [rhel-7.6.z] (BZ#1686766)\n\n* [Backport] [v3,2/2] net: igmp: Allow user-space configuration of igmp unsolicited report interval [rhel-7.6.z] (BZ#1686771)\n\n* [RHEL7.6]: Intermittently seen FIFO parity error on T6225-SO adapter [rhel-7.6.z] (BZ#1687487)\n\n* The number of unsolict report about IGMP is incorrect [rhel-7.6.z] (BZ#1688225)\n\n* RDT driver causing failure to boot on AMD Rome system with more than 255 CPUs [rhel-7.6.z] (BZ#1689120)\n\n* mpt3sas_cm0: fault_state(0x2100)! [rhel-7.6.z] (BZ#1689379)\n\n* rwsem in inconsistent state leading system to hung [rhel-7.6.z] (BZ#1690323)\n\nUsers of kernel are advised to upgrade to these updated packages, which fix these bugs.", "modified": "2019-04-23T17:37:12", "published": "2019-04-23T16:36:39", "id": "RHSA-2019:0818", "href": "https://access.redhat.com/errata/RHSA-2019:0818", "type": "redhat", "title": "(RHSA-2019:0818) Important: kernel security and bug fix update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:10", "bulletinFamily": "unix", "description": "The kernel-alt packages provide the Linux kernel version 4.x.\n\nSecurity Fix(es):\n\n* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, PowerPC)\n\n* This release also includes next iteration of the CVE-2017-5715 mitigation that includes the SMCCC (Secure Monitor Call Calling Convention) 1.1 support. (CVE-2017-5715, ARM)\n\nRed Hat would like to thank Google Project Zero for reporting CVE-2017-5715 and Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639.\n\nBug Fix(es):\n\nThese updated kernel-alt packages include numerous bug fixes. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article: https://access.redhat.com/articles/3485851", "modified": "2018-06-26T19:10:27", "published": "2018-06-26T19:04:18", "id": "RHSA-2018:1967", "href": "https://access.redhat.com/errata/RHSA-2018:1967", "type": "redhat", "title": "(RHSA-2018:1967) Important: kernel-alt security and bug fix update", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-01-14T17:40:48", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)\n\n* Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974)\n\n* kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853)\n\n* kernel: TLB flush happens too late on mremap (CVE-2018-18281)\n\n* kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* guest softlockup in mem_cgroup_reparent_charges with 800GB guests (BZ#1770111)\n\n* [RHEL7.7] Refined TSC clocksource calibration occasionally fails on some SkyLake-X servers (BZ#1775682)", "modified": "2020-01-14T20:38:34", "published": "2020-01-14T15:21:15", "id": "RHSA-2020:0103", "href": "https://access.redhat.com/errata/RHSA-2020:0103", "type": "redhat", "title": "(RHSA-2020:0103) Important: kernel security and bug fix update", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:14", "bulletinFamily": "unix", "description": "[3.10.0-957.12.1.OL7]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [bug 24817676]\n[3.10.0-957.12.1]\n- [kernel] locking/rwsem: Fix (possible) missed wakeup (Waiman Long) [1690323 1547078]\n- [kernel] futex: Fix (possible) missed wakeup (Waiman Long) [1690323 1547078]\n- [kernel] futex: Use smp_store_release() in mark_wake_futex() (Waiman Long) [1690323 1547078]\n- [kernel] sched/wake_q: Fix wakeup ordering for wake_q (Waiman Long) [1690323 1547078]\n- [kernel] sched/wake_q: Document wake_q_add() (Waiman Long) [1690323 1547078]\n- [scsi] mpt3sas: As per MPI-spec, use combined reply queue for SAS3.5 controllers when HBA supports more than 16 MSI-x vectors (Tomas Henzl) [1689379 1649288]\n- [x86] cpu: avoid crash in get_cpu_cache_id() (David Arcari) [1689120 1626279]\n- [net] igmp: Allow user-space configuration of igmp unsolicited report interval (Hangbin Liu) [1686771 1663941]\n- [net] igmp: Don't flush routing cache when force_igmp_version is modified (Hangbin Liu) [1686771 1663941]\n- [net] igmp: fix incorrect unsolicit report count after link down and up (Hangbin Liu) [1688225 1623359]\n- [net] igmp: fix incorrect unsolicit report count when join group (Hangbin Liu) [1688225 1623359]\n- [net] igmp: make function __ip_mc_inc_group() static (Hangbin Liu) [1688225 1623359]\n- [net] igmp: Reduce Unsolicited report interval to 1s when using IGMPv3 (Hangbin Liu) [1688225 1623359]\n- [netdrv] cxgb4: Mask out interrupts that are not enabled (Arjun Vynipadath) [1687487 1678729]\n- [acpi] apci / watchdog: enable acpi_watchdog_uses_rtc (David Arcari) [1683078 1663637]\n- [watchdog] simplify getting .drvdata (David Arcari) [1683079 1666393]\n- [acpi] acpi / watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (David Arcari) [1683079 1666393]\n- [acpi] acpi / watchdog: Prefer iTCO_wdt on Lenovo Z50-70 (David Arcari) [1683079 1666393]\n- [acpi] acpi / watchdog: properly initialize resources (David Arcari) [1683079 1666393]\n- [acpi] acpi / watchdog: Fix init failure with overlapping register regions (David Arcari) [1683079 1666393]\n- [acpi] acpi / watchdog: Print out error number when device creation fails (David Arcari) [1683079 1666393]\n- [net] netfilter: nat: limit port clash resolution attempts (Florian Westphal) [1683093 1654777]\n- [net] netfilter: nat: remove l4 protocol port rovers (Florian Westphal) [1683093 1654777]\n- [net] netfilter: nat: cope with negative port range (Florian Westphal) [1683093 1654777]\n- [x86] mm/fault: Allow stack access below rsp (Waiman Long) [1678221 1651416]\n- [nvme] nvme-rdma: fix possible double free of controller async event buffer (David Milburn) [1678214 1659532]\n- [nvme] nvme-rdma: fix possible free of a non-allocated async event buffer (David Milburn) [1678214 1659532]\n- [nvme] nvme-rdma: stop admin queue before freeing it (David Milburn) [1678214 1659532]\n- [nvme] rdma: fix double freeing of async event data (David Milburn) [1678216 1655786]\n- [md] fix memleak for mempool (Nigel Croxon) [1678215 1599780]\n- [md] Memory leak when flush bio size is zero (Nigel Croxon) [1678215 1599780]\n- [md] fix lock contention for flush bios (Nigel Croxon) [1678215 1599780]\n- [net] ipv6: rate-limit probes for neighbourless routes (Sabrina Dubroca) [1677179 1637821]\n- [net] ipv6: Re-arrange code in rt6_probe() (Sabrina Dubroca) [1677179 1637821]\n- [netdrv] cxgb4: update supported DCB version (Arjun Vynipadath) [1673821 1668570]\n- [netdrv] cxgb4: when disabling dcb set txq dcb priority to 0 (Arjun Vynipadath) [1673821 1668570]\n- [kvm] kvm: fix kvm_ioctl_create_device() reference counting (Paolo Bonzini) [1671922 1671923] {CVE-2019-6974}\n- [kvm] KVM: nVMX: unconditionally cancel preemption timer in free_nested (Paolo Bonzini) [1671905 1671906] {CVE-2019-7221}\n- [mm] page-writeback.c: fix range_cyclic writeback vs writepages deadlock (Brian Foster) [1673281 1591574]\n- [fs] rbd: avoid corruption on partially completed bios (Ilya Dryomov) [1672514 1613493]\n[3.10.0-957.11.1]\n- [net] netfilter: nf_nat: skip nat clash resolution for same-origin entries (Florian Westphal) [1686766 1648965]\n- [net] netfilter: nf_conntrack: resolve clash for matching conntracks (Florian Westphal) [1686766 1648965]\n- [net] netfilter: conntrack: skip clash resolution if nat is in place (Florian Westphal) [1686766 1648965]\n- [net] netfilter: conntrack: introduce clash resolution on insertion race (Florian Westphal) [1686766 1648965]\n- [net] netfilter: conntrack: fix race between confirmation and flush (Florian Westphal) [1686766 1648965]\n- [net] netfilter: conntrack: introduce nf_ct_acct_update() (Florian Westphal) [1686766 1648965]\n- [netdrv] hv_netvsc: Fix a network regression after ifdown/ifup (Mohammed Gamal) [1679997 1661632]", "modified": "2019-04-23T00:00:00", "published": "2019-04-23T00:00:00", "id": "ELSA-2019-0818", "href": "http://linux.oracle.com/errata/ELSA-2019-0818.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:14", "bulletinFamily": "unix", "description": "[4.14.35-1844.4.5]\n- x86/apic/x2apic: set back affinity of a single interrupt to one cpu (Mridula Shastry) [Orabug: 29510342]\n[4.14.35-1844.4.4]\n- ext4: fix data corruption caused by unaligned direct AIO (Lukas Czerner) [Orabug: 29598590] \n- swiotlb: checking whether swiotlb buffer is full with io_tlb_used (Dongli Zhang) [Orabug: 29587097] \n- swiotlb: add debugfs to track swiotlb buffer usage (Dongli Zhang) [Orabug: 29587097] \n- swiotlb: fix comment on swiotlb_bounce() (Dongli Zhang) [Orabug: 29587097] \n- scsi: target: add device product id and revision configfs attributes (Alan Adamson) [Orabug: 29344881] \n- scsi: target: remove hardcoded T10 Vendor ID in INQUIRY response (David Disseldorp) [Orabug: 29344881] \n- scsi: target: add device vendor_id configfs attribute (David Disseldorp) [Orabug: 29344881] \n- scsi: target: consistently null-terminate t10_wwn strings (David Disseldorp) [Orabug: 29344881] \n- scsi: target: use consistent left-aligned ASCII INQUIRY data (David Disseldorp) [Orabug: 29344881] \n- x86/speculation: Keep enhanced IBRS on when prctl is used for SSBD control (Alejandro Jimenez) [Orabug: 29526400] \n- drm/amdkfd: fix amdkfd use-after-free GP fault (Randy Dunlap) [Orabug: 29534199]\n[4.14.35-1844.4.3]\n- can: gw: ensure DLC boundaries after CAN frame modification (Oliver Hartkopp) [Orabug: 29215297] {CVE-2019-3701} {CVE-2019-3701}\n[4.14.35-1844.4.2]\n- x86/speculation: Clean up enhanced IBRS checks in bugs.c (Alejandro Jimenez) [Orabug: 29423796] \n- x86/speculation: Keep enhanced IBRS on when spec_store_bypass_disable=on is used (Alejandro Jimenez) [Orabug: 29423796] \n- kvm/speculation: Allow KVM guests to use SSBD even if host does not (Alejandro Jimenez) [Orabug: 29423796] \n- exec: Fix mem leak in kernel_read_file (YueHaibing) [Orabug: 29454858] {CVE-2019-8980}\n- net: crypto set sk to NULL when af_alg_release. (Mao Wenan) [Orabug: 29454874] {CVE-2019-8912}\n- {net, IB}/mlx5: Raise fatal IB event when sys error occurs (Daniel Jurgens) [Orabug: 29479744] \n- net/mlx5e: Avoid query PPCNT register if not supported by the device (Eyal Davidovich) [Orabug: 29479795] \n- mm: enforce min addr even if capable() in expand_downwards() (Jann Horn) [Orabug: 29501977] {CVE-2019-9213}\n- [UEK-5] IB/mlx5_core: Use kzalloc when allocating PD (Erez Alfasi) [Orabug: 29479806] \n- IB/mlx5: Change debugfs to have per port contents (Parav Pandit) [Orabug: 29486784] \n- Revert 'IB/mlx5: Change debugfs to have per port contents' (Qing Huang) [Orabug: 29486784] \n- scsi: scsi_transport_iscsi: modify detected conn err to KERN_ERR (Fred Herard) [Orabug: 29487789] \n- xen/blkfront: avoid NULL blkfront_info dereference on device removal (Vasilis Liaskovitis) [Orabug: 29489795] \n- qlcnic: fix Tx descriptor corruption on 82xx devices (Shahed Shaikh) [Orabug: 29495427]\n[4.14.35-1844.4.1]\n- scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task (Anoob Soman) [Orabug: 29024514] \n- scsi: scsi_transport_iscsi: redirect conn error to console (Fred Herard) [Orabug: 29469713] \n- Revert x86/apic/x2apic: set affinity of a single interrupt to one cpu (Mridula Shastry) [Orabug: 29469651] \n- net/mlx5: Fix error handling in load one (Maor Gottlieb) [Orabug: 29019396] \n- net/mlx5: Fix mlx5_get_uars_page to return error code (Eran Ben Elisha) [Orabug: 29019396] \n- net/mlx5: Fix memory leak in bad flow of mlx5_alloc_irq_vectors (Alaa Hleihel) [Orabug: 29019396] \n- net/mlx4_core: Fix wrong calculation of free counters (Eran Ben Elisha) [Orabug: 29019396] \n- net/mlx5: Free IRQs in shutdown path (Daniel Jurgens) [Orabug: 29019427] \n- net/mlx5e: DCBNL fix min inline header size for dscp (Huy Nguyen) [Orabug: 29019427] \n- IB/mlx4: Fix integer overflow when calculating optimal MTT size (Jack Morgenstein) [Orabug: 29019427] \n- net/mlx5: Fix mlx5_get_vector_affinity function (Israel Rukshin) [Orabug: 29019427] \n- net/mlx5e: Fixed sleeping inside atomic context (Aviad Yehezkel) [Orabug: 29019427] \n- IB/core: Generate GID change event regardless of RoCE GID table property (Parav Pandit) [Orabug: 29019427] \n- net/mlx5: Vport, Use 'kvfree()' for memory allocated by 'kvzalloc()' (Christophe JAILLET) [Orabug: 29019430] \n- IB/mlx4: Use 4K pages for kernel QP's WQE buffer (Jack Morgenstein) [Orabug: 29019795] \n- net/mlx5: Add missing SET_DRIVER_VERSION command translation (Noa Osherovich) [Orabug: 29447325] \n- net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables (Raed Salem) [Orabug: 29447325] \n- net/mlx5: Fix debugfs cleanup in the device init/remove flow (Jack Morgenstein) [Orabug: 29447325] \n- net/mlx5: Check for error in mlx5_attach_interface (Huy Nguyen) [Orabug: 29447325] \n- net/mlx5: Fix use-after-free in self-healing flow (Jack Morgenstein) [Orabug: 29447325] \n- uek-rpm: update list of removed files, generated by depmod on install stage (Alexander Burmashev) [Orabug: 29460369]\n[4.14.35-1844.4.0]\n- fs/dcache.c: add cond_resched() in shrink_dentry_list() (Nikolay Borisov) [Orabug: 29450975] \n- net_failover: delay taking over primary device to accommodate udevd renaming (Si-Wei Liu) \n- hugetlbfs: fix races and page leaks during migration (Mike Kravetz) [Orabug: 29443877] \n- rds: update correct congestion map for loopback transport (Mukesh Kacker) [Orabug: 29431289] \n- KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221) (Peter Shier) [Orabug: 29408638] {CVE-2019-7221}\n- KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222) (Paolo Bonzini) [Orabug: 29408618] {CVE-2019-7222}\n- kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974) (Jann Horn) [Orabug: 29408541] {CVE-2019-6974}\n- ib_core: initialize shpd field when allocating 'struct ib_pd' (Mukesh Kacker) [Orabug: 29384900] \n- bnxt_en: Return linux standard errors in bnxt_ethtool.c (Vasundhara Volam) [Orabug: 29261957] \n- bnxt_en: Don't set ETS on unused TCs. (Michael Chan) [Orabug: 29261957] \n- bnxt_en: get the reduced max_irqs by the ones used by RDMA (Vasundhara Volam) [Orabug: 29261957] \n- bnxt_en: free hwrm resources, if driver probe fails. (Venkat Duvvuru) [Orabug: 29261957] \n- bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request (Vasundhara Volam) [Orabug: 29261957] \n- bnxt_en: Fix VNIC reservations on the PF. (Michael Chan) [Orabug: 29261957]", "modified": "2019-04-12T00:00:00", "published": "2019-04-12T00:00:00", "id": "ELSA-2019-4612", "href": "http://linux.oracle.com/errata/ELSA-2019-4612.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:28:21", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2019:0818\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974)\n\n* Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer (CVE-2019-7221)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* rbd: avoid corruption on partially completed bios [rhel-7.6.z] (BZ#1672514)\n\n* xfs_vm_writepages deadly embrace between kworker and user task. [rhel-7.6.z] (BZ#1673281)\n\n* Offload Connections always get vlan priority 0 [rhel-7.6.z] (BZ#1673821)\n\n* [NOKIA] RHEL sends flood of Neighbour Solicitations under specific conditions [rhel-7.6.z] (BZ#1677179)\n\n* RHEL 7.6 - Host crash occurred on NVMe/IB system while running controller reset [rhel-7.6.z] (BZ#1678214)\n\n* [rhel7] raid0 md workqueue deadlock with stacked md devices [rhel-7.6.z] (BZ#1678215)\n\n* [PureStorage7.6]nvme disconnect following an unsuccessful Admin queue creation causes kernel panic [rhel-7.6.z] (BZ#1678216)\n\n* RFC: Regression with -fstack-check in 'backport upstream large stack guard patch to RHEL6' patch [rhel-7.6.z] (BZ#1678221)\n\n* [Hyper-V] [RHEL 7.6]hv_netvsc: Fix a network regression after ifdown/ifup [rhel-7.6.z] (BZ#1679997)\n\n* rtc_cmos: probe of 00:01 failed with error -16 [rhel-7.6.z] (BZ#1683078)\n\n* ACPI WDAT watchdog update [rhel-7.6.z] (BZ#1683079)\n\n* high ovs-vswitchd CPU usage when VRRP over VXLAN tunnel causing qrouter fail-over [rhel-7.6.z] (BZ#1683093)\n\n* Openshift node drops outgoing POD traffic due to NAT hashtable race in __ip_conntrack_confirm() [rhel-7.6.z] (BZ#1686766)\n\n* [Backport] [v3,2/2] net: igmp: Allow user-space configuration of igmp unsolicited report interval [rhel-7.6.z] (BZ#1686771)\n\n* [RHEL7.6]: Intermittently seen FIFO parity error on T6225-SO adapter [rhel-7.6.z] (BZ#1687487)\n\n* The number of unsolict report about IGMP is incorrect [rhel-7.6.z] (BZ#1688225)\n\n* RDT driver causing failure to boot on AMD Rome system with more than 255 CPUs [rhel-7.6.z] (BZ#1689120)\n\n* mpt3sas_cm0: fault_state(0x2100)! [rhel-7.6.z] (BZ#1689379)\n\n* rwsem in inconsistent state leading system to hung [rhel-7.6.z] (BZ#1690323)\n\nUsers of kernel are advised to upgrade to these updated packages, which fix these bugs.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2019-April/023278.html\n\n**Affected packages:**\nbpftool\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\n", "modified": "2019-04-30T12:00:45", "published": "2019-04-30T12:00:45", "id": "CESA-2019:0818", "href": "http://lists.centos.org/pipermail/centos-announce/2019-April/023278.html", "title": "bpftool, kernel, perf, python security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2019-02-19T01:01:38", "bulletinFamily": "unix", "description": "The openSUSE Leap 15.0 kernel was updated to receive various security and\n bugfixes.\n\n\n The following security bugs were fixed:\n\n - CVE-2019-3459,CVE-2019-3460: Two information leaks in the bluetooth\n stack were fixed. (bnc#1120758).\n - CVE-2019-7221: A use-after-free in the KVM nVMX hrtimer was fixed.\n (bnc#1124732).\n - CVE-2019-7222: A information leak in exception handling in KVM could be\n used to expose host memory to guests. (bnc#1124735).\n - CVE-2019-6974: A use-after-free in the KVM device control API was\n fixed. (bnc#1124728).\n - CVE-2018-20669: Missing access control checks in ioctl of gpu/drm/i915\n driver were fixed which might have lead to information leaks.\n (bnc#1122971).\n\n The following non-security bugs were fixed:\n\n - 6lowpan: iphc: reset mac_header after decompress to fix panic\n (bsc#1051510).\n - 9p: clear dangling pointers in p9stat_free (bsc#1051510).\n - 9p locks: fix glock.client_id leak in do_lock (bsc#1051510).\n - 9p/net: put a lower bound on msize (bsc#1051510).\n - acpi/nfit: Block function zero DSMs (bsc#1051510).\n - acpi, nfit: Fix Address Range Scrub completion tracking (bsc#1124969).\n - acpi/nfit: Fix command-supported detection (bsc#1051510).\n - acpi/nfit: Fix race accessing memdev in nfit_get_smbios_id()\n (bsc#1122662).\n - acpi/nfit: Fix user-initiated ARS to be &quot;ARS-long&quot; rather than\n &quot;ARS-short&quot; (bsc#1124969).\n - ACPI: power: Skip duplicate power resource references in _PRx\n (bsc#1051510).\n - Add delay-init quirk for Corsair K70 RGB keyboards (bsc#1087092).\n - af_iucv: Move sockaddr length checks to before accessing sa_family in\n bind and connect handlers (bsc#1051510).\n - alsa: bebob: fix model-id of unit for Apogee Ensemble (bsc#1051510).\n - alsa: compress: Fix stop handling on compressed capture streams\n (bsc#1051510).\n - alsa: hda - Add mute LED support for HP ProBook 470 G5 (bsc#1051510).\n - alsa: hda/ca0132 - Fix build error without CONFIG_PCI (bsc#1051510).\n - alsa: hda/realtek - Fixed hp_pin no value (bsc#1051510).\n - alsa: hda/realtek - Fix lose hp_pins for disable auto mute (bsc#1051510).\n - alsa: hda/realtek - Use a common helper for hp pin reference\n (bsc#1051510).\n - alsa: hda - Serialize codec registrations (bsc#1122944).\n - alsa: hda - Use standard device registration for beep (bsc#1122944).\n - alsa: oxfw: add support for APOGEE duet FireWire (bsc#1051510).\n - alsa: usb-audio: Add Opus #3 to quirks for native DSD support\n (bsc#1051510).\n - alsa: usb-audio: Add support for new T+A USB DAC (bsc#1051510).\n - amd-xgbe: Fix mdio access for non-zero ports and clause 45 PHYs\n (bsc#1122927).\n - arm: 8802/1: Call syscall_trace_exit even when system call skipped\n (bsc#1051510).\n - arm: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address\n handling (bsc#1051510).\n - arm: 8815/1: V7M: align v7m_dma_inv_range() with v7 counterpart\n (bsc#1051510).\n - arm/arm64: kvm:vgic: Force VM halt when changing the active state of\n GICv3 PPIs/SGIs (bsc#1051510).\n - arm: cns3xxx: Fix writing to wrong PCI config registers after alignment\n (bsc#1051510).\n - arm: cns3xxx: Use actual size reads for PCIe (bsc#1051510).\n - arm: imx: update the cpu power up timing setting on i.mx6sx\n (bsc#1051510).\n - arm: kvm:Fix VTTBR_BADDR_MASK BUG_ON off-by-one (bsc#1051510).\n - arm: mmp/mmp2: fix cpu_is_mmp2() on mmp2-dt (bsc#1051510).\n - arm: OMAP1: ams-delta: Fix possible use of uninitialized field\n (bsc#1051510).\n - arm: OMAP2+: prm44xx: Fix section annotation on\n omap44xx_prm_enable_io_wakeup (bsc#1051510).\n - ASoC: dma-sh7760: cleanup a debug printk (bsc#1051510).\n - ASoC: rt5514-spi: Fix potential NULL pointer dereference (bsc#1051510).\n - ax25: fix a use-after-free in ax25_fillin_cb()\n (networking-stable-19_01_04).\n - be2net: do not flip hw_features when VXLANs are added/deleted\n (bsc#1050252).\n - blkdev: avoid migration stalls for blkdev pages (bsc#1084216).\n - blk-mq: fix kernel oops in blk_mq_tag_idle() (bsc#1051510).\n - block: break discard submissions into the user defined size (git-fixes).\n - block: cleanup __blkdev_issue_discard() (git-fixes).\n - block: do not deal with discard limit in blkdev_issue_discard()\n (git-fixes).\n - block: fix 32 bit overflow in __blkdev_issue_discard() (git-fixes).\n - block: fix infinite loop if the device loses discard capability\n (git-fixes).\n - block: make sure discard bio is aligned with logical block size\n (git-fixes).\n - block: make sure writesame bio is aligned with logical block size\n (git-fixes).\n - block/swim3: Fix -EBUSY error when re-opening device after unmount\n (git-fixes).\n - bnx2x: Assign unique DMAE channel number for FW DMAE transactions\n (bsc#1086323).\n - bnx2x: Clear fip MAC when fcoe offload support is disabled (bsc#1086323).\n - bnx2x: Fix NULL pointer dereference in bnx2x_del_all_vlans() on some hw\n (bsc#1086323).\n - bnx2x: Remove configured vlans as part of unload sequence (bsc#1086323).\n - bnx2x: Send update-svid ramrod with retry/poll flags enabled\n (bsc#1086323).\n - bonding: update nest level on unlink (git-fixes).\n - bsg: allocate sense buffer if requested (bsc#1106811).\n - btrfs: qgroup: Fix root item corruption when multiple same source\n snapshots are created with quota enabled (bsc#1122324).\n - can: bcm: check timer values before ktime conversion (bsc#1051510).\n - can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by\n removing it (bsc#1051510).\n - can: gw: ensure DLC boundaries after CAN frame modification\n (bsc#1051510).\n - cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader (bsc#1051510).\n - char/mwave: fix potential Spectre v1 vulnerability (bsc#1051510).\n - checkstack.pl: fix for aarch64 (bsc#1051510).\n - cifs: add missing debug entries for kconfig options (bsc#1051510).\n - cifs: add missing support for ACLs in SMB 3.11 (bsc#1051510).\n - cifs: add sha512 secmech (bsc#1051510).\n - cifs: Add support for reading attributes on SMB2+ (bsc#1051510).\n - cifs: Add support for writing attributes on SMB2+ (bsc#1051510).\n - cifs: do not log STATUS_NOT_FOUND errors for DFS (bsc#1051510).\n - cifs: Do not modify mid entry after submitting I/O in cifs_call_async\n (bsc#1051510).\n - cifs: Fix error mapping for SMB2_LOCK command which caused OFD lock\n problem (bsc#1051510).\n - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510).\n - cifs: fix return value for cifs_listxattr (bsc#1051510).\n - cifs: Fix separator when building path from dentry (bsc#1051510).\n - cifs: fix set info (bsc#1051510).\n - cifs: fix sha512 check in cifs_crypto_secmech_release (bsc#1051510).\n - cifs: fix wrapping bugs in num_entries() (bsc#1051510).\n - cifs: For SMB2 security informaion query, check for minimum sized\n security descriptor instead of sizeof FileAllInformation class\n (bsc#1051510).\n - cifs: hide unused functions (bsc#1051510).\n - cifs: hide unused functions (bsc#1051510).\n - cifs: implement v3.11 preauth integrity (bsc#1051510).\n - cifs: make 'nodfs' mount opt a superblock flag (bsc#1051510).\n - cifs: prevent integer overflow in nxt_dir_entry() (bsc#1051510).\n - cifs: prototype declaration and definition for smb 2 - 3 and cifsacl\n mount options (bsc#1051510).\n - cifs: prototype declaration and definition to set acl for smb 2 - 3 and\n cifsacl mount options (bsc#1051510).\n - cifs: refactor crypto shash/sdesc allocation&amp;free (bsc#1051510).\n - cifs: smb2ops: Fix listxattr() when there are no EAs (bsc#1051510).\n - cifs: Use smb 2 - 3 and cifsacl mount options getacl functions\n (bsc#1051510).\n - cifs: Use smb 2 - 3 and cifsacl mount options setacl function\n (bsc#1051510).\n - cifs: Use ULL suffix for 64-bit constant (bsc#1051510).\n - clk: imx6q: reset exclusive gates on init (bsc#1051510).\n - clk: rockchip: fix typo in rk3188 spdif_frac parent (bsc#1051510).\n - clk: sunxi-ng: enable so-said LDOs for A64 SoC's pll-mipi clock\n (bsc#1051510).\n - clk: sunxi-ng: h3/h5: Fix CSI_MCLK parent (bsc#1051510).\n - cpufreq: imx6q: add return value check for voltage scale (bsc#1051510).\n - Cramfs: fix abad comparison when wrap-arounds occur (bsc#1051510).\n - crypto: authencesn - Avoid twice completion call in decrypt path\n (bsc#1051510).\n - crypto: authenc - fix parsing key with misaligned rta_len (bsc#1051510).\n - crypto: bcm - convert to use crypto_authenc_extractkeys() (bsc#1051510).\n - crypto: caam - fix zero-length buffer DMA mapping (bsc#1051510).\n - crypto: user - support incremental algorithm dumps (bsc#1120902).\n - dlm: fixed memory leaks after failed ls_remove_names allocation\n (bsc#1051510).\n - dlm: lost put_lkb on error path in receive_convert() and\n receive_unlock() (bsc#1051510).\n - dlm: memory leaks on error path in dlm_user_request() (bsc#1051510).\n - dlm: possible memory leak on error path in create_lkb() (bsc#1051510).\n - dmaengine: at_hdmac: fix memory leak in at_dma_xlate() (bsc#1051510).\n - dmaengine: at_hdmac: fix module unloading (bsc#1051510).\n - dmaengine: dma-jz4780: Return error if not probed from DT (bsc#1051510).\n - dmaengine: dw: Fix FIFO size for Intel Merrifield (bsc#1051510).\n - dmaengine: xilinx_dma: Remove __aligned attribute on zynqmp_dma_desc_ll\n (bsc#1051510).\n - dm cache metadata: verify cache has blocks in\n blocks_are_clean_separate_dirty() (git-fixes).\n - dm: call blk_queue_split() to impose device limits on bios (git-fixes).\n - dm: do not allow readahead to limit IO size (git-fixes).\n - dm thin: send event about thin-pool state change _after_ making it\n (git-fixes).\n - dm zoned: Fix target BIO completion handling (git-fixes).\n - Do not log expected error on DFS referral request (bsc#1051510).\n - driver core: Move async_synchronize_full call (bsc#1051510).\n - drivers: core: Remove glue dirs from sysfs earlier (bsc#1051510).\n - drivers/misc/sgi-gru: fix Spectre v1 vulnerability (bsc#1051510).\n - drivers/net/ethernet/qlogic/qed/qed_rdma.h: fix typo (bsc#1086314\n bsc#1086313 bsc#1086301 ).\n - drivers/sbus/char: add of_node_put() (bsc#1051510).\n - drivers/tty: add missing of_node_put() (bsc#1051510).\n - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock\n (bsc#1113722)\n - drm/fb-helper: Partially bring back workaround for bugs of SDL 1.2\n (bsc#1113722)\n - drm/i915/gvt: Fix mmap range check (bsc#1120902)\n - drm/nouveau/tmr: detect stalled gpu timer and break out of waits\n (bsc#1123538).\n - drm/vmwgfx: Fix setting of dma masks (bsc#1120902)\n - drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user\n (bsc#1120902)\n - e1000e: allow non-monotonic SYSTIM readings (bsc#1051510).\n - exportfs: do not read dentry after free (bsc#1051510).\n - ext4: Fix crash during online resizing (bsc#1122779).\n - fanotify: fix handling of events on child sub-directory (bsc#1122019).\n - fat: validate -&gt;i_start before using (bsc#1051510).\n - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y (bsc#1051510).\n - fork: do not copy inconsistent signal handler state to child\n (bsc#1051510).\n - fork: record start_time late (git-fixes).\n - fork: unconditionally clear stack on fork (git-fixes).\n - fs/cifs: require sha512 (bsc#1051510).\n - gpio: altera-a10sr: Set proper output level for direction_output\n (bsc#1051510).\n - gpio: pcf857x: Fix interrupts on multiple instances (bsc#1051510).\n - gpio: pl061: handle failed allocations (bsc#1051510).\n - gpio: pl061: Move irq_chip definition inside struct pl061 (bsc#1051510).\n - gpio: vf610: Mask all GPIO interrupts (bsc#1051510).\n - gro_cell: add napi_disable in gro_cells_destroy\n (networking-stable-19_01_04).\n - hfs: do not free node before using (bsc#1051510).\n - hfsplus: do not free node before using (bsc#1051510).\n - hfsplus: prevent btree data loss on root split (bsc#1051510).\n - hfs: prevent btree data loss on root split (bsc#1051510).\n - i2c: dev: prevent adapter retries and timeout being set as minus value\n (bsc#1051510).\n - i40e: fix mac filter delete when setting mac address (bsc#1056658\n bsc#1056662).\n - i40e: report correct statistics when XDP is enabled (bsc#1056658\n bsc#1056662).\n - i40e: restore NETIF_F_GSO_IPXIP to netdev features (bsc#1056658\n bsc#1056662).\n - ibmveth: Do not process frames after calling napi_reschedule\n (bcs#1123357).\n - ibmveth: fix DMA unmap error in ibmveth_xmit_start error path\n (networking-stable-19_01_04).\n - ibmvnic: Add ethtool private flag for driver-defined queue limits\n (bsc#1121726).\n - ibmvnic: Increase maximum queue size limit (bsc#1121726).\n - ibmvnic: Introduce driver limits for ring sizes (bsc#1121726).\n - ide: pmac: add of_node_put() (bsc#1051510).\n - ieee802154: lowpan_header_create check must check daddr\n (networking-stable-19_01_04).\n - input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G\n (bsc#1051510).\n - input: omap-keypad - fix idle configuration to not block SoC idle states\n (bsc#1051510).\n - input: raspberrypi-ts - fix link error (git-fixes).\n - input: restore EV_ABS ABS_RESERVED (bsc#1051510).\n - input: synaptics - enable RMI on ThinkPad T560 (bsc#1051510).\n - input: synaptics - enable SMBus for HP EliteBook 840 G4 (bsc#1051510).\n - input: xpad - add support for SteelSeries Stratus Duo (bsc#1111666).\n - iommu/amd: Call free_iova_fast with pfn in map_sg (bsc#1106105).\n - iommu/amd: Fix IOMMU page flush when detach device from a domain\n (bsc#1106105).\n - iommu/amd: Unmap all mapped pages in error path of map_sg (bsc#1106105).\n - iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions()\n (bsc#1106105).\n - ip6mr: Fix potential Spectre v1 vulnerability\n (networking-stable-19_01_04).\n - ipmi:pci: Blacklist a Realtek &quot;IPMI&quot; device (git-fixes).\n - ipmi:ssif: Fix handling of multi-part return messages (bsc#1051510).\n - ip: on queued skb use skb_header_pointer instead of pskb_may_pull\n (git-fixes).\n - ipv4: Fix potential Spectre v1 vulnerability\n (networking-stable-19_01_04).\n - ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes\n (networking-stable-18_12_12).\n - ipv6: Check available headroom in ip6_xmit() even without options\n (networking-stable-18_12_12).\n - ipv6: explicitly initialize udp6_addr in udp_sock_create6()\n (networking-stable-19_01_04).\n - ipv6: sr: properly initialize flowi6 prior passing to ip6_route_output\n (networking-stable-18_12_12).\n - ipv6: tunnels: fix two use-after-free (networking-stable-19_01_04).\n - ip: validate header length on virtual device xmit\n (networking-stable-19_01_04).\n - iscsi target: fix session creation failure handling (bsc#1051510).\n - isdn: fix kernel-infoleak in capi_unlocked_ioctl (bsc#1051510).\n - iwlwifi: fix non_shared_ant for 22000 devices (bsc#1119086).\n - iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE (bsc#1119086).\n - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT to old firmwares\n (bsc#1119086).\n - jffs2: Fix use of uninitialized delayed_work, lockdep breakage\n (bsc#1051510).\n - kABI: fix xhci kABI stability (bsc#1119086).\n - kABI: protect struct sctp_association (kabi).\n - kABI workaround for deleted snd_hda_register_beep_device() (bsc#1122944).\n - kABI workaround for snd_hda_bus.bus_probing addition (bsc#1122944).\n - kdb: use memmove instead of overlapping memcpy (bsc#1120954).\n - kernel/exit.c: release ptraced tasks before zap_pid_ns_processes\n (git-fixes).\n - kvm: arm/arm64: Properly protect VGIC locks from IRQs (bsc#1117155).\n - kvm: arm/arm64: VGIC/ITS: Promote irq_lock() in update_affinity\n (bsc#1117155).\n - kvm: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock\n (bsc#1117155).\n - kvm: arm/arm64: VGIC/ITS save/restore: protect kvm_read_guest() calls\n (bsc#1117155).\n - kvm: PPC: Book3S PR: Set hflag to indicate that POWER9 supports 1T\n segments (bsc#1124589).\n - kvm: sev: Fail KVM_SEV_INIT if already initialized (bsc#1114279).\n - kvm: x86: fix L1TF's MMIO GFN calculation (bsc#1124204).\n - lan78xx: Resolve issue with changing MAC address (bsc#1051510).\n - libertas_tf: prevent underflow in process_cmdrequest() (bsc#1119086).\n - lib/rbtree-test: lower default params (git-fixes).\n - lockd: fix access beyond unterminated strings in prints (git-fixes).\n - LSM: Check for NULL cred-security on free (bsc#1051510).\n - md: fix raid10 hang issue caused by barrier (git-fixes).\n - media: firewire: Fix app_info parameter type in avc_ca{,_app}_info\n (bsc#1051510).\n - media: usb: pwc: Do not use coherent DMA buffers for ISO transfer\n (bsc#1054610).\n - media: v4l2-tpg: array index could become negative (bsc#1051510).\n - media: v4l: ioctl: Validate num_planes for debug messages (bsc#1051510).\n - media: vb2: be sure to unlock mutex on errors (bsc#1051510).\n - media: vb2: vb2_mmap: move lock up (bsc#1051510).\n - media: vivid: fix error handling of kthread_run (bsc#1051510).\n - media: vivid: free bitmap_cap when updating std/timings/etc\n (bsc#1051510).\n - media: vivid: set min width/height to a value &gt; 0 (bsc#1051510).\n - mfd: ab8500-core: Return zero in get_register_interruptible()\n (bsc#1051510).\n - mfd: tps6586x: Handle interrupts on suspend (bsc#1051510).\n - misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data\n (bsc#1051510).\n - misc: hmc6352: fix potential Spectre v1 (bsc#1051510).\n - misc: mic/scif: fix copy-paste error in scif_create_remote_lookup\n (bsc#1051510).\n - misc: mic: SCIF Fix scif_get_new_port() error handling (bsc#1051510).\n - misc: sram: enable clock before registering regions (bsc#1051510).\n - misc: sram: fix resource leaks in probe error path (bsc#1051510).\n - misc: ti-st: Fix memory leak in the error path of probe() (bsc#1051510).\n - misc: vexpress: Off by one in vexpress_syscfg_exec() (bsc#1051510).\n - mmc: atmel-mci: do not assume idle after atmci_request_end (bsc#1051510).\n - mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1051510).\n - mmc: dw_mmc-bluefield: : Fix the license information (bsc#1051510).\n - mmc: sdhci-iproc: handle mmc_of_parse() errors during probe\n (bsc#1051510).\n - mm/huge_memory: fix lockdep complaint on 32-bit i_size_read() (VM\n Functionality, bsc#1121599).\n - mm/huge_memory: rename freeze_page() to unmap_page() (VM Functionality,\n bsc#1121599).\n - mm/huge_memory: splitting set mapping+index before unfreeze (VM\n Functionality, bsc#1121599).\n - mm/khugepaged: collapse_shmem() do not crash on Compound (VM\n Functionality, bsc#1121599).\n - mm/khugepaged: collapse_shmem() remember to clear holes (VM\n Functionality, bsc#1121599).\n - mm/khugepaged: collapse_shmem() stop if punched or truncated (VM\n Functionality, bsc#1121599).\n - mm/khugepaged: collapse_shmem() without freezing new_page (VM\n Functionality, bsc#1121599).\n - mm/khugepaged: fix crashes due to misaccounted holes (VM Functionality,\n bsc#1121599).\n - mm/khugepaged: minor reorderings in collapse_shmem() (VM Functionality,\n bsc#1121599).\n - mm: migrate: lock buffers before migrate_page_move_mapping()\n (bsc#1084216).\n - mm: migrate: Make buffer_migrate_page_norefs() actually succeed\n (bsc#1084216)\n - mm: migrate: provide buffer_migrate_page_norefs() (bsc#1084216).\n - mm: migration: factor out code to compute expected number of page\n references (bsc#1084216).\n - Move the upstreamed HD-audio fix into sorted section\n - mpt3sas: check sense buffer before copying sense data (bsc#1106811).\n - neighbour: Avoid writing before skb-&gt;head in neigh_hh_output()\n (networking-stable-18_12_12).\n - net: 8139cp: fix a BUG triggered by changing mtu with network traffic\n (networking-stable-18_12_12).\n - net: core: Fix Spectre v1 vulnerability (networking-stable-19_01_04).\n - net/hamradio/6pack: use mod_timer() to rearm timers\n (networking-stable-19_01_04).\n - net: hns3: add error handler for hns3_nic_init_vector_data()\n (bsc#1104353).\n - net: hns3: add handling for big TX fragment (bsc#1104353 ).\n - net: hns3: Fix client initialize state issue when roce client initialize\n failed (bsc#1104353).\n - net: hns3: Fix for loopback selftest failed problem (bsc#1104353 ).\n - net: hns3: fix for multiple unmapping DMA problem (bsc#1104353 ).\n - net: hns3: Fix tc setup when netdev is first up (bsc#1104353 ).\n - net: hns3: Fix tqp array traversal condition for vf (bsc#1104353 ).\n - net: hns3: move DMA map into hns3_fill_desc (bsc#1104353 ).\n - net: hns3: remove hns3_fill_desc_tso (bsc#1104353).\n - net: hns3: rename hns_nic_dma_unmap (bsc#1104353).\n - net: hns3: rename the interface for init_client_instance and\n uninit_client_instance (bsc#1104353).\n - net: macb: restart tx after tx used bit read\n (networking-stable-19_01_04).\n - net/mlx4_en: Change min MTU size to ETH_MIN_MTU\n (networking-stable-18_12_12).\n - net/mlx5e: Remove the false indication of software timestamping support\n (networking-stable-19_01_04).\n - net/mlx5: Typo fix in del_sw_hw_rule (networking-stable-19_01_04).\n - net: phy: do not allow __set_phy_supported to add unsupported modes\n (networking-stable-18_12_12).\n - net: phy: Fix the issue that netif always links up after resuming\n (networking-stable-19_01_04).\n - netrom: fix locking in nr_find_socket() (networking-stable-19_01_04).\n - net: skb_scrub_packet(): Scrub offload_fwd_mark\n (networking-stable-18_12_03).\n - net/smc: fix TCP fallback socket release (networking-stable-19_01_04).\n - net: stmmac: Fix PCI module removal leak (git-fixes).\n - net: thunderx: set tso_hdrs pointer to NULL in nicvf_free_snd_queue\n (networking-stable-18_12_03).\n - net: thunderx: set xdp_prog to NULL if bpf_prog_add fails\n (networking-stable-18_12_03).\n - net/wan: fix a double free in x25_asy_open_tty()\n (networking-stable-19_01_04).\n - nfsd: COPY and CLONE operations require the saved filehandle to be set\n (git-fixes).\n - nfsd: Fix an Oops in free_session() (git-fixes).\n - nfs: Fix a missed page unlock after pg_doio() (git-fixes).\n - NFS: Fix up return value on fatal errors in nfs_page_async_flush()\n (git-fixes).\n - NFSv4.1: Fix the r/wsize checking (git-fixes).\n - NFSv4: Do not exit the state manager without clearing\n NFS4CLNT_MANAGER_RUNNING (git-fixes).\n - nvme-multipath: round-robin I/O policy (bsc#1110705).\n - omap2fb: Fix stack memory disclosure (bsc#1120902)\n - packet: Do not leak dev refcounts on error exit (git-fixes).\n - packet: validate address length if non-zero (networking-stable-19_01_04).\n - packet: validate address length (networking-stable-19_01_04).\n - PCI: Disable broken RTIT_BAR of Intel TH (bsc#1120318).\n - phonet: af_phonet: Fix Spectre v1 vulnerability\n (networking-stable-19_01_04).\n - platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes\n (bsc#1051510).\n - platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK (bsc#1051510).\n - platform/x86: asus-wmi: Tell the EC the OS will handle the display off\n hotkey (bsc#1051510).\n - powerpc: Always save/restore checkpointed regs during\n treclaim/trecheckpoint (bsc#1118338).\n - powerpc/cacheinfo: Report the correct shared_cpu_map on big-cores\n (bsc#1109695).\n - powerpc: Detect the presence of big-cores via &quot;ibm, thread-groups&quot;\n (bsc#1109695).\n - powerpc: make use of for_each_node_by_type() instead of open-coding it\n (bsc#1109695).\n - powerpc/powernv: Clear LPCR[PECE1] via stop-api only for deep state\n offline (bsc#1119766, bsc#1055121).\n - powerpc/powernv: Clear PECE1 in LPCR via stop-api only on Hotplug\n (bsc#1119766, bsc#1055121).\n - powerpc: Remove facility loadups on transactional {fp, vec, vsx}\n unavailable (bsc#1118338).\n - powerpc: Remove redundant FP/Altivec giveup code (bsc#1118338).\n - powerpc/setup: Add cpu_to_phys_id array (bsc#1109695).\n - powerpc/smp: Add cpu_l2_cache_map (bsc#1109695).\n - powerpc/smp: Add Power9 scheduler topology (bsc#1109695).\n - powerpc/smp: Rework CPU topology construction (bsc#1109695).\n - powerpc/smp: Use cpu_to_chip_id() to find core siblings (bsc#1109695).\n - powerpc/tm: Avoid machine crash on rt_sigreturn (bsc#1118338).\n - powerpc/tm: Do not check for WARN in TM Bad Thing handling (bsc#1118338).\n - powerpc/tm: Fix comment (bsc#1118338).\n - powerpc/tm: Fix endianness flip on trap (bsc#1118338).\n - powerpc/tm: Fix HFSCR bit for no suspend case (bsc#1118338).\n - powerpc/tm: Fix HTM documentation (bsc#1118338).\n - powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM (bsc#1118338).\n - powerpc/tm: P9 disable transactionally suspended sigcontexts\n (bsc#1118338).\n - powerpc/tm: Print 64-bits MSR (bsc#1118338).\n - powerpc/tm: Print scratch value (bsc#1118338).\n - powerpc/tm: Reformat comments (bsc#1118338).\n - powerpc/tm: Remove msr_tm_active() (bsc#1118338).\n - powerpc/tm: Remove struct thread_info param from tm_reclaim_thread()\n (bsc#1118338).\n - powerpc/tm: Save MSR to PACA before RFID (bsc#1118338).\n - powerpc/tm: Set MSR[TS] just prior to recheckpoint (bsc#1118338,\n bsc#1120955).\n - powerpc/tm: Unset MSR[TS] if not recheckpointing (bsc#1118338).\n - powerpc/tm: Update function prototype comment (bsc#1118338).\n - powerpc: Use cpu_smallcore_sibling_mask at SMT level on bigcores\n (bsc#1109695).\n - powerpc/xmon: Fix invocation inside lock region (bsc#1122885).\n - pstore/ram: Avoid allocation and leak of platform data (bsc#1051510).\n - pstore/ram: Avoid NULL deref in ftrace merging failure path\n (bsc#1051510).\n - pstore/ram: Correctly calculate usable PRZ bytes (bsc#1051510).\n - pstore/ram: Do not treat empty buffers as valid (bsc#1051510).\n - ptp_kvm: probe for kvm guest availability (bsc#1098382).\n - ptr_ring: wrap back -&gt;producer in __ptr_ring_swap_queue()\n (networking-stable-19_01_04).\n - qed: Avoid constant logical operation warning in qed_vf_pf_acquire\n (bsc#1086314 bsc#1086313 bsc#1086301).\n - qed: Avoid implicit enum conversion in qed_iwarp_parse_rx_pkt\n (bsc#1086314 bsc#1086313 bsc#1086301 ).\n - qed: Avoid implicit enum conversion in qed_roce_mode_to_flavor\n (bsc#1086314 bsc#1086313 bsc#1086301 ).\n - qed: Avoid implicit enum conversion in qed_set_tunn_cls_info\n (bsc#1086314 bsc#1086313 bsc#1086301 ).\n - qed: Fix an error code qed_ll2_start_xmit() (bsc#1086314 bsc#1086313\n bsc#1086301).\n - qed: Fix bitmap_weight() check (bsc#1086314 bsc#1086313 bsc#1086301).\n - qed: Fix blocking/unlimited SPQ entries leak (bsc#1086314 bsc#1086313\n bsc#1086301).\n - qed: Fix command number mismatch between driver and the mfw (bsc#1086314\n bsc#1086313 bsc#1086301 ).\n - qed: Fix mask parameter in qed_vf_prep_tunn_req_tlv (bsc#1086314\n bsc#1086313 bsc#1086301).\n - qed: Fix memory/entry leak in qed_init_sp_request() (bsc#1086314\n bsc#1086313 bsc#1086301).\n - qed: Fix potential memory corruption (bsc#1086314 bsc#1086313\n bsc#1086301).\n - qed: Fix PTT leak in qed_drain() (bsc#1086314 bsc#1086313 bsc#1086301).\n - qed: Fix QM getters to always return a valid pq (bsc#1086314 bsc#1086313\n bsc#1086301).\n - qed: Fix rdma_info structure allocation (bsc#1086314 bsc#1086313\n bsc#1086301).\n - qed: Fix reading wrong value in loop condition (bsc#1086314 bsc#1086313\n bsc#1086301).\n - qla2xxx: Fixup dual-protocol FCP connections (bsc#1108870).\n - qmi_wwan: Added support for Fibocom NL668 series\n (networking-stable-19_01_04).\n - qmi_wwan: Added support for Telit LN940 series\n (networking-stable-19_01_04).\n - qmi_wwan: Add support for Fibocom NL678 series\n (networking-stable-19_01_04).\n - rapidio/rionet: do not free skb before reading its length\n (networking-stable-18_12_03).\n - RDMA/core: Fix unwinding flow in case of error to register device\n (bsc#1046306).\n - Revert &quot;serial: 8250: Fix clearing FIFOs in RS485 mode again&quot;\n (bsc#1051510).\n - rpm/release-projects: Add SUSE:Maintenance:* for MU kernels (bsc#1123317)\n - rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices\n (networking-stable-18_12_12).\n - s390/zcrypt: fix specification exception on z196 during ap probe\n (LTC#174936, bsc#1123061).\n - sbus: char: add of_node_put() (bsc#1051510).\n - sched/wait: Fix rcuwait_wake_up() ordering (git-fixes).\n - scripts/git_sort/git_sort.py: Add mkp/scsi 5.0/scsi-fixes\n - scripts/git_sort/git_sort.py: Add s390/linux.git fixes.\n - scsi: qedi: Add ep_state for login completion on un-reachable targets\n (bsc#1113712).\n - scsi: qla2xxx: Timeouts occur on surprise removal of QLogic adapter\n (bsc#1124985).\n - scsi: target: make the pi_prot_format ConfigFS path readable\n (bsc#1123933).\n - sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event\n (networking-stable-19_01_04).\n - sctp: kfree_rcu asoc (networking-stable-18_12_12).\n - selftests/powerpc: Use snprintf to construct DSCR sysfs interface paths\n (bsc#1124579).\n - selinux: Add __GFP_NOWARN to allocation at str_read() (bsc#1051510).\n - selinux: fix GPF on invalid policy (bsc#1051510).\n - serial: imx: fix error handling in console_setup (bsc#1051510).\n - serial: set suppress_bind_attrs flag only if builtin (bsc#1051510).\n - serial/sunsu: fix refcount leak (bsc#1051510).\n - serial: uartps: Fix interrupt mask issue to handle the RX interrupts\n properly (bsc#1051510).\n - shmem: introduce shmem_inode_acct_block (VM Functionality, bsc#1121599).\n - shmem: shmem_charge: verify max_block is not exceeded before inode\n update (VM Functionality, bsc#1121599).\n - signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid\n namespace init (git-fixes).\n - slab: alien caches must not be initialized if the allocation of the\n alien cache failed (git fixes (mm/slab)).\n - smb3.1.1 dialect is no longer experimental (bsc#1051510).\n - smb311: Fix reconnect (bsc#1051510).\n - smb3: Add support for multidialect negotiate (SMB2.1 and later)\n (bsc#1051510).\n - smb3: allow stats which track session and share reconnects to be reset\n (bsc#1051510).\n - smb3: Backup intent flag missing for directory opens with backupuid\n mounts (bsc#1051510).\n - smb3: check for and properly advertise directory lease support\n (bsc#1051510).\n - smb3: directory sync should not return an error (bsc#1051510).\n - smb3: do not attempt cifs operation in smb3 query info error path\n (bsc#1051510).\n - smb3: do not request leases in symlink creation and query (bsc#1051510).\n - smb3: Do not send SMB3 SET_INFO if nothing changed (bsc#1051510).\n - smb3: enumerating snapshots was leaving part of the data off end\n (bsc#1051510).\n - smb3: Fix length checking of SMB3.11 negotiate request (bsc#1051510).\n - smb3: Fix root directory when server returns inode number of zero\n (bsc#1051510).\n - smb3: fix various xid leaks (bsc#1051510).\n - smb3: Improve security, move default dialect to SMB3 from old CIFS\n (bsc#1051510).\n - smb3: on kerberos mount if server does not specify auth type use krb5\n (bsc#1051510).\n - smb3: Remove ifdef since SMB3 (and later) now STRONGLY preferred\n (bsc#1051510).\n - smb3: simplify code by removing CONFIG_CIFS_SMB311 (bsc#1051510).\n - staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1\n (bsc#1051510).\n - sunrpc: correct the computation for page_ptr when truncating (git-fixes).\n - sunrpc: Fix a potential race in xprt_connect() (git-fixes).\n - sunrpc: Fix leak of krb5p encode pages (git-fixes).\n - sunrpc: handle ENOMEM in rpcb_getport_async (git-fixes).\n - sunrpc: safely reallow resvport min/max inversion (git-fixes).\n - tcp: Do not underestimate rwnd_limited (networking-stable-18_12_12).\n - tcp: fix a race in inet_diag_dump_icsk() (networking-stable-19_01_04).\n - tcp: fix NULL ref in tail loss probe (networking-stable-18_12_12).\n - tcp: lack of available data can also cause TSO defer (git-fixes).\n - thermal: int340x_thermal: Fix a NULL vs IS_ERR() check (bsc#1051510).\n - tipc: compare remote and local protocols in tipc_udp_enable()\n (networking-stable-19_01_04).\n - tipc: fix a double kfree_skb() (networking-stable-19_01_04).\n - tipc: use lock_sock() in tipc_sk_reinit() (networking-stable-19_01_04).\n - tools/lib/lockdep: Rename &quot;trywlock&quot; into &quot;trywrlock&quot; (bsc#1121973).\n - tty: Do not hold ldisc lock in tty_reopen() if ldisc present\n (bsc#1051510).\n - tty: Handle problem if line discipline does not have receive_buf\n (bsc#1051510).\n - tty/n_hdlc: fix __might_sleep warning (bsc#1051510).\n - tty/serial: do not free trasnmit buffer page under port lock\n (bsc#1051510).\n - tun: forbid iface creation with rtnl ops (networking-stable-18_12_12).\n - uart: Fix crash in uart_write and uart_put_char (bsc#1051510).\n - usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB\n (bsc#1120902).\n - usb: cdc-acm: send ZLP for Telit 3G Intel based modems (bsc#1120902).\n - usb: dwc3: gadget: Clear req-&gt;needs_extra_trb flag on cleanup\n (bsc#1120902).\n - usb: dwc3: trace: add missing break statement to make compiler happy\n (bsc#1120902).\n - usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2\n (networking-stable-18_12_03).\n - usb: serial: option: add Fibocom NL678 series (bsc#1120902).\n - usb: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays\n (bsc#1120902).\n - usb: storage: add quirk for SMI SM3350 (bsc#1120902).\n - usb: storage: do not insert sane sense for SPC3+ when bad sense\n specified (bsc#1120902).\n - usb: xhci: fix 'broken_suspend' placement in struct xchi_hcd\n (bsc#1119086).\n - vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505).\n - vhost: make sure used idx is seen before log in vhost_add_used_n()\n (networking-stable-19_01_04).\n - virtio-net: fail XDP set if guest csum is negotiated\n (networking-stable-18_12_03).\n - virtio-net: keep vnet header zeroed after processing XDP\n (networking-stable-18_12_12).\n - vsock: Send reset control packet when socket is partially bound\n (networking-stable-19_01_04).\n - vt: invoke notifier on screen size change (bsc#1051510).\n - watchdog: w83627hf_wdt: Add quirk for Inves system (bsc#1106434).\n - writeback: do not decrement wb-&gt;refcnt if !wb-&gt;bdi (git fixes\n (writeback)).\n - x86/bugs: Add AMD's variant of SSB_NO (bsc#1114279).\n - x86/bugs: Update when to check for the LS_CFG SSBD mitigation\n (bsc#1114279).\n - x86/kvmclock: set pvti_cpu0_va after enabling kvmclock (bsc#1098382).\n - x86/MCE: Initialize mce.bank in the case of a fatal error in\n mce_no_way_out() (bsc#1114279).\n - x86/microcode/amd: Do not falsely trick the late loading mechanism\n (bsc#1114279).\n - x86/mm: Drop usage of __flush_tlb_all() in\n kernel_physical_mapping_init() (bsc#1114279).\n - x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE\n (bsc#1114279).\n - x86/pvclock: add setter for pvclock_pvti_cpu0_va (bsc#1098382).\n - x86/resctrl: Fix rdt_find_domain() return value and checks (bsc#1114279).\n - x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC\n variant (bsc#1114279).\n - x86/speculation: Remove redundant arch_smt_update() invocation\n (bsc#1114279).\n - x86/xen/time: Output xen sched_clock time from 0 (bsc#1098382).\n - x86/xen/time: set pvclock flags on xen_time_init() (bsc#1098382).\n - x86/xen/time: setup vcpu 0 time info page (bsc#1098382).\n - xen: Fix x86 sched_clock() interface for xen (bsc#1098382).\n - xhci: Add quirk to zero 64bit registers on Renesas PCIe controllers\n (bsc#1120854).\n - xhci: workaround CSS timeout on AMD SNPS 3.0 xHC (bsc#1119086).\n - xprtrdma: Reset credit grant properly after a disconnect (git-fixes).\n\n", "modified": "2019-02-18T21:16:13", "published": "2019-02-18T21:16:13", "id": "OPENSUSE-SU-2019:0203-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-03-01T17:36:59", "bulletinFamily": "unix", "description": "The openSUSE Leap 42.3 kernel was updated to 4.4.175 to receive various\n bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2018-5391: Fixed a vulnerability, which allowed an attacker to cause\n a denial of service attack with low rates of packets targeting IP\n fragment re-assembly. (bsc#1103097)\n - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM\n hypervisor related to the emulation of a preemption timer, allowing an\n guest user/process to crash the host kernel. (bsc#1124732).\n - CVE-2019-7222: Fixed an information leakage in the KVM hypervisor\n related to handling page fault exceptions, which allowed a guest\n user/process to use this flaw to leak the host's stack memory contents\n to a guest (bsc#1124735).\n\n The following non-security bugs were fixed:\n\n - ASoC: Intel: mrfld: fix uninitialized variable access (bnc#1012382).\n - ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages\n (bnc#1012382).\n - ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M (bnc#1012382).\n - Documentation/network: reword kernel version reference (bnc#1012382).\n - IB/core: type promotion bug in rdma_rw_init_one_mr() ().\n - IB/rxe: Fix incorrect cache cleanup in error flow ().\n - IB/rxe: replace kvfree with vfree ().\n - NFC: nxp-nci: Include unaligned.h instead of access_ok.h (bnc#1012382).\n - RDMA/bnxt_re: Fix a couple off by one bugs (bsc#1020413, ).\n - RDMA/bnxt_re: Synchronize destroy_qp with poll_cq (bsc#1125446).\n - Revert &quot;Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire\n F5-573G&quot; (bnc#1012382).\n - Revert &quot;cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy\n (insecure cifs)&quot; (bnc#1012382).\n - Revert &quot;exec: load_script: do not blindly truncate shebang string&quot;\n (bnc#1012382).\n - Revert &quot;loop: Fix double mutex_unlock(&amp;loop_ctl_mutex) in\n loop_control_ioctl()&quot; (bnc#1012382).\n - Revert &quot;loop: Fold __loop_release into loop_release&quot; (bnc#1012382).\n - Revert &quot;loop: Get rid of loop_index_mutex&quot; (bnc#1012382).\n - Revert &quot;mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1120902).&quot;\n - Revert most of 4.4.174 (kabi).\n - acpi, nfit: Fix ARS overflow continuation (bsc#1125000).\n - acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value\n (bsc#1124775).\n - alpha: Fix Eiger NR_IRQS to 128 (bnc#1012382).\n - alpha: fix page fault handling for r16-r18 targets (bnc#1012382).\n - alsa: compress: Fix stop handling on compressed capture streams\n (bnc#1012382).\n - alsa: hda - Add quirk for HP EliteBook 840 G5 (bnc#1012382).\n - alsa: hda - Serialize codec registrations (bnc#1012382).\n - alsa: usb-audio: Fix implicit fb endpoint setup by quirk (bnc#1012382).\n - arc: perf: map generic branches to correct hardware condition\n (bnc#1012382).\n - arm64: KVM: Skip MMIO insn after emulation (bnc#1012382).\n - arm64: ftrace: do not adjust the LR value (bnc#1012382).\n - arm64: hyp-stub: Forbid kprobing of the hyp-stub (bnc#1012382).\n - arm: 8808/1: kexec:offline panic_smp_self_stop CPU (bnc#1012382).\n - arm: OMAP2+: hwmod: Fix some section annotations (bnc#1012382).\n - arm: cns3xxx: Fix writing to wrong PCI config registers after alignment\n (bnc#1012382).\n - arm: dts: Fix OMAP4430 SDP Ethernet startup (bnc#1012382).\n - arm: dts: da850-evm: Correct the sound card name (bnc#1012382).\n - arm: dts: kirkwood: Fix polarity of GPIO fan lines (bnc#1012382).\n - arm: dts: mmp2: fix TWSI2 (bnc#1012382).\n - arm: iop32x/n2100: fix PCI IRQ mapping (bnc#1012382).\n - arm: pxa: avoid section mismatch warning (bnc#1012382).\n - batman-adv: Avoid WARN on net_device without parent in netns\n (bnc#1012382).\n - batman-adv: Force mac header to start of data on xmit (bnc#1012382).\n - bluetooth: Fix unnecessary error message for HCI request completion\n (bnc#1012382).\n - bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces\n (bsc#1020413).\n - can: bcm: check timer values before ktime conversion (bnc#1012382).\n - can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by\n removing it (bnc#1012382).\n - ceph: clear inode pointer when snap realm gets dropped by its inode\n (bsc#1125809).\n - char/mwave: fix potential Spectre v1 vulnerability (bnc#1012382).\n - cifs: Always resolve hostname before reconnecting (bnc#1012382).\n - cifs: Do not count -ENODATA as failure for query directory (bnc#1012382).\n - cifs: Fix possible hang during async MTU reads and writes (bnc#1012382).\n - cifs: Limit memory used by lock request calls to a page (bnc#1012382).\n - cifs: check ntwrk_buf_start for NULL before dereferencing it\n (bnc#1012382).\n - clk: imx6sl: ensure MMDC CH0 handshake is bypassed (bnc#1012382).\n - cpufreq: intel_pstate: Fix HWP on boot CPU after system resume\n (bsc#1120017).\n - cpuidle: big.LITTLE: fix refcount leak (bnc#1012382).\n - crypto: ux500 - Use proper enum in cryp_set_dma_transfer (bnc#1012382).\n - crypto: ux500 - Use proper enum in hash_set_dma_transfer (bnc#1012382).\n - cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan()\n (bnc#1012382).\n - dccp: fool proof ccid_hc_[rt]x_parse_options() (bnc#1012382).\n - debugfs: fix debugfs_rename parameter checking (bnc#1012382).\n - dlm: Do not swamp the CPU with callbacks queued during recovery\n (bnc#1012382).\n - dm thin: fix bug where bio that overwrites thin block ignores FUA\n (bnc#1012382).\n - dmaengine: imx-dma: fix wrong callback invoke (bnc#1012382).\n - drbd: Avoid Clang warning about pointless switch statment (bnc#1012382).\n - drbd: disconnect, if the wrong UUIDs are attached on a connected peer\n (bnc#1012382).\n - drbd: narrow rcu_read_lock in drbd_sync_handshake (bnc#1012382).\n - drbd: skip spurious timeout (ping-timeo) when failing promote\n (bnc#1012382).\n - drivers: core: Remove glue dirs from sysfs earlier (bnc#1012382).\n - drm/bufs: Fix Spectre v1 vulnerability (bnc#1012382).\n - drm/i915: Block fbdev HPD processing during suspend (bsc#1106929)\n - drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set\n (bsc#1106929)\n - drm/modes: Prevent division by zero htotal (bnc#1012382).\n - drm/vmwgfx: Fix setting of dma masks (bsc#1106929)\n - drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user\n (bsc#1106929)\n - enic: fix checksum validation for IPv6 (bnc#1012382).\n - exec: load_script: do not blindly truncate shebang string (bnc#1012382).\n - f2fs: fix wrong return value of f2fs_acl_create (bnc#1012382).\n - f2fs: move dir data flush to write checkpoint process (bnc#1012382).\n - f2fs: read page index before freeing (bnc#1012382).\n - fs/dcache: Fix incorrect nr_dentry_unused accounting in\n shrink_dcache_sb() (bnc#1012382).\n - fs/epoll: drop ovflist branch prediction (bnc#1012382).\n - fs: add the fsnotify call to vfs_iter_write (bnc#1012382).\n - fs: do not scan the inode cache before SB_BORN is set (bnc#1012382).\n - fs: fix lost error code in dio_complete (bsc#1117744).\n - fuse: call pipe_buf_release() under pipe lock (bnc#1012382).\n - fuse: decrement NR_WRITEBACK_TEMP on the right page (bnc#1012382).\n - fuse: handle zero sized retrieve correctly (bnc#1012382).\n - futex: Fix (possible) missed wakeup (bsc#1050549).\n - gdrom: fix a memory leak bug (bnc#1012382).\n - gfs2: Revert &quot;Fix loop in gfs2_rbm_find&quot; (bnc#1012382).\n - gpio: pl061: handle failed allocations (bnc#1012382).\n - gpu: ipu-v3: Fix CSI offsets for imx53 (bsc#1106929)\n - gpu: ipu-v3: Fix i.MX51 CSI control registers offset (bsc#1106929)\n - hid: debug: fix the ring buffer implementation (bnc#1012382).\n - hid: lenovo: Add checks to fix of_led_classdev_register (bnc#1012382).\n - hwmon: (lm80) Fix missing unlock on error in set_fan_div() (git-fixes).\n - hwmon: (lm80) fix a missing check of bus read in lm80 probe\n (bnc#1012382).\n - hwmon: (lm80) fix a missing check of the status of SMBus read\n (bnc#1012382).\n - i2c-axxia: check for error conditions first (bnc#1012382).\n - igb: Fix an issue that PME is not enabled during runtime suspend\n (bnc#1012382).\n - inet: frags: add a pointer to struct netns_frags (bnc#1012382).\n - inet: frags: better deal with smp races (bnc#1012382).\n - inet: frags: break the 2GB limit for frags storage (bnc#1012382).\n - inet: frags: change inet_frags_init_net() return value (bnc#1012382).\n - inet: frags: do not clone skb in ip_expire() (bnc#1012382).\n - inet: frags: fix ip6frag_low_thresh boundary (bnc#1012382).\n - inet: frags: get rid of ipfrag_skb_cb/FRAG_CB (bnc#1012382).\n - inet: frags: get rif of inet_frag_evicting() (bnc#1012382).\n - inet: frags: refactor ipfrag_init() (bnc#1012382).\n - inet: frags: refactor ipv6_frag_init() (bnc#1012382).\n - inet: frags: refactor lowpan_net_frag_init() (bnc#1012382).\n - inet: frags: remove inet_frag_maybe_warn_overflow() (bnc#1012382).\n - inet: frags: remove some helpers (bnc#1012382).\n - inet: frags: reorganize struct netns_frags (bnc#1012382).\n - inet: frags: use rhashtables for reassembly units (bnc#1012382).\n - input: bma150 - register input device after setting private data\n (bnc#1012382).\n - input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK\n (bnc#1012382).\n - input: elantech - enable 3rd button support on Fujitsu CELSIUS H780\n (bnc#1012382).\n - input: xpad - add support for SteelSeries Stratus Duo (bnc#1012382).\n - intel_pstate: Update frequencies of policy-&gt;cpus only from\n -&gt;set_policy() (bsc#1120017).\n - iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer\n (bnc#1012382).\n - ip: add helpers to process in-order fragments faster (bnc#1012382).\n - ip: frags: fix crash in ip_do_fragment() (bnc#1012382).\n - ip: process in-order fragments efficiently (bnc#1012382).\n - ip: use rb trees for IP frag queue (bnc#1012382).\n - ipfrag: really prevent allocation on netns exit (bnc#1012382).\n - ipv4: frags: precedence bug in ip_expire() (bnc#1012382).\n - ipv6: Consider sk_bound_dev_if when binding a socket to an address\n (bnc#1012382).\n - ipv6: frags: rewrite ip6_expire_frag_queue() (bnc#1012382).\n - irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size\n (bnc#1012382).\n - isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in\n HFCPCI_l1hw() (bnc#1012382).\n - kABI: protect linux/kfifo.h include in hid-debug (kabi).\n - kABI: protect struct hda_bus (kabi).\n - kaweth: use skb_cow_head() to deal with cloned skbs (bnc#1012382).\n - kernel/exit.c: release ptraced tasks before zap_pid_ns_processes\n (bnc#1012382).\n - kernel/hung_task.c: break RCU locks based on jiffies (bnc#1012382).\n - kvm: VMX: Fix x2apic check in vmx_msr_bitmap_mode() (bsc#1124166).\n - kvm: VMX: Missing part of upstream commit 904e14fb7cb9 (bsc#1124166).\n - kvm: x86: Fix single-step debugging (bnc#1012382).\n - kvm: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported (bnc#1012382).\n - l2tp: copy 4 more bytes to linear part if necessary (bnc#1012382).\n - l2tp: fix reading optional fields of L2TPv3 (bnc#1012382).\n - l2tp: remove l2specific_len dependency in l2tp_core (bnc#1012382).\n - libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive()\n (bsc#1125810).\n - libnvdimm, pfn: Pad pfn namespaces relative to other regions\n (bsc#1124811).\n - libnvdimm: Use max contiguous area for namespace size (bsc#1124780).\n - libnvdimm: fix ars_status output length calculation (bsc#1124777).\n - locking/rwsem: Fix (possible) missed wakeup (bsc#1050549).\n - mac80211: ensure that mgmt tx skbs have tailroom for encryption\n (bnc#1012382).\n - mac80211: fix radiotap vendor presence bitmap handling (bnc#1012382).\n - media: DaVinci-VPBE: fix error handling in vpbe_initialize()\n (bnc#1012382).\n - memstick: Prevent memstick host from getting runtime suspended during\n card detection (bnc#1012382).\n - mips: OCTEON: do not set octeon_dma_bar_type if PCI is disabled\n (bnc#1012382).\n - mips: VDSO: Include $(ccflags-vdso) in o32,n32 .lds builds (bnc#1012382).\n - mips: bpf: fix encoding bug for mm_srlv32_op (bnc#1012382).\n - mips: cm: reprime error cause (bnc#1012382).\n - misc: vexpress: Off by one in vexpress_syscfg_exec() (bnc#1012382).\n - mm, oom: fix use-after-free in oom_kill_process (bnc#1012382).\n - mm, page_alloc: drop should_suppress_show_mem (bnc#1125892, bnc#1106061).\n - mm: migrate: do not rely on __PageMovable() of newpage after unlocking\n it (bnc#1012382).\n - mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1120902).\n - mmc: sdhci-iproc: handle mmc_of_parse() errors during probe\n (bnc#1012382).\n - modpost: validate symbol names also in find_elf_symbol (bnc#1012382).\n - mtd: rawnand: gpmi: fix MX28 bus master lockup problem (bnc#1012382).\n - net/mlx4_core: Add masking for a few queries on HCA caps (bnc#1012382).\n - net/rose: fix NULL ax25_cb kernel panic (bnc#1012382).\n - net: Fix usage of pskb_trim_rcsum (bnc#1012382).\n - net: bridge: Fix ethernet header pointer before check skb forwardable\n (bnc#1012382).\n - net: dp83640: expire old TX-skb (bnc#1012382).\n - net: dsa: slave: Do not propagate flag changes on down slave interfaces\n (bnc#1012382).\n - net: fix pskb_trim_rcsum_slow() with odd trim offset (bnc#1012382).\n - net: ieee802154: 6lowpan: fix frag reassembly (bnc#1012382).\n - net: ipv4: Fix memory leak in network namespace dismantle (bnc#1012382).\n - net: ipv4: do not handle duplicate fragments as overlapping (bnc#1012382\n bsc#1116345).\n - net: modify skb_rbtree_purge to return the truesize of all purged skbs\n (bnc#1012382).\n - net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends (bnc#1012382).\n - net: systemport: Fix WoL with password after deep sleep (bnc#1012382).\n - net_sched: refetch skb protocol for each filter (bnc#1012382).\n - netrom: switch to sock timer API (bnc#1012382).\n - nfit: fix unchecked dereference in acpi_nfit_ctl (bsc#1125014).\n - nfs: nfs_compare_mount_options always compare auth flavors (bnc#1012382).\n - nfsd4: fix crash on writing v4_end_grace before nfsd startup\n (bnc#1012382).\n - niu: fix missing checks of niu_pci_eeprom_read (bnc#1012382).\n - ocfs2: do not clear bh uptodate for block read (bnc#1012382).\n - openvswitch: Avoid OOB read when parsing flow nlattrs (bnc#1012382).\n - perf tests evsel-tp-sched: Fix bitwise operator (bnc#1012382).\n - perf tools: Add Hygon Dhyana support (bnc#1012382).\n - perf unwind: Take pgoff into account when reporting elf to libdwfl\n (bnc#1012382).\n - perf unwind: Unwind with libdw does not take symfs into account\n (bnc#1012382).\n - perf/core: Do not WARN() for impossible ring-buffer sizes (bnc#1012382).\n - perf/core: Fix impossible ring-buffer sizes warning (bnc#1012382).\n - perf/x86/intel/uncore: Add Node ID mask (bnc#1012382).\n - pinctrl: msm: fix gpio-hog related boot issues (bnc#1012382).\n - platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes\n (bnc#1012382).\n - platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK (bnc#1012382).\n - platform/x86: thinkpad_acpi: Proper model/release matching (bsc#1099810).\n - powerpc/pseries: add of_node_put() in dlpar_detach_node() (bnc#1012382).\n - powerpc/uaccess: fix warning/error with access_ok() (bnc#1012382).\n - ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl (bnc#1012382).\n - rbd: do not return 0 on unmap if RBD_DEV_FLAG_REMOVING is set\n (bsc#1125808).\n - rcu: Force boolean subscript for expedited stall warnings (bnc#1012382).\n - rhashtable: Add rhashtable_lookup() (bnc#1012382).\n - rhashtable: add rhashtable_lookup_get_insert_key() (bnc#1012382\n bsc#1042286).\n - rhashtable: add schedule points (bnc#1012382).\n - rhashtable: reorganize struct rhashtable layout (bnc#1012382).\n - s390/early: improve machine detection (bnc#1012382).\n - s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU (bnc#1012382).\n - s390/smp: fix CPU hotplug deadlock with CPU rescan (bnc#1012382).\n - sata_rcar: fix deferred probing (bnc#1012382).\n - sched/wake_q: Document wake_q_add() (bsc#1050549).\n - sched/wake_q: Fix wakeup ordering for wake_q (bsc#1050549).\n - sched/wake_q: Reduce reference counting for special users (bsc#1050549).\n - scripts/decode_stacktrace: only strip base path when a prefix of the\n path (bnc#1012382).\n - scripts/git_sort/git_sort.py: Add mkp/scsi 5.0/scsi-fixes\n - scsi: lpfc: Correct LCB RJT handling (bnc#1012382).\n - scsi: lpfc: Correct MDS diag and nvmet configuration (bsc#1125796).\n - scsi: mpt3sas: API 's to support NVMe drive addition to SML\n (bsc#1117108).\n - scsi: mpt3sas: API's to remove nvme drive from sml (bsc#1117108).\n - scsi: mpt3sas: Add PCI device ID for Andromeda (bsc#1117108).\n - scsi: mpt3sas: Add an I/O barrier (bsc#1117108).\n - scsi: mpt3sas: Add ioc_&lt;level&gt; logging macros (bsc#1117108).\n - scsi: mpt3sas: Add nvme device support in slave alloc, target alloc and\n probe (bsc#1117108).\n - scsi: mpt3sas: Add-Task-management-debug-info-for-NVMe-drives\n (bsc#1117108).\n - scsi: mpt3sas: Added support for SAS Device Discovery Error Event\n (bsc#1117108).\n - scsi: mpt3sas: Added support for nvme encapsulated request message\n (bsc#1117108).\n - scsi: mpt3sas: Adding support for SAS3616 HBA device (bsc#1117108).\n - scsi: mpt3sas: Allow processing of events during driver unload\n (bsc#1117108).\n - scsi: mpt3sas: Annotate switch/case fall-through (bsc#1117108).\n - scsi: mpt3sas: As per MPI-spec, use combined reply queue for SAS3.5\n controllers when HBA supports more than 16 MSI-x vectors (bsc#1117108).\n - scsi: mpt3sas: Bug fix for big endian systems (bsc#1117108).\n - scsi: mpt3sas: Bump mpt3sas driver version to v16.100.00.00\n (bsc#1117108).\n - scsi: mpt3sas: Cache enclosure pages during enclosure add (bsc#1117108).\n - scsi: mpt3sas: Configure reply post queue depth, DMA and sgl tablesize\n (bsc#1117108).\n - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT and reply_q_name to\n %s: (bsc#1117108).\n - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT without logging\n levels (bsc#1117108).\n - scsi: mpt3sas: Convert mlsleading uses of pr_&lt;level&gt; with MPT3SAS_FMT\n (bsc#1117108).\n - scsi: mpt3sas: Convert uses of pr_&lt;level&gt; with MPT3SAS_FMT to\n ioc_&lt;level&gt; (bsc#1117108).\n - scsi: mpt3sas: Display chassis slot information of the drive\n (bsc#1117108).\n - scsi: mpt3sas: Do not abort I/Os issued to NVMe drives while processing\n Async Broadcast primitive event (bsc#1117108).\n - scsi: mpt3sas: Do not access the structure after decrementing it's\n instance reference count (bsc#1117108).\n - scsi: mpt3sas: Do not use 32-bit atomic request descriptor for Ventura\n controllers (bsc#1117108).\n - scsi: mpt3sas: Enhanced handling of Sense Buffer (bsc#1117108).\n - scsi: mpt3sas: Fix a race condition in mpt3sas_base_hard_reset_handler()\n (bsc#1117108).\n - scsi: mpt3sas: Fix calltrace observed while running IO &amp; reset\n (bsc#1117108).\n - scsi: mpt3sas: Fix indentation (bsc#1117108).\n - scsi: mpt3sas: Fix memory allocation failure test in\n 'mpt3sas_base_attach()' (bsc#1117108).\n - scsi: mpt3sas: Fix nvme drives checking for tlr (bsc#1117108).\n - scsi: mpt3sas: Fix possibility of using invalid Enclosure Handle for SAS\n device after host reset (bsc#1117108).\n - scsi: mpt3sas: Fix removal and addition of vSES device during host reset\n (bsc#1117108).\n - scsi: mpt3sas: Fix sparse warnings (bsc#1117108).\n - scsi: mpt3sas: Fix, False timeout prints for ioctl and other internal\n commands during controller reset (bsc#1117108).\n - scsi: mpt3sas: Fixed memory leaks in driver (bsc#1117108).\n - scsi: mpt3sas: For NVME device, issue a protocol level reset\n (bsc#1117108).\n - scsi: mpt3sas: Handle NVMe PCIe device related events generated from\n firmware (bsc#1117108).\n - scsi: mpt3sas: Improve kernel-doc headers (bsc#1117108).\n - scsi: mpt3sas: Incorrect command status was set/marked as not used\n (bsc#1117108).\n - scsi: mpt3sas: Increase event log buffer to support 24 port HBA's\n (bsc#1117108).\n - scsi: mpt3sas: Introduce API to get BAR0 mapped buffer address\n (bsc#1117108).\n - scsi: mpt3sas: Introduce Base function for cloning (bsc#1117108).\n - scsi: mpt3sas: Introduce function to clone mpi reply (bsc#1117108).\n - scsi: mpt3sas: Introduce function to clone mpi request (bsc#1117108).\n - scsi: mpt3sas: Introduce mpt3sas_get_st_from_smid() (bsc#1117108).\n - scsi: mpt3sas: Introduce struct mpt3sas_nvme_cmd (bsc#1117108).\n - scsi: mpt3sas: Lockless access for chain buffers (bsc#1117108).\n - scsi: mpt3sas: NVMe drive support for BTDHMAPPING ioctl command and log\n info (bsc#1117108).\n - scsi: mpt3sas: Optimize I/O memory consumption in driver (bsc#1117108).\n - scsi: mpt3sas: Pre-allocate RDPQ Array at driver boot time (bsc#1117108).\n - scsi: mpt3sas: Processing of Cable Exception events (bsc#1117108).\n - scsi: mpt3sas: Reduce memory footprint in kdump kernel (bsc#1117108).\n - scsi: mpt3sas: Remove KERN_WARNING from panic uses (bsc#1117108).\n - scsi: mpt3sas: Remove set-but-not-used variables (bsc#1117108).\n - scsi: mpt3sas: Remove unnecessary parentheses and simplify null checks\n (bsc#1117108).\n - scsi: mpt3sas: Remove unused macro MPT3SAS_FMT (bsc#1117108).\n - scsi: mpt3sas: Remove unused variable requeue_event (bsc#1117108).\n - scsi: mpt3sas: Replace PCI pool old API (bsc#1117108).\n - scsi: mpt3sas: Replace PCI pool old API (bsc#1117108).\n - scsi: mpt3sas: Report Firmware Package Version from HBA Driver\n (bsc#1117108).\n - scsi: mpt3sas: SGL to PRP Translation for I/Os to NVMe devices\n (bsc#1117108).\n - scsi: mpt3sas: Set NVMe device queue depth as 128 (bsc#1117108).\n - scsi: mpt3sas: Split _base_reset_handler(),\n mpt3sas_scsih_reset_handler() and mpt3sas_ctl_reset_handler()\n (bsc#1117108).\n - scsi: mpt3sas: Swap I/O memory read value back to cpu endianness\n (bsc#1117108).\n - scsi: mpt3sas: Update MPI Headers (bsc#1117108).\n - scsi: mpt3sas: Update driver version &quot;25.100.00.00&quot; (bsc#1117108).\n - scsi: mpt3sas: Update driver version &quot;26.100.00.00&quot; (bsc#1117108).\n - scsi: mpt3sas: Update mpt3sas driver version (bsc#1117108).\n - scsi: mpt3sas: Updated MPI headers to v2.00.48 (bsc#1117108).\n - scsi: mpt3sas: Use dma_pool_zalloc (bsc#1117108).\n - scsi: mpt3sas: always use first reserved smid for ioctl passthrough\n (bsc#1117108).\n - scsi: mpt3sas: check command status before attempting abort\n (bsc#1117108).\n - scsi: mpt3sas: clarify mmio pointer types (bsc#1117108).\n - scsi: mpt3sas: cleanup _scsih_pcie_enumeration_event() (bsc#1117108).\n - scsi: mpt3sas: fix an out of bound write (bsc#1117108).\n - scsi: mpt3sas: fix dma_addr_t casts (bsc#1117108).\n - scsi: mpt3sas: fix format overflow warning (bsc#1117108).\n - scsi: mpt3sas: fix oops in error handlers after shutdown/unload\n (bsc#1117108).\n - scsi: mpt3sas: fix possible memory leak (bsc#1117108).\n - scsi: mpt3sas: fix pr_info message continuation (bsc#1117108).\n - scsi: mpt3sas: fix spelling mistake: &quot;disbale&quot; -&gt; &quot;disable&quot;\n (bsc#1117108).\n - scsi: mpt3sas: lockless command submission (bsc#1117108).\n - scsi: mpt3sas: make function _get_st_from_smid static (bsc#1117108).\n - scsi: mpt3sas: open-code _scsih_scsi_lookup_get() (bsc#1117108).\n - scsi: mpt3sas: remove a stray KERN_INFO (bsc#1117108).\n - scsi: mpt3sas: remove redundant copy_from_user in _ctl_getiocinfo\n (bsc#1117108).\n - scsi: mpt3sas: remove redundant wmb (bsc#1117108).\n - scsi: mpt3sas: scan and add nvme device after controller reset\n (bsc#1117108).\n - scsi: mpt3sas: separate out _base_recovery_check() (bsc#1117108).\n - scsi: mpt3sas: set default value for cb_idx (bsc#1117108).\n - scsi: mpt3sas: simplify _wait_for_commands_to_complete() (bsc#1117108).\n - scsi: mpt3sas: simplify mpt3sas_scsi_issue_tm() (bsc#1117108).\n - scsi: mpt3sas: simplify task management functions (bsc#1117108).\n - scsi: mpt3sas: switch to generic DMA API (bsc#1117108).\n - scsi: mpt3sas: switch to pci_alloc_irq_vectors (bsc#1117108).\n - scsi: mpt3sas: use list_splice_init() (bsc#1117108).\n - scsi: mpt3sas: wait for and flush running commands on shutdown/unload\n (bsc#1117108).\n - scsi: qla2xxx: Fix deadlock between ATIO and HW lock (bsc#1125794).\n - scsi: target: make the pi_prot_format ConfigFS path readable\n (bsc#1123933).\n - sd: disable logical block provisioning if 'lbpme' is not set\n (bsc#1086095 bsc#1078355).\n - seq_buf: Make seq_buf_puts() null-terminate the buffer (bnc#1012382).\n - serial: fsl_lpuart: clear parity enable bit when disable parity\n (bnc#1012382).\n - signal: Always notice exiting tasks (bnc#1012382).\n - signal: Better detection of synchronous signals (bnc#1012382).\n - signal: Restore the stop PTRACE_EVENT_EXIT (bnc#1012382).\n - skge: potential memory corruption in skge_get_regs() (bnc#1012382).\n - smack: fix access permissions for keyring (bnc#1012382).\n - smsc95xx: Use skb_cow_head to deal with cloned skbs (bnc#1012382).\n - soc/tegra: Do not leak device tree node reference (bnc#1012382).\n - staging: iio: ad7780: update voltage on read (bnc#1012382).\n - staging: iio: adc: ad7280a: handle error from __ad7280_read32()\n (bnc#1012382).\n - staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1\n (bnc#1012382).\n - staging:iio:ad2s90: Make probe handle spi_setup failure (bnc#1012382).\n - sunvdc: Do not spin in an infinite loop when vio_ldc_send() returns\n EAGAIN (bnc#1012382).\n - test_hexdump: use memcpy instead of strncpy (bnc#1012382).\n - thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set\n (bnc#1012382).\n - timekeeping: Use proper seqcount initializer (bnc#1012382).\n - tipc: use destination length for copy string (bnc#1012382).\n - tracing/uprobes: Fix output for multiple string arguments (bnc#1012382).\n - tty/ldsem: Add lockdep asserts for ldisc_sem (bnc#1105428).\n - tty/ldsem: Convert to regular lockdep annotations (bnc#1105428).\n - tty/ldsem: Decrement wait_readers on timeouted down_read() (bnc#1105428).\n - tty/n_hdlc: fix __might_sleep warning (bnc#1012382).\n - tty: Do not block on IO when ldisc change is pending (bnc#1105428).\n - tty: Do not hold ldisc lock in tty_reopen() if ldisc present\n (bnc#1105428).\n - tty: Handle problem if line discipline does not have receive_buf\n (bnc#1012382).\n - tty: Hold tty_ldisc_lock() during tty_reopen() (bnc#1105428).\n - tty: Simplify tty-&gt;count math in tty_reopen() (bnc#1105428).\n - tty: fix data race between tty_init_dev and flush of buf (bnc#1105428).\n - tty: serial: samsung: Properly set flags in autoCTS mode (bnc#1012382).\n - uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define (bnc#1012382).\n - uapi/if_ether.h: prevent redefinition of struct ethhdr (bnc#1012382).\n - ucc_geth: Reset BQL queue when stopping device (bnc#1012382).\n - udf: Fix BUG on corrupted inode (bnc#1012382).\n - um: Avoid marking pages with &quot;changed protection&quot; (bnc#1012382).\n - usb: dwc2: Remove unnecessary kfree (bnc#1012382).\n - usb: gadget: udc: net2272: Fix bitwise and boolean operations\n (bnc#1012382).\n - usb: hub: delay hub autosuspend if USB3 port is still link training\n (bnc#1012382).\n - usb: phy: am335x: fix race condition in _probe (bnc#1012382).\n - usb: serial: pl2303: add new PID to support PL2303TB (bnc#1012382).\n - usb: serial: simple: add Motorola Tetra TPG2200 device id (bnc#1012382).\n - video: clps711x-fb: release disp device node in probe() (bnc#1012382).\n - vt: invoke notifier on screen size change (bnc#1012382).\n - x86/MCE: Initialize mce.bank in the case of a fatal error in\n mce_no_way_out() (bnc#1012382).\n - x86/PCI: Fix Broadcom CNB20LE unintended sign extension (redux)\n (bnc#1012382).\n - x86/a.out: Clear the dump structure initially (bnc#1012382).\n - x86/fpu: Add might_fault() to user_insn() (bnc#1012382).\n - x86/kaslr: Fix incorrect i8254 outb() parameters (bnc#1012382).\n - x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls\n (bnc#1012382).\n - x86/xen: dont add memory above max allowed allocation (bsc#1117645).\n - x86: respect memory size limiting via mem= parameter (bsc#1117645).\n - xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi (bnc#1012382).\n - xfrm: refine validation of template and selector families (bnc#1012382).\n\n", "modified": "2019-03-01T15:09:44", "published": "2019-03-01T15:09:44", "id": "OPENSUSE-SU-2019:0274-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00000.html", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "aix": [{"lastseen": "2020-02-05T22:27:55", "bulletinFamily": "unix", "description": "IBM SECURITY ADVISORY\n\nFirst Issued: Tue May 22 15:30:11 CDT 2018\n|Updated: Fri Aug 17 08:05:01 CDT 2018\n|Update: Added a link to the bulletin for CVE-2017-5715, known as Spectre, \n| regarding updated iFixes that are only applicable to some POWER9 systems.\n| The bulletin is available here:\n| http://aix.software.ibm.com/aix/efixes/security/spectre_update_advisory.asc\n| https://aix.software.ibm.com/aix/efixes/security/spectre_update_advisory.asc\n| ftp://aix.software.ibm.com/aix/efixes/security/spectre_update_advisory.asc\n\nThe most recent version of this document is available here:\nhttp://aix.software.ibm.com/aix/efixes/security/variant4_advisory.asc\nhttps://aix.software.ibm.com/aix/efixes/security/variant4_advisory.asc\nftp://aix.software.ibm.com/aix/efixes/security/variant4_advisory.asc\n\nSecurity Bulletin: IBM has released AIX and VIOS iFixes in response to \n Speculative Store Bypass (SSB), also known as Variant 4.\n\n===============================================================================\n\nSUMMARY:\n\n IBM has released the following fixes for AIX and VIOS in response to \n CVE-2018-3639.\n\n===============================================================================\n\nVULNERABILITY DETAILS:\n\n CVEID: CVE-2018-3639\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639\n\n\n AFFECTED PRODUCTS AND VERSIONS:\n \n AIX 5.3, 6.1, 7.1, 7.2\n VIOS 2.2.x \n\n The vulnerabilities in the following filesets are being addressed:\n \n key_fileset = aix\n\n Fileset Lower Level Upper Level KEY \n ---------------------------------------------------------\n bos.mp64 5.3.12.0 5.3.12.10 key_w_fs\n bos.mp64 6.1.9.0 6.1.9.316 key_w_fs\n bos.mp64 7.1.4.0 7.1.4.34 key_w_fs\n bos.mp64 7.1.5.0 7.1.5.16 key_w_fs\n bos.mp64 7.2.0.0 7.2.0.6 key_w_fs\n bos.mp64 7.2.1.0 7.2.1.5 key_w_fs\n bos.mp64 7.2.2.0 7.2.2.16 key_w_fs\n \n To find out whether the affected filesets are installed \n on your systems, refer to the lslpp command found in AIX user's guide.\n\n Example: lslpp -L | grep -i bos.mp64\n\n Note: AIX or VIOS users of all fileset levels should continue to monitor\n their My Notifications alerts and the IBM PSIRT Blog for additional \n information about these vulnerabilities:\n\n - My Notifications\n http://www.ibm.com/support/mynotifications\n\n - IBM PSIRT Blog - Potential Impact on Processors in the Power Family\n https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/\n\n\n REMEDIATION:\n\n A. APARS\n \n IBM has assigned the following APARs to this problem:\n\n AIX Level APAR Availability SP KEY\n ------------------------------------------------\n 5.3.12 IJ05826 N/A N/A key_w_apar\n 6.1.9 IJ05824 ** SP12 key_w_apar\n 7.1.4 IJ05823 ** SP7 key_w_apar\n 7.1.5 IJ05822 ** SP3 key_w_apar\n 7.2.0 IJ05821 ** N/A key_w_apar\n 7.2.1 IJ05820 ** SP5 key_w_apar\n 7.2.2 IJ05818 ** SP3 key_w_apar\n\n VIOS Level APAR Availability SP KEY\n ------------------------------------------------\n 2.2.4 IJ05824 ** N/A key_w_apar\n 2.2.5 IJ05824 ** N/A key_w_apar\n 2.2.6 IJ05824 ** 2.2.6.22 key_w_apar\n\n The relevant APARs will also be included in 7.1.5 and\n 7.2.2 SPs with a build id of 1831 or later.\n\n Subscribe to the APARs here:\n\n http://www.ibm.com/support/docview.wss?uid=isg1IJ05818\n http://www.ibm.com/support/docview.wss?uid=isg1IJ05820\n http://www.ibm.com/support/docview.wss?uid=isg1IJ05821\n http://www.ibm.com/support/docview.wss?uid=isg1IJ05822\n http://www.ibm.com/support/docview.wss?uid=isg1IJ05823\n http://www.ibm.com/support/docview.wss?uid=isg1IJ05824\n\n https://www.ibm.com/support/docview.wss?uid=isg1IJ05818\n https://www.ibm.com/support/docview.wss?uid=isg1IJ05820\n https://www.ibm.com/support/docview.wss?uid=isg1IJ05821\n https://www.ibm.com/support/docview.wss?uid=isg1IJ05822\n https://www.ibm.com/support/docview.wss?uid=isg1IJ05823\n https://www.ibm.com/support/docview.wss?uid=isg1IJ05824\n\n By subscribing, you will receive periodic email alerting you\n to the status of the APAR, and a link to download the fix once\n it becomes available.\n\n B. FIXES\n\n AIX and VIOS fixes are available.\n\n An LPAR system reboot is required to complete the iFix installation,\n or Live Update may be used on AIX 7.2 to avoid a reboot.\n\n The AIX/VIOS fixes can be downloaded via ftp or http from:\n\n ftp://aix.software.ibm.com/aix/efixes/security/variant4_fix.tar\n http://aix.software.ibm.com/aix/efixes/security/variant4_fix.tar\n https://aix.software.ibm.com/aix/efixes/security/variant4_fix.tar \n\n The link above is to a tar file containing this signed\n advisory, fix packages, and OpenSSL signatures for each package.\n The fixes below include prerequisite checking. This will\n enforce the correct mapping between the fixes and AIX\n Technology Levels.\n \n AIX Level Interim Fix (*.Z) KEY\n ----------------------------------------------\n 5.3.12.9 IJ05826m9b.180427.epkg.Z key_w_fix\n 6.1.9.9 IJ05824m9a.180501.epkg.Z key_w_fix\n 6.1.9.10 IJ05824mAa.180501.epkg.Z key_w_fix\n 6.1.9.11 IJ05824sBa.180426.epkg.Z key_w_fix\n 7.1.4.4 IJ05823m4a.180501.epkg.Z key_w_fix\n 7.1.4.5 IJ05823m5a.180430.epkg.Z key_w_fix\n 7.1.4.6 IJ05823m6a.180426.epkg.Z key_w_fix\n 7.1.5.0 IJ05822m1a.180430.epkg.Z key_w_fix\n 7.1.5.1 IJ05822m1a.180430.epkg.Z key_w_fix\n 7.1.5.2 IJ05822s2a.180426.epkg.Z key_w_fix\n 7.2.0.4 IJ05821m4a.180430.epkg.Z key_w_fix\n 7.2.0.5 IJ05821m5a.180430.epkg.Z key_w_fix\n 7.2.0.6 IJ05821m6a.180424.epkg.Z key_w_fix\n 7.2.1.2 IJ05820m2a.180430.epkg.Z key_w_fix\n 7.2.1.3 IJ05820m3a.180430.epkg.Z key_w_fix\n 7.2.1.4 IJ05820m4a.180423.epkg.Z key_w_fix\n 7.2.2.0 IJ05818m1a.180423.epkg.Z key_w_fix\n 7.2.2.1 IJ05818m1a.180423.epkg.Z key_w_fix\n 7.2.2.2 IJ05818s2a.180420.epkg.Z key_w_fix\n \n Please note that the above table refers to AIX TL/SP level as\n opposed to fileset level, i.e., 7.2.2.1 is AIX 7200-02-01.\n\n The above fixes are cumulative and include the previously issued\n Spectre/Meltdown security fixes:\n http://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.asc\n\n The provided iFixes for 7.1.5.2 and 7.2.2.2 are not required on SPs \n with a build id of 1831 or later. Please run \"oslevel -s\" to view \n installed build id.\n\n Please reference the Affected Products and Version section above\n for help with checking installed fileset levels.\n\n VIOS Level Interim Fix (*.Z) KEY\n -----------------------------------------------\n 2.2.4.40 IJ05824m9a.180501.epkg.Z key_w_fix\n 2.2.4.50 IJ05824m9b.180502.epkg.Z key_w_fix\n 2.2.4.60 IJ05824sBa.180426.epkg.Z key_w_fix\n 2.2.5.20 IJ05824m9a.180501.epkg.Z key_w_fix\n 2.2.5.30 IJ05824m9b.180502.epkg.Z key_w_fix\n 2.2.5.40 IJ05824sBa.180426.epkg.Z key_w_fix\n 2.2.6.0 IJ05824mAa.180501.epkg.Z key_w_fix\n 2.2.6.10 IJ05824mAa.180501.epkg.Z key_w_fix\n 2.2.6.20 IJ05824sBa.180426.epkg.Z key_w_fix\n 2.2.6.21 IJ05824sBa.180426.epkg.Z key_w_fix\n \n The above fixes are cumulative and include the previously issued\n Spectre/Meltdown security fixes:\n http://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.asc\n\n To extract the fixes from the tar file:\n\n tar xvf variant4_fix.tar\n cd variant4_fix\n\n Verify you have retrieved the fixes intact:\n\n The checksums below were generated using the\n \"openssl dgst -sha256 file\" command as the following:\n\n openssl dgst -sha256 filename KEY\n -----------------------------------------------------------------------------------------------------\n fc10d3fcc4b372e54e4f6a88c33a317d7137db4713def21536735bc926c78c68 IJ05818m1a.180423.epkg.Z key_w_csum\n da5f493bd51051336c7528ba8667c8dd9272db4ba06ee5ef9f943c0a2a39baad IJ05818s2a.180420.epkg.Z key_w_csum\n 7ecd8c0ffed9005d771aeaf8309160d55b46c91ff6e9d9cce5516bbb0fc8ef58 IJ05820m2a.180430.epkg.Z key_w_csum\n 4e7598e7bc623d850fe1b50503739b0b3cadac08c45fdbe2037d7b4a812bbe08 IJ05820m3a.180430.epkg.Z key_w_csum\n 80d4263c0e231c18a752b943f522d71516db850466f820149cd81a0c53b68352 IJ05820m4a.180423.epkg.Z key_w_csum\n 1e4ab00e0fd1a7bb4a38cfad30bd021edd0d8106bed9636f62fabbca70d3be65 IJ05821m4a.180430.epkg.Z key_w_csum\n 6b5c8a209573f4916cd22f03481b0962e904e24ee993db0e531c68761abb74a3 IJ05821m5a.180430.epkg.Z key_w_csum\n 28b2171be5442994394b39410c2db05569223fc3fcff0c552c3b8ddf210f7107 IJ05821m6a.180424.epkg.Z key_w_csum\n 42bef3d5dd9d228ab79bd75725de5ce3dc3ef2a28894fa9ca4f47dab3191858e IJ05822m1a.180430.epkg.Z key_w_csum\n 5e6be49f5563f5a89d4ecc5ea5c52e06ac9f7c7749b9b217ba3abf34bb4a49b8 IJ05822s2a.180426.epkg.Z key_w_csum\n 686bd91a387df1043c38ddc0dfe1409223145ad8f8d335d52e0341c0bcb91de1 IJ05823m4a.180501.epkg.Z key_w_csum\n 79fce1a11262f192c869b67742eb47f92e354f0c7b25c191043b46be442f4ad1 IJ05823m5a.180430.epkg.Z key_w_csum\n dc013e5f65263db7bd2cb35efa29dffacfe886996d072b459f51d22cdf646a2f IJ05823m6a.180426.epkg.Z key_w_csum\n 5cd8fc8e3fe0bc2f2deab5956a13e2045580af9d98b56bbe606f4f87403b5ffd IJ05824m9a.180501.epkg.Z key_w_csum\n 1b6f28af977841e1f2f08dcfa26edb20974d4ea0b51d2f08c1108331a2c8b625 IJ05824m9b.180502.epkg.Z key_w_csum\n 95ac10d417ad9a4017b5b9057b0937189721f260c94bb71969e4fabd33f5a539 IJ05824mAa.180501.epkg.Z key_w_csum\n 4fa9372d4137265fef88aeb5af36dc1745467cc9f35deb01e6c850ea67b06b66 IJ05824sBa.180426.epkg.Z key_w_csum\n 4b4dc4961f3a27cd6774ce37bf980ded29cbd962031014e067e117ce0b474c53 IJ05826m9b.180427.epkg.Z key_w_csum\n\n These sums should match exactly. The OpenSSL signatures in the tar\n file and on this advisory can also be used to verify the\n integrity of the fixes. If the sums or signatures cannot be\n confirmed, contact IBM Support at\n http://ibm.com/support/ and describe the discrepancy. \n \n openssl dgst -sha1 -verify [pubkey_file] -signature [advisory_file].sig [advisory_file]\n \n openssl dgst -sha1 -verify [pubkey_file] -signature [ifix_file].sig [ifix_file]\n\n Published advisory OpenSSL signature file location:\n \n http://aix.software.ibm.com/aix/efixes/security/variant4_advisory.asc.sig\n https://aix.software.ibm.com/aix/efixes/security/variant4_advisory.asc.sig\n ftp://aix.software.ibm.com/aix/efixes/security/variant4_advisory.asc.sig \n\n C. FIX AND INTERIM FIX INSTALLATION\n\n An LPAR system reboot is required to complete the iFix installation,\n or Live Update may be used on AIX 7.2 to avoid a reboot.\n\n If possible, it is recommended that a mksysb backup of the system \n be created. Verify it is both bootable and readable before\n proceeding.\n\n To preview a fix installation:\n\n installp -a -d fix_name -p all # where fix_name is the name of the\n # fix package being previewed.\n To install a fix package:\n\n installp -a -d fix_name -X all # where fix_name is the name of the\n # fix package being installed.\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; however, IBM does fully support them.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e ipkg_name -p # where ipkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e ipkg_name -X # where ipkg_name is the name of the\n # interim fix package being installed.\n\n WORKAROUNDS AND MITIGATIONS:\n\n None.\n\n\n===============================================================================\n\nCONTACT US:\n\n Note: Keywords labeled as KEY in this document are used for parsing\n purposes.\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Contact IBM Support for questions related to this announcement:\n\n http://ibm.com/support/\n https://ibm.com/support/\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\nREFERENCES:\n \n Complete CVSS v3 Guide: http://www.first.org/cvss/user-guide\n On-line Calculator v3:\n http://www.first.org/cvss/calculator/3.0\n\n\nRELATED INFORMATION:\n\n IBM Secure Engineering Web Portal\n http://www.ibm.com/security/secure-engineering/bulletins.html\n\n IBM Product Security Incident Response Blog\n https://www.ibm.com/blogs/psirt/\n\n IBM PSIRT Blog - Potential Impact on Processors in the Power Family\n https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/\n\n Security Bulletin: IBM has released AIX and VIOS iFixes in response to \n Speculative Store Bypass (SSB), also known as Variant 4.\n http://www-01.ibm.com/support/docview.wss?uid=isg3T1027700\n\n| Security Bulletin: IBM has released updated AIX and VIOS fixes for \n| CVE-2017-5715, known as Spectre, that are only applicable to some POWER9 \n| systems.\n| http://aix.software.ibm.com/aix/efixes/security/spectre_update_advisory.asc\n| https://aix.software.ibm.com/aix/efixes/security/spectre_update_advisory.asc\n| ftp://aix.software.ibm.com/aix/efixes/security/spectre_update_advisory.asc\n\nACKNOWLEDGEMENTS:\n\n The vulnerability was reported to IBM by Google Project Zero.\n\n\nCHANGE HISTORY:\n\n First Issued: Tue May 22 15:30:11 CDT 2018\n Updated: Wed Jun 6 14:56:44 CDT 2018\n Update: Additional iFixes are now available. \n Additional iFixes are now available for:\n AIX 6100-09-09 and 6100-09-10\n AIX 7100-04-04 and 7100-04-05\n AIX 7100-05-00 and 7100-05-01\n AIX 7200-00-04 and 7200-00-05\n AIX 7200-01-02 and 7200-01-03\n AIX 7200-02-00 and 7200-02-01\n VIOS 2.2.4.40 and 2.2.4.50\n VIOS 2.2.5.20 and 2.2.5.30\n VIOS 2.2.6.0 and 2.2.6.10\n| Updated: Fri Aug 17 08:05:01 CDT 2018\n| Update: Added a link to the bulletin for CVE-2017-5715, known as Spectre, \n| regarding updated iFixes that are only applicable to some POWER9 \n| systems.\n| The bulletin is available here:\n| http://aix.software.ibm.com/aix/efixes/security/spectre_update_advisory.asc\n| https://aix.software.ibm.com/aix/efixes/security/spectre_update_advisory.asc\n| ftp://aix.software.ibm.com/aix/efixes/security/spectre_update_advisory.asc\n\n\n===============================================================================\n\n*The CVSS Environment Score is customer environment specific and will \nultimately impact the Overall CVSS Score. Customers can evaluate the impact \nof this vulnerability in their environments by accessing the links in the \nReference section of this Security Bulletin. \n\nDisclaimer\nAccording to the Forum of Incident Response and Security Teams (FIRST), the \nCommon Vulnerability Scoring System (CVSS) is an \"industry open standard \ndesigned to convey vulnerability severity and help to determine urgency and \npriority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY \nOF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS \nFOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT \nOF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n\n\n", "modified": "2018-08-17T08:05:01", "published": "2018-05-22T15:30:11", "id": "VARIANT4_ADVISORY.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/variant4_advisory.asc", "title": "IBM has released AIX and VIOS iFixes in response to Speculative Store Bypass (SSB) also known as Variant 4.,IBM has released VIOS and VIOS iFixes in response to Speculative Store Bypass (SSB) also known as Variant 4.", "type": "aix", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}], "mskb": [{"lastseen": "2020-03-12T14:36:22", "bulletinFamily": "microsoft", "description": "<html><body><p>Learn more about update KB4284860, including improvements and fixes, any known issues, and how to get the update.</p><h2>Improvements and fixes</h2><div><p>This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:</p><ul><li>Provides support to control usage of Indirect Branch Prediction Barrier (IBPB) on some AMD processors (CPUs) for mitigating CVE-2017-5715, Spectre Variant 2 when switching from user context to kernel context. (See <a href=\"https://developer.amd.com/wp-content/resources/Architecture_Guidelines_Update_Indirect_Branch_Control.pdf\" managed-link=\"\" target=\"_blank\">AMD Architecture Guidelines for Indirect Branch Control</a> and <a href=\"https://www.amd.com/en/corporate/security-updates\">AMD Security Updates</a> for more details). For Windows client (IT pro) guidance, follow the instructions\u00a0in <a data-content-id=\"4073119\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4073119</a>. Use this guidance document\u00a0to enable IBPB on some AMD processors (CPUs) for mitigating Spectre Variant 2 when switching from user context to kernel context.</li><li>Provides protections from an additional subclass of speculative execution side channel vulnerability known as <em><a href=\"https://blogs.technet.microsoft.com/srd/2018/05/21/analysis-and-mitigation-of-speculative-store-bypass-cve-2018-3639/\"><em>Speculative Store Bypass</em></a></em> (CVE-2018-3639). These protections\u00a0aren't enabled by default. For Windows client (IT pro) guidance, follow the instructions\u00a0in <a data-content-id=\"4073119\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4073119</a>. Use this guidance document to enable mitigations for Speculative Store Bypass (CVE-2018-3639) in addition to the mitigations that have already been released for Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754).</li><li>Addresses an issue that sometimes prevents eDrives from unlocking when an eDrive is a secondary drive and the system drive is protected with BitLocker.\u00a0</li><li><p><span><span><span><span><span>Addresses an issue where firmware updates cause devices to go into BitLocker recovery mode when BitLocker is enabled\u00a0but Secure Boot isn't present or disabled. </span></span></span></span></span> This update prevents firmware installation on devices in this state. Administrators can install firmware updates by:</p><ol><li>Temporarily suspending BitLocker.</li><li>Immediately installing firmware updates before the next OS startup.</li><li>Immediately restarting the device so that BitLocker doesn\u2019t remain in the suspended state.</li></ol></li><li>Addresses an issue where booting with Unified Write Filter (UWF) enabled may lead to stop error 0xE1 on embedded devices, particularly when using a USB hub.\u00a0</li><li>Increased the Internet Explorer cookie limit from 50 to better align with industry standards</li><li>Security updates to Internet Explorer, Microsoft Edge, Microsoft scripting engine, Windows apps, Windows Server, Windows wireless networking, Windows storage and filesystem, remote code execution, and Windows virtualization and kernel.</li></ul><p>If you installed earlier updates, only the new fixes\u00a0in this package will be downloaded and installed on your device.</p><p>For more information about the resolved security vulnerabilities, see the <a href=\"https://portal.msrc.microsoft.com/security-guidance\">Security Update Guide</a>.</p><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><p class=\"alert-title\">Windows Update Improvements</p><div class=\"row\"><div class=\"col-xs-24\"><p>Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 Feature Update based on device compatibility and Windows Update for Business deferral policy. This does not apply to long-term servicing editions.</p></div></div></div></div><p>\u00a0</p></div><h2>Known issues in this update</h2><div><p>Microsoft is not currently aware of any issues with this update.</p></div><h2>How to get this update</h2><div><p>This update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the\u00a0<a href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4284860\">Microsoft Update Catalog</a>\u00a0website.</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://download.microsoft.com/download/1/C/7/1C7C419E-6213-4FA8-ABD7-D6E09C54437F/4284860.csv\" target=\"\">file information for cumulative update 4284860</a>.</p></div></body></html>", "modified": "2018-06-15T22:26:23", "id": "KB4284860", "href": "https://support.microsoft.com/en-us/help/4284860/", "published": "2018-06-15T22:25:29", "title": "June 12, 2018\u2014KB4284860 (OS Build 10240.17889)", "type": "mskb", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-03-17T14:28:13", "bulletinFamily": "microsoft", "description": "<html><body><p>Learn more about update KB4284819, including improvements and fixes, any known issues, and how to get the update.</p><h2>Improvements and fixes</h2><p>This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:</p><ul><li>Provides protections from an additional subclass of speculative execution side channel vulnerability known as <a href=\"https://blogs.technet.microsoft.com/srd/2018/05/21/analysis-and-mitigation-of-speculative-store-bypass-cve-2018-3639/\">Speculative Store Bypass</a> (CVE-2018-3639). These protections\u00a0aren't enabled by default. For Windows client (IT pro) guidance, follow the instructions\u00a0in <a data-content-id=\"4073119\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4073119</a>. For Windows Server guidance,<strong> </strong>follow the instructions in\u00a0<a data-content-id=\"4072698\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4072698</a>.\u00a0Use this guidance document to enable mitigations for Speculative Store Bypass (CVE-2018-3639) in addition to the mitigations that have already been released for Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754).</li><li>Addresses an issue in Microsoft Edge that causes incorrect responses to XML requests.\u00a0</li><li>Adds support for the SameSite cookie web standard to Microsoft Edge and Internet Explorer.\u00a0</li><li>Addresses an issue with Internet Explorer that prevents it from\u00a0using an updated version of location services.</li><li><p><span><span><span><span><span>Addresses an issue where firmware updates cause devices to go into BitLocker recovery mode when BitLocker is enabled, but Secure Boot is disabled or not present. </span></span></span></span></span> This update prevents firmware installation on devices in this state. Administrators can install firmware updates by:</p><ol><li>Temporarily suspending BitLocker.</li><li>Immediately installing firmware updates before the next OS startup.</li><li>Immediately restarting the device so that BitLocker doesn\u2019t remain in the suspended state.</li></ol></li><li>Addresses a binary serialization compatibility issue for the\u00a0<strong>CultureAwareComparer</strong> class.</li><li>Security updates to Internet Explorer, Microsoft Edge, Microsoft scripting engine, Windows Desktop Bridge, Windows apps, Windows shell, Windows storage and filesystems, Windows app platform and frameworks, Windows virtualization and kernel, Windows wireless networking, and Windows Server.</li></ul><p>If you installed earlier updates, only the new fixes in this package will be downloaded and installed on your device.</p><p><span><span><span><span>For more information about the resolved security vulnerabilities, see the </span></span></span></span><span><span><span><a href=\"https://portal.msrc.microsoft.com/security-guidance\">Security Update Guide</a>.</span></span></span></p><h2>Known issues in this update</h2><table class=\"table\"><tbody><tr><td>Symptom</td><td>Workaround</td></tr><tr><td>Some non-English platforms may display the following string in English instead of the localized language: \u201dReading scheduled jobs from file is not supported in this language mode.\u201d This error appears when you try to read the scheduled jobs you've created and Device Guard is enabled</td><td><p><span>After evaluation, Microsoft has determined that this is a low probability and a low-risk issue, and we will not provide a solution at this time</span> for Windows 10, version 1709<span>. </span></p><p><span>If you believe that you are affected by this issue, please contact <a href=\"https://support.microsoft.com/en-us/gp/contactus81?forceorigin=esmc&amp;Audience=Commercial\" managed-link=\"\" target=\"_blank\">Microsoft Support</a>.</span></p></td></tr><tr><td><p><span><span><span>When Device Guard is enabled, some non-English platforms may display the following strings in English instead of the localized language:</span></span></span></p><ul><li><span><span><span>\"Cannot use '&amp;' or '.' operators to invoke a module scope command across language boundaries.\"</span></span></span></li><li><span><span><span>\"'Script' resource from 'PSDesiredStateConfiguration' module is not supported when Device Guard is enabled. Please use 'Script' resource published by PSDscResources module from PowerShell Gallery.\"</span></span></span></li></ul></td><td><p><span>After evaluation, Microsoft has determined that this is a low probability and a low-risk issue, and we will not provide a solution at this time</span> for Windows 10, version 1709<span>. </span></p><p><span>If you believe that you are affected by this issue, please contact <a href=\"https://support.microsoft.com/en-us/gp/contactus81?forceorigin=esmc&amp;Audience=Commercial\" managed-link=\"\" target=\"_blank\">Microsoft Support</a>.</span></p></td></tr></tbody></table><h2>How to get this update</h2><div><p>This update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the\u00a0<a href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4284819\">Microsoft Update Catalog</a>\u00a0website.</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://download.microsoft.com/download/F/E/0/FE03B953-117D-4B29-A0BC-03738895A7B7/4284819.csv\" target=\"_blank\">file information for cumulative update 4284819</a>.\u00a0</p></div></body></html>", "modified": "2018-09-05T19:55:57", "id": "KB4284819", "href": "https://support.microsoft.com/en-us/help/4284819/", "published": "2018-09-05T19:55:44", "title": "June 12, 2018\u2014KB4284819 (OS Build 16299.492)", "type": "mskb", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-09-11T12:40:11", "bulletinFamily": "microsoft", "description": "<html><body><p>Learn more about update KB4284867, including improvements and fixes, any known issues, and how to get the update.</p><h2>Improvements and fixes</h2><div><p>This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:</p><ul><li>Provides support to control use of Indirect Branch Prediction Barrier (IBPB) on some AMD processors (CPUs) for mitigating CVE-2017-5715, Spectre Variant 2 when switching from user context to kernel context. (See <a href=\"https://developer.amd.com/wp-content/resources/Architecture_Guidelines_Update_Indirect_Branch_Control.pdf\" managed-link=\"\" target=\"_blank\">AMD Architecture Guidelines for Indirect Branch Control</a> and <a href=\"https://www.amd.com/en/corporate/security-updates\">AMD Security Updates</a> for more details). For Windows client (IT pro) guidance, follow the instructions\u00a0in <a data-content-id=\"4073119\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4073119</a>. For Windows Server guidance,<strong> </strong>follow the instructions in\u00a0<a data-content-id=\"4072698\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4072698</a>.\u00a0Use these guidance documents to enable\u00a0use of IBPB on some AMD processors (CPUs) for mitigating Spectre Variant 2 when switching from user context to kernel context.</li><li>Provides protections from an additional subclass of speculative execution side channel vulnerability known as <a href=\"https://blogs.technet.microsoft.com/srd/2018/05/21/analysis-and-mitigation-of-speculative-store-bypass-cve-2018-3639/\">Speculative Store Bypass</a> (CVE-2018-3639). These protections\u00a0aren't enabled by default. For Windows client (IT pro) guidance, follow the instructions\u00a0in <a data-content-id=\"4073119\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4073119</a>. For Windows Server guidance,<strong> </strong>follow the instructions in\u00a0<a data-content-id=\"4072698\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4072698</a>. Use this guidance document to enable mitigations for Speculative Store Bypass (CVE-2018-3639) in addition to the mitigations that have already been released for Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754).</li><li>Security updates to\u00a0Windows apps, Windows Server, Windows storage and filesystems, Windows wireless networking, and Windows virtualization and kernel.</li></ul><p>For more information about the resolved security vulnerabilities, see the <a href=\"https://portal.msrc.microsoft.com/security-guidance\">Security Update Guide</a>.</p></div><h2>Known issues in this update</h2><p>Microsoft is not currently aware of any issues with this update.</p><h2>How to get this update</h2><div><p>This update is now available for installation through WSUS. To get the standalone package for this update, go to the\u00a0<a href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4284867\">Microsoft Update Catalog</a>\u00a0website.</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://download.microsoft.com/download/0/7/7/077DE957-A8BF-494B-B7FF-EAE466AC701F/4284867.csv\" target=\"_blank\">file information for update 4284867</a>.\u00a0</p></div></body></html>", "modified": "2018-06-15T23:33:21", "id": "KB4284867", "href": "https://support.microsoft.com/en-us/help/4284867/", "published": "2018-06-15T20:07:32", "title": "June 12, 2018\u2014KB4284867 (Security-only update)", "type": "mskb", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-03-12T14:33:30", "bulletinFamily": "microsoft", "description": "<html><body><p>Learn more about update KB4284826, including improvements and fixes, any known issues, and how to get the update.</p><h2>Improvements and fixes</h2><div><p>This security update includes improvements and fixes that were a part of update <a data-content-id=\"4103713\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4103713</a> (released May 17, 2018) and addresses the following issues:</p><ul><li>Provides support to control use of Indirect Branch Prediction Barrier (IBPB) on some AMD processors (CPUs) for mitigating CVE-2017-5715, Spectre Variant 2 when switching from user context to kernel context. (See <a href=\"https://developer.amd.com/wp-content/resources/Architecture_Guidelines_Update_Indirect_Branch_Control.pdf\" managed-link=\"\" target=\"_blank\">AMD Architecture Guidelines for Indirect Branch Control</a> and <a href=\"https://www.amd.com/en/corporate/security-updates\">AMD Security Updates</a> for more details). For Windows client (IT pro) guidance, follow the instructions\u00a0in <a data-content-id=\"4073119\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4073119</a>. For Windows Server guidance,<strong> </strong>follow the instructions in\u00a0<a data-content-id=\"4072698\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4072698</a>.\u00a0Use these guidance documents to enable\u00a0use of IBPB on some AMD processors (CPUs) for mitigating Spectre Variant 2 when switching from user context to kernel context.</li><li>Provides protections from an additional subclass of speculative execution side channel vulnerability known as <a href=\"https://blogs.technet.microsoft.com/srd/2018/05/21/analysis-and-mitigation-of-speculative-store-bypass-cve-2018-3639/\">Speculative Store Bypass</a> (CVE-2018-3639). These protections\u00a0aren't enabled by default. For Windows client (IT pro) guidance, follow the instructions\u00a0in <a data-content-id=\"4073119\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4073119</a>. For Windows Server guidance,<strong> </strong>follow the instructions in\u00a0<a data-content-id=\"4072698\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4072698</a>. Use this guidance document to enable mitigations for Speculative Store Bypass (CVE-2018-3639) in addition to the mitigations that have already been released for Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754).</li><li>Increased the Internet Explorer cookie limit from 50 to better align with industry standards.</li><li><p><span><span><span><span>Improves the reliability of Internet Explorer when using geolocation.</span></span></span></span></p></li><li>Security updates to Internet Explorer, Windows apps, Windows Server, Windows storage and filesystems, Windows wireless networking, and Windows virtualization and kernel.</li></ul><p>For more information about the resolved security vulnerabilities, see the <a href=\"https://portal.msrc.microsoft.com/security-guidance\">Security Update Guide</a>.</p></div><h2>Known issues in this update</h2><div><table class=\"table\"><tbody><tr><td>Symptom</td><td>Workaround</td></tr><tr><td valign=\"top\">After you apply this update, the network interface controller may stop working on some client software configurations. This occurs because of an issue related to a missing file, oem&lt;number&gt;.inf. The exact problematic configurations are currently unknown.</td><td valign=\"top\"><ol><li>To locate the network device, launch devmgmt.msc; it may appear under Other Devices.</li><li>To automatically rediscover the NIC and install drivers, select\u00a0<strong>Scan for Hardware Changes</strong> from the Action menu.</li></ol><p class=\"indent-1\">a. Alternatively, install the drivers for the network device by right-clicking the device and selecting\u00a0<strong>Update</strong>.<strong> </strong>Then select\u00a0<strong>Search automatically for updated driver software</strong>\u00a0or <strong>Browse my computer for driver software</strong>.</p></td></tr></tbody></table></div><h2>How to get this update</h2><div><p>This update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the\u00a0<a href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4284826\">Microsoft Update Catalog</a>\u00a0website.</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://download.microsoft.com/download/2/2/0/2209FFEF-4DEA-411C-93C1-B240F8F6691C/4284826.csv\" target=\"\">file information for update 4284826</a>.\u00a0</p></div></body></html>", "modified": "2018-09-10T17:00:31", "id": "KB4284826", "href": "https://support.microsoft.com/en-us/help/4284826/", "published": "2018-09-10T16:59:39", "title": "June 12, 2018\u2014KB4284826 (Monthly Rollup)", "type": "mskb", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-03-12T14:31:50", "bulletinFamily": "microsoft", "description": "<html><body><p>Learn more about update KB4480970, including improvements and fixes, any known issues, and how to get the update.</p><h2>Improvements and fixes</h2><div><p>This security update addresses the following issues:</p><ul><li><p>Provides protections against an additional subclass of speculative execution side-channel vulnerability known as <a href=\"https://blogs.technet.microsoft.com/srd/2018/05/21/analysis-and-mitigation-of-speculative-store-bypass-cve-2018-3639/\" managed-link=\"\" target=\"_blank\">Speculative Store Bypass</a> (CVE-2018-3639) for AMD-based computers. These protections aren't enabled by default. For Windows client (IT pro) guidance, follow the instructions in <a data-content-id=\"4073119\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"\">KB4073119</a>. For Windows Server guidance,<strong> </strong>follow the instructions in <a data-content-id=\"4072698\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"\">KB4072698</a>. Use these guidance documents to enable mitigations for Speculative Store Bypass (CVE-2018-3639). Additionally, use the mitigations that have already been released for Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754).</p></li><li><p>Addresses an issue that affects PowerShell remoting loop back using non-administrator accounts. For more details, see <a href=\"https://blogs.msdn.microsoft.com/powershell/2019/01/10/windows-security-change-affecting-powershell/\" managed-link=\"\" target=\"_blank\">Windows Security change affecting PowerShell</a>.\u00a0</p></li><li>Security updates to Windows Kernel, Windows Storage and Filesystems, Windows Wireless Networking, and the Microsoft JET Database Engine.</li></ul><p>For more information about the resolved security vulnerabilities, please refer to the <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/security-guidance\" managed-link=\"\" target=\"_blank\">Security Update Guide</a>.</p></div><h2>Known issues in this update</h2><table class=\"table\"><tbody><tr><td>Symptom</td><td>Workaround</td></tr><tr><td>After you apply this update, the network interface controller may stop working on some client software configurations. This occurs because of an issue related to a missing file, oem&lt;number&gt;.inf. The exact problematic configurations are currently unknown.</td><td><ol><li>To locate the network device, launch devmgmt.msc. It may appear under <strong>Other Devices</strong>.</li><li>To automatically rediscover the NIC and install drivers, select <strong>Scan for Hardware Changes</strong> from the <strong>Action</strong> menu.<ul><li>Alternatively, install the drivers for the network device by right-clicking the device and choosing <strong>Update</strong>.<strong> </strong>Then choose <strong>Search automatically for updated driver software </strong>or <strong>Browse my computer for driver software</strong>.</li></ul></li></ol></td></tr><tr><td><p>Some users are reporting activation failures and \"Not genuine\" notifications starting around January 8, 2019, or later, on volume-licensed Windows 7 KMS clients. Notifications may state:</p><ul><li>\"Windows is not genuine.\"</li><li>\u201cYour computer might be running a counterfeit copy of Windows.\u201d</li><li>On screen errors and logged events reference \u201c0xC004F200 (non-genuine).\u201d</li></ul></td><td><p><strong>Note</strong> The timing of this issue coincides with the release of the January updates (KB4480960 and KB4480970) that were released on Tuesday, January 8, 2019. These events are not related.</p><p>The issue has been corrected on the backend Microsoft Activation and Validation servers. If you are affected by this issue, please follow the guidance in the Knowledge Base Help article, <a data-content-id=\"4487266\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4487266</a>.</p></td></tr><tr><td><span>Local users who are part of the local \u201cAdministrators\u201c group may not be able to remotely access shares on Windows Server 2008 R2 and Windows 7 machines after installing the January 8^th, 2019 security updates. This does not affect domain accounts in the local \"Administrators\" group.</span><span> </span></td><td><p>This issue is resolved in <a data-content-id=\"4487345\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4487345</a>.</p></td></tr><tr><td>Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, \u201cUnrecognized Database Format\u201d.</td><td><p>This issue is resolved in <a data-content-id=\"4486563\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4486563</a>.</p></td></tr><tr><td><p>\u00a0</p><p>After installing this update, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, \u201cFailed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).\u201d</p><p><span><span><span>This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.</span></span></span></p></td><td><p>This issue is resolved in <a data-content-id=\"4490511\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4490511</a>.</p></td></tr><tr><td>After installing this update, the Event Viewer may not show some event descriptions for network interface cards (NIC).</td><td><p>This issue is resolved in <a data-content-id=\"4489878\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4489878</a>.</p></td></tr><tr><td><p>After installing this update, Internet Explorer 11 and other applications that use <strong>WININET.DLL</strong> may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:</p><ul style=\"list-style-type:disc\" type=\"disc\"><li><span>Cache size and location show zero or empty.</span></li><li><span>Keyboard shortcuts may not work properly.</span></li><li><span>Webpages may intermittently fail to load or render correctly.</span></li><li><span>Issues with credential prompts.</span></li><li><span><span>Issues when downloading files.</span></span></li></ul></td><td><p>This issue is resolved in <a data-content-id=\"4493472\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4493472</a>.</p><span></span><br/>\u00a0</td></tr></tbody></table><h2>How to get this update</h2><div><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes.\u00a0</p><p>If you are using Windows Update, the latest SSU\u00a0(<a data-content-id=\"3177467\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"\">KB3177467</a>) will be offered to you automatically.\u00a0To get the stand-alone package for the latest\u00a0SSU, go to the\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Microsoft Update Catalog</a>.\u00a0</p><p><strong>Install this update</strong></p><p>This update will be downloaded and installed automatically from Windows Update. To get the stand-alone package for this update, go to the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480970\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>\u00a0website.</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://download.microsoft.com/download/1/6/2/16273E0B-1F86-4492-A14D-BAD562854D3E/4480970.csv\" managed-link=\"\" target=\"_blank\">file information for update 4480970</a>.\u00a0</p></div></body></html>", "modified": "2019-04-09T19:00:38", "id": "KB4480970", "href": "https://support.microsoft.com/en-us/help/4480970/", "published": "2019-04-09T19:00:20", "title": "January 8, 2019\u2014KB4480970 (Monthly Rollup)", "type": "mskb", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-03-15T14:41:32", "bulletinFamily": "microsoft", "description": "<html><body><p>Learn more about update KB4467708, including improvements and fixes, any known issues, and how to get the update.</p><h2></h2><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><p class=\"alert-title\">Note</p><div class=\"row\"><div class=\"col-xs-24\"><p>This release also contains updates for Microsoft HoloLens (OS Build 17763.134) released November 13, 2018.</p><p>Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.</p></div></div></div></div><h2>Improvements and fixes</h2><p>This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:</p><ul><li>Provides protections against an additional subclass of speculative execution side-channel vulnerability known as <a data-content-id=\"\" data-content-type=\"\" href=\"https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fblogs.technet.microsoft.com%2Fsrd%2F2018%2F05%2F21%2Fanalysis-and-mitigation-of-speculative-store-bypass-cve-2018-3639%2F&amp;data=02%7C01%7Cv-shros%40microsoft.com%7C5d87d9af06654ddfae0908d643dadab2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636771004591485932&amp;sdata=ZBLM6Ewct67PtrDhap8e6JnvWTAsOtU7yv%2FrYG5BrzM%3D&amp;reserved=0\" managed-link=\"\" target=\"_blank\">Speculative Store Bypass</a> (CVE-2018-3639) for AMD-based computers. These protections aren't enabled by default. For Windows client (IT pro) guidance, follow the instructions in <a data-content-id=\"4073119\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4073119</a>. For Windows Server guidance,<strong> </strong>follow the instructions in <a data-content-id=\"4072698\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4072698</a>. Use these guidance documents to enable mitigations for Speculative Store Bypass (CVE-2018-3639). Additionally, use the mitigations that have already been released for Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754).</li><li>Addresses an issue that prevents users from signing in to a Microsoft account (MSA) as a different user if signing in a second time.</li><li>Addresses an issue that denies file system access to Internet of Things (IoT) Universal Windows Platform (UWP) apps that require this capability.</li><li>Addresses an issue that causes the on-screen keyboard to appear when running automated tests or when you install a physical keyboard.</li><li>Security updates to Microsoft Edge, Windows Scripting, Internet Explorer, Windows App Platform and Frameworks, Windows Graphics, Windows Media, Windows Kernel, Windows Server, and Windows Wireless Networking.</li></ul><p>If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.</p><p>For more information about the resolved security vulnerabilities, please refer to the <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/security-guidance\" managed-link=\"\" target=\"_blank\">Security Update Guide</a>.</p><h2>Known issues in this update</h2><table class=\"table\"><tbody><tr><td>Symptom</td><td>Workaround</td></tr><tr valign=\"top\"><td><p>After installing this update, some users cannot set Win32 program defaults for certain app and file type combinations using the <strong>Open with\u2026</strong> command or <strong>Settings </strong>&gt; <strong>Apps </strong>&gt; <strong>Default apps</strong>.</p>In some cases, Microsoft Notepad or other Win32 programs cannot be set as the default.</td><td><p>This issue is resolved in <a data-content-id=\"4469342\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4469342</a>.</p></td></tr><tr valign=\"top\"><td>After installing this update, users may not be able to use the <strong>Seek Bar</strong> in Windows Media Player when playing specific files.\u00a0This issue does not affect normal playback.</td><td>This issue is resolved in <a data-content-id=\"4471332\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4471332</a>.</td></tr><tr valign=\"top\"><td><p><span>nVidia has notified Microsoft of an issue where Microsoft Edge may crash or hang while playing video. This issue occurs following an nVidia driver update. \u00a0</span></p></td><td><span><span>nVidia has released an updated driver to address this issue. Please follow the instructions found in <u><a data-content-id=\"\" data-content-type=\"\" href=\"https://nvidia.custhelp.com/app/answers/detail/a_id/4745\" managed-link=\"\" originalsrc=\"https://nvidia.custhelp.com/app/answers/detail/a_id/4745\" shash=\"qd1z5CnN8jbWYpXx7G8bpQjXCetlpatL4gjcLqwxyKMMVajF1nhitVJrMxQegkYi4+ZnCu/uKUoaAZJbDXdx2wHWmMgHuFVz2WznkJjp3xDfU5yMa96KNQENxEVSRe5yHnI960W3DQPWZ0mxlzpQP/myc1ESYWiOL0r0qGxiOqE=\" target=\"\">nVidia's support article.</a>\u00a0</u></span></span></td></tr></tbody></table><h2>How to get this update</h2><div><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes.\u00a0For more information, see <a data-content-id=\"\" data-content-type=\"\" href=\"https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates#why-should-servicing-stack-updates-be-installed-and-kept-up-to-date\" managed-link=\"\" target=\"_blank\">Servicing stack updates</a>.</p><p>If you are using Windows Update, the latest SSU (<a data-content-id=\"4465664\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4465664</a>) will be offered to you automatically. To get the stand-alone package for the latest SSU, go to the <a data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>.</p><p><strong>Install this update</strong></p><p>This update will be downloaded and installed automatically from Windows Update. To get the stand-alone package for this update, go to the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4467708 \" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>\u00a0website.</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://download.microsoft.com/download/7/C/9/7C98DF34-BA6A-435A-889E-090362011AFC/4467708.csv\" managed-link=\"\" target=\"_blank\">file information for cumulative update 4467708 </a>.</p></div></body></html>", "modified": "2019-03-11T08:27:34", "id": "KB4467708", "href": "https://support.microsoft.com/en-us/help/4467708/", "published": "2019-03-11T08:20:57", "title": "November 13, 2018\u2014KB4467708 (OS Build 17763.134)", "type": "mskb", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-03-18T14:32:52", "bulletinFamily": "microsoft", "description": "<html><body><p>Learn more about update KB4467691, including improvements and fixes, any known issues, and how to get the update.</p><h2></h2><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><em>Windows 10, version 1607, reached end of service on April 10, 2018. Devices running Windows 10 Home or Pro editions will no longer receive monthly security and quality updates that contain protection from the latest security threats. </em><em>To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.</em></p><p><strong>IMPORTANT:\u00a0 </strong> Windows 10 Enterprise and Windows 10 Education editions will receive six months of additional servicing at no cost. Devices on the Long-Term Servicing Channels (LTSC) will continue to receive updates until October 2026\u00a0per the <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/lifecycle/search?alpha=Windows%2010\" managed-link=\"\" target=\"_blank\">Lifecycle Policy page</a>. Windows 10 Anniversary Update (v. 1607) devices running the Intel \u201cClovertrail\u201d chipset will continue to receive updates until January 2023 per the <a data-content-id=\"\" data-content-type=\"\" href=\"https://answers.microsoft.com/{lang-locale}/windows/forum/windows_10-windows_install/intel-clover-trail-processors-are-not-supported-on/ed1823d3-c82c-4d7f-ba9d-43ecbcf526e9?auth=1\" managed-link=\"\" target=\"_blank\">Microsoft Community blog</a>.</p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><em>Windows Server 2016 Standard edition, Nano Server installation option and Windows Server 2016 Datacenter edition, Nano Server installation option </em><em> reached end of service on October 9, 2018 </em> .<em> These editions will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.</em></p></div></div></div></div><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"row\"><div class=\"col-xs-24\"><p><em>Windows 10 Mobile, version 1607, reached end of service on October 8, 2018. Devices running Windows 10 Mobile and Windows 10 Mobile Enterprise will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10. </em></p></div></div></div></div><h2>Improvements and fixes</h2><p>This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:</p><ul><li>Provides protections against an additional subclass of speculative execution side-channel vulnerability known as <a data-content-id=\"\" data-content-type=\"\" href=\"https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fblogs.technet.microsoft.com%2Fsrd%2F2018%2F05%2F21%2Fanalysis-and-mitigation-of-speculative-store-bypass-cve-2018-3639%2F&amp;data=02%7C01%7Cv-shros%40microsoft.com%7C5d87d9af06654ddfae0908d643dadab2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636771004591485932&amp;sdata=ZBLM6Ewct67PtrDhap8e6JnvWTAsOtU7yv%2FrYG5BrzM%3D&amp;reserved=0\" managed-link=\"\" target=\"_blank\">Speculative Store Bypass</a> (CVE-2018-3639) for AMD-based computers. These protections aren't enabled by default. For Windows client (IT pro) guidance, follow the instructions in <a data-content-id=\"4073119\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"\">KB4073119</a>. For Windows Server guidance,<strong> </strong>follow the instructions in <a data-content-id=\"4072698\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4072698</a>. Use these guidance documents to enable mitigations for Speculative Store Bypass (CVE-2018-3639). Additionally, use the mitigations that have already been released for Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754).</li><li>Security updates to Microsoft Edge, Internet Explorer, Windows Scripting, Windows App Platform and Frameworks, Windows Graphics, Windows Wireless Networking, Windows Kernel, and Windows Server .</li></ul><p>If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.</p><p>For more information about the resolved security vulnerabilities, please refer to the <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/security-guidance\" managed-link=\"\" target=\"_blank\">Security Update Guide</a>.</p><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><p class=\"alert-title\">Windows Update Improvements</p><div class=\"row\"><div class=\"col-xs-24\"><p>Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.</p></div></div></div></div><h2>Known issues in this update</h2><div><table class=\"table\"><tbody><tr><td>Symptom</td><td>Workaround</td></tr><tr><td>After installing this update, installation and client activation of Windows Server 2019 and 1809 LTSC Key Management Service (KMS) (CSVLK) host keys do not work as expected.</td><td>This issue is resolved in <a data-content-id=\"4467684\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4467684</a>.</td></tr><tr><td><span><span><span>After installing this update, Windows Server 2016 promotions that create non-root domains fail in forests in which <a data-content-id=\"\" data-content-type=\"\" href=\"https://msdn.microsoft.com/library/dd304202.aspx\" managed-link=\"\" target=\"_blank\">optional features</a> like Active Directory recycle have been enabled. The error is, \u201cThe replication operation encountered a database error\u201d.</span></span></span></td><td><p>This issue is resolved in <a data-content-id=\"4467684\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4467684</a>.</p></td></tr><tr><td><p>After you install the <a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://blogs.msdn.microsoft.com/dotnet/2018/08/30/net-framework-august-2018-preview-of-quality-rollup/\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">August Preview of Quality Rollup</a> or <a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://blogs.msdn.microsoft.com/dotnet/2018/09/11/net-framework-september-2018-security-and-quality-rollup\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">September 11,\u00a02018 .NET Framework update</a>, instantiation of SqlConnection can throw an exception. For more information about this issue, see the following article in the Microsoft Knowledge Base:</p><p><a data-content-id=\"4470809\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4470809</a> SqlConnection instantiation exception on .NET 4.6 and later after August-September 2018 .NET Framework updates.</p></td><td>This issue is resolved in <a data-content-id=\"4480977\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4480977</a>.</td></tr><tr><td>After installing this update, users may not be able to use the <strong>Seek Bar</strong> in Windows Media Player when playing specific files.\u00a0This issue does not affect normal playback.</td><td>This issue is resolved in <a data-content-id=\"4471321\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4471321</a>.</td></tr><tr><td>After installing <a data-content-id=\"4467691\" data-content-type=\"article\" href=\"\" managed-link=\"\">KB4467691</a>, Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.</td><td><p>Restart the affected machine using the Unified Extensible Firmware Interface (UEFI). Disable Secure Boot and then restart.</p><p>If BitLocker is enabled on your machine, you may have to go through BitLocker recovery after Secure Boot has been disabled.</p><span><span><span>Lenovo and Fujitsu are aware of this issue. Please contact your OEM to ask if there is a firmware update available for your device.</span></span></span></td></tr></tbody></table></div><h2>How to get this update</h2><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For more information, see <a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates#why-should-servicing-stack-updates-be-installed-and-kept-up-to-date\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Servicing stack updates</a>.</p><p>If you are using Windows Update, the latest SSU (<a data-content-id=\"4465659\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"\">KB4465659</a>) will be offered to you automatically. To get the stand-alone package for the latest SSU, go to the <a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Microsoft Update Catalog</a>.</p><p><strong>Install this update</strong></p><p>This update will be downloaded and installed automatically from Windows Update. To get the stand-alone package for this update, go to the <a data-content-id=\"\" data-content-type=\"\" href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4467691\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a> website.</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the <a data-content-id=\"\" data-content-type=\"\" href=\"http://download.microsoft.com/download/1/4/6/14630A0F-13BF-43E2-ADE1-952DF14095D1/4467691.csv\" managed-link=\"\" target=\"_blank\">file information for cumulative update 4467691</a>.</p></body></html>", "modified": "2019-03-12T06:37:27", "id": "KB4467691", "href": "https://support.microsoft.com/en-us/help/4467691/", "published": "2019-03-12T06:37:20", "title": "November 13, 2018\u2014KB4467691 (OS Build 14393.2608)", "type": "mskb", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-03-15T14:32:18", "bulletinFamily": "microsoft", "description": "<html><body><p>Learn more about update KB4467686, including improvements and fixes, any known issues, and how to get the update.</p><h2>Improvements and fixes</h2><p>This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:</p><ul><li>Provides protections against an additional subclass of speculative execution side-channel vulnerability known as <a data-content-id=\"\" data-content-type=\"\" href=\"https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fblogs.technet.microsoft.com%2Fsrd%2F2018%2F05%2F21%2Fanalysis-and-mitigation-of-speculative-store-bypass-cve-2018-3639%2F&amp;data=02%7C01%7Cv-shros%40microsoft.com%7C5d87d9af06654ddfae0908d643dadab2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636771004591485932&amp;sdata=ZBLM6Ewct67PtrDhap8e6JnvWTAsOtU7yv%2FrYG5BrzM%3D&amp;reserved=0\" managed-link=\"\" target=\"_blank\">Speculative Store Bypass</a> (CVE-2018-3639) for AMD-based computers. These protections aren't enabled by default. For Windows client (IT pro) guidance, follow the instructions in <a data-content-id=\"4073119\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4073119</a>. For Windows Server guidance,<strong> </strong>follow the instructions in <a data-content-id=\"4072698\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4072698</a>. Use these guidance documents to enable mitigations for Speculative Store Bypass (CVE-2018-3639). Additionally, use the mitigations that have already been released for Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754).</li><li>Security updates to Windows Scripting, Internet Explorer, Microsoft Edge, Windows Media, Windows Graphics, Windows App Platform and Frameworks, Windows Server, Windows Kernel, and Windows Virtualization and Kernel .</li></ul><p>If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.</p><p>For more information about the resolved security vulnerabilities, please refer to the <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/security-guidance\" managed-link=\"\" target=\"_blank\">Security Update Guide</a>.</p><h2>Known issues in this update</h2><table class=\"table\"><tbody><tr><td>Symptom</td><td>Workaround</td></tr><tr><td><p>After you install the <a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://blogs.msdn.microsoft.com/dotnet/2018/08/30/net-framework-august-2018-preview-of-quality-rollup/\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">August Preview of Quality Rollup</a> or <a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://blogs.msdn.microsoft.com/dotnet/2018/09/11/net-framework-september-2018-security-and-quality-rollup\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">September 11,\u00a02018 .NET Framework update</a>, instantiation of SqlConnection can throw an exception. For more information about this issue, see the following article in the Microsoft Knowledge Base:</p><p><a data-content-id=\"4470809\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4470809</a> SqlConnection instantiation exception on .NET 4.6 and later after August-September 2018 .NET Framework updates.</p></td><td>This issue is resolved in <a data-content-id=\"4480967\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4480967</a>.</td></tr><tr><td>After installing this update, users may not be able to use the <strong>Seek Bar</strong> in Windows Media Player when playing specific files.\u00a0This issue does not affect normal playback.</td><td>This issue is resolved in <a data-content-id=\"4471329\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4471329</a>.</td></tr></tbody></table><h2>How to get this update</h2><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For more information, see <a data-content-id=\"\" data-content-type=\"\" href=\"https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates#why-should-servicing-stack-updates-be-installed-and-kept-up-to-date\" managed-link=\"\" target=\"_blank\">Servicing stack updates</a>.</p><p>If you are using Windows Update, the latest SSU (<a data-content-id=\"4465661\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4465661</a>) will be offered to you automatically. To get the stand-alone package for the latest SSU, go to the <a href=\"http://www.catalog.update.microsoft.com/home.aspx\" target=\"_blank\">Microsoft Update Catalog</a>.</p><p><strong>Install this update</strong></p><p>This update will be downloaded and installed automatically from Windows Update. To get the stand-alone package for this update, go to the <a data-content-id=\"\" data-content-type=\"\" href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4467686\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a> website.</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the <a data-content-id=\"\" data-content-type=\"\" href=\"http://download.microsoft.com/download/7/E/0/7E049920-7A96-40D7-A723-E73E2DBDE1BC/4467686.csv\" managed-link=\"\" target=\"_blank\">file information for cumulative update 4467686</a>.</p></body></html>", "modified": "2019-03-12T05:48:45", "id": "KB4467686", "href": "https://support.microsoft.com/en-us/help/4467686/", "published": "2019-03-12T05:48:38", "title": "November 13, 2018\u2014KB4467686 (OS Build 16299.785)", "type": "mskb", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2020-03-15T14:41:23", "bulletinFamily": "microsoft", "description": "<html><body><p>Learn more about update KB4467702, including improvements and fixes, any known issues, and how to get the update.</p><h2>Improvements and fixes</h2><p>This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:</p><ul><li>Provides protections against an additional subclass of speculative execution side-channel vulnerability known as <a data-content-id=\"\" data-content-type=\"\" href=\"https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fblogs.technet.microsoft.com%2Fsrd%2F2018%2F05%2F21%2Fanalysis-and-mitigation-of-speculative-store-bypass-cve-2018-3639%2F&amp;data=02%7C01%7Cv-shros%40microsoft.com%7C5d87d9af06654ddfae0908d643dadab2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636771004591485932&amp;sdata=ZBLM6Ewct67PtrDhap8e6JnvWTAsOtU7yv%2FrYG5BrzM%3D&amp;reserved=0\" managed-link=\"\" target=\"_blank\">Speculative Store Bypass</a> (CVE-2018-3639) for AMD-based computers. These protections aren't enabled by default. For Windows client (IT pro) guidance, follow the instructions in <a data-content-id=\"4073119\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4073119</a>. For Windows Server guidance,<strong> </strong>follow the instructions in <a data-content-id=\"4072698\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4072698</a>. Use these guidance documents to enable mitigations for Speculative Store Bypass (CVE-2018-3639). Additionally, use the mitigations that have already been released for Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754).</li><li>Addresses an issue that may prevent developer tools (F12) from starting in Microsoft Edge.</li><li>Security updates to Microsoft Edge, Internet Explorer, Windows Scripting, Windows App Platform and Frameworks, Windows Graphics, Windows Graphics, Windows Media, Windows Wireless Networking, Windows Kernel, and Windows Server .</li></ul><p>If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.</p><p>For more information about the resolved security vulnerabilities, please refer to the <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/security-guidance\" managed-link=\"\" target=\"_blank\">Security Update Guide</a>.</p><h2>Known issues in this update</h2><table class=\"table\"><tbody><tr><td>Symptom</td><td>Workaround</td></tr><tr><td><p>After you install the <a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://blogs.msdn.microsoft.com/dotnet/2018/08/30/net-framework-august-2018-preview-of-quality-rollup/\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">August Preview of Quality Rollup</a> or <a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://blogs.msdn.microsoft.com/dotnet/2018/09/11/net-framework-september-2018-security-and-quality-rollup\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">September 11,\u00a02018 .NET Framework update</a>, instantiation of SqlConnection can throw an exception. For more information about this issue, see the following article in the Microsoft Knowledge Base:</p><p><a data-content-id=\"4470809\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4470809</a> SqlConnection instantiation exception on .NET 4.6 and later after August-September 2018 .NET Framework updates.</p></td><td>This issue is resolved in <a data-content-id=\"4480976\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4480976</a>.</td></tr><tr><td><p>After installing this update, some users cannot set Win32 program defaults for certain app and file type combinations using the <strong>Open with\u2026</strong> command or <strong>Settings </strong>&gt; <strong>Apps </strong>&gt; <strong>Default apps</strong>.</p>In some cases, Microsoft Notepad or other Win32 programs cannot be set as the default.</td><td><p>This issue is resolved in <a data-content-id=\"4467682\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4467682</a>.</p></td></tr><tr><td>After installing this update, users may not be able to use the <strong>Seek Bar</strong> in Windows Media Player when playing specific files.\u00a0This issue does not affect normal playback.</td><td>This issue is resolved in <a data-content-id=\"4471324\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4471324</a>.</td></tr></tbody></table><h2>How to get this update</h2><div><p><strong>Before installing this update</strong></p><p>Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes.\u00a0For more information, see\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates#why-should-servicing-stack-updates-be-installed-and-kept-up-to-date\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Servicing stack updates</a>.</p><p>If you are using Windows Update, the latest SSU\u00a0(<a data-content-id=\"4465663\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4465663</a>) will be offered to you automatically.\u00a0To get the stand-alone package for the latest\u00a0SSU, go to the\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" href=\"http://www.catalog.update.microsoft.com/home.aspx\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Microsoft Update Catalog</a>.\u00a0</p><p><strong>Install this update</strong></p><p>This update will be downloaded and installed automatically from Windows Update. To get the stand-alone package for this update, go to the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4467702\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>\u00a0website.</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://download.microsoft.com/download/C/2/C/C2C34235-8C66-44DD-8C67-CFC31239DE16/4467702.csv\" managed-link=\"\" target=\"_blank\">file information for cumulative update 4467702</a>.\u00a0</p></div></body></html>", "modified": "2019-03-11T06:45:37", "id": "KB4467702", "href": "https://support.microsoft.com/en-us/help/4467702/", "published": "2019-03-11T06:45:31", "title": "November 13, 2018\u2014KB4467702 (OS Build 17134.407)", "type": "mskb", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-09-11T12:30:13", "bulletinFamily": "microsoft", "description": "<html><body><p>Learn more about update KB4480972, including improvements and fixes, any known issues, and how to get the update.</p><h2>Improvements and fixes</h2><div><p>This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:</p><ul><li>Provides protections against an additional subclass of speculative execution side-channel vulnerability known as <a href=\"https://blogs.technet.microsoft.com/srd/2018/05/21/analysis-and-mitigation-of-speculative-store-bypass-cve-2018-3639/\" managed-link=\"\" target=\"_blank\">Speculative Store Bypass</a> (CVE-2018-3639) for AMD-based computers. These protections aren't enabled by default. For Windows Server guidance,<strong> </strong>follow the instructions in <a data-content-id=\"4072698\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"\">KB4072698</a>. Use this guidance document to enable mitigations for Speculative Store Bypass (CVE-2018-3639). Additionally, use the mitigations that have already been released for Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754).</li><li><p>Addresses an issue that affects PowerShell remoting loop back using non-administrator accounts. For more details, see <a href=\"https://blogs.msdn.microsoft.com/powershell/2019/01/10/windows-security-change-affecting-powershell/\" managed-link=\"\" target=\"_blank\">Windows Security change affecting PowerShell</a>.\u00a0</p></li><li>Addresses an issue that prevents cross-era navigation\u00a0in the Japanese Calendar view. For more information, see <a data-content-id=\"4469068\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4469068</a>.</li><li>Addresses an issue related to the date format for the Japanese Era calendar. For more information, see <a data-content-id=\"4469068\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4469068</a>.</li><li>Addresses an issue that causes the <strong>GetCalendarInfo</strong> function to return a wrong value for the Japanese Era. For more information, see <a data-content-id=\"4469068\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4469068</a>.</li><li>Security updates to Windows App Platform and Frameworks, Windows MSXML, Windows Kernel, Windows Storage and Filesystems, Windows Wireless Networking, and the Microsoft JET Database Engine.</li></ul><p>For more information about the resolved security vulnerabilities, please refer to the <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/security-guidance\" managed-link=\"\" target=\"_blank\">Security Update Guide</a>.</p></div><h2>Known issues in this update</h2><div><table class=\"table\"><tbody><tr><td>Symptom</td><td>Workaround</td></tr><tr><td><span>Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, \u201cUnrecognized Database Format\u201d.</span></td><td><p>This issue is resolved in <a data-content-id=\"4486993\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4486993</a>.</p></td></tr><tr><td><p>After installing this update, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, \u201cFailed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).\u201d</p><p><span><span><span>This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.</span></span></span></p></td><td><p>This issue is resolved in\u00a0<a data-content-id=\"4490516\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4490516</a>.</p></td></tr><tr><td><p>After installing this update, Internet Explorer 10 and other applications that use <strong>WININET.DLL\u00a0</strong>may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:</p><ul style=\"list-style-type:disc\" type=\"disc\"><li><span>Cache size and location show zero or empty.</span></li><li><span>Keyboard shortcuts may not work properly.</span></li><li><span>Webpages may intermittently fail to load or render correctly.</span></li><li><span>Issues with credential prompts.</span></li><li><span><span>Issues when downloading files.</span></span></li></ul></td><td><p>This issue is resolved in\u00a0<a data-content-id=\"4493450\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4493450</a>.</p></td></tr><tr><td><p>After installing this update, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as <strong>appendChild()</strong>, <strong>insertBefore()</strong>, and <strong>moveNode()</strong>.</p><span><span><span>The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.</span></span></span></td><td>This issue is resolved in\u00a0<a data-content-id=\"4493450\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB4493450</a>.</td></tr><tr><td>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.</td><td><p>Do one of the following:</p><ul><li><span> Perform the operation from a process that has administrator privilege.</span></li><li><span> Perform the operation from a node that doesn\u2019t have CSV ownership.</span></li></ul><span><span><span>Microsoft is working on a resolution and will provide an update in an upcoming release.</span></span></span></td></tr></tbody></table><p>\u00a0</p></div><h2>How to get this update</h2><div><p>This update is now available for installation through WSUS. To get the stand-alone package for this update, go to the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480972\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a>\u00a0website.</p><p><strong>File information</strong></p><p>For a list of the files that are provided in this update, download the\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"http://download.microsoft.com/download/7/5/D/75D6C049-6ACF-4E7C-828E-BA182B090272/4480972.csv\" managed-link=\"\" target=\"_blank\">file information for update 4480972</a>.\u00a0</p></div></body></html>", "modified": "2019-04-12T19:15:15", "id": "KB4480972", "href": "https://support.microsoft.com/en-us/help/4480972/", "published": "2019-04-12T19:14:50", "title": "January 8, 2019\u2014KB4480972 (Security-only update)", "type": "mskb", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}]}