EulerOS 2.0 SP3 : kernel (EulerOS-SA-2021-1079)

2021-01-20T00:00:00

Description

According to the versions of the kernel - A stack information leak flaw was found in s390/s390x - In the Android kernel in the video driver there is a - An issue was discovered in the Linux kernel before - A locking inconsistency issue was discovered in the tty drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may - An out-of-bounds memory write flaw was found in how the This flaw allows an unauthenticated remote user to - A locking issue was discovered in the tty subsystem of drivers/tty/tty_jobctrl.c allows a use-after-free - An issue was discovered in romfs_dev_read in Uninitialized memory leaks to userspace, aka - Use-after-free vulnerability in fs/block_dev.c in the - The Linux kernel before version 5.8 is vulnerable to a _ports() that allows local users to cause a denial of - An issue was discovered in kmem_cache_alloc_bulk in - A flaw was found in the Linux kernel. A use-after-free - A buffer over-read (at the framebuffer layer) in the - A slab-out-of-bounds read in fbcon in the Linux kernel - Improper access control in BlueZ may allow an - In cdev_get of char_dev.c, there is a possible Android-10Android ID: A-153467744(CVE-2020-0305) - A flaw was found in the HDLC_PPP module of the Linux The highest threat from this vulnerability is to data - An issue was discovered in can_can_gw_rcv in cgw_csum_xor_rel) the tail of the skb (e.g. frag_list - In the Android kernel in Pixel C USB monitor driver - A pivot_root race condition in fs/ namespace.c in the - A flaw was found in the Linux kernel in versions before - In kbd_keycode of keyboard.c, there is a possible out AndroidVersions: Android kernelAndroid ID: A-144161459(CVE-2020-0431) - In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is AndroidVersions: Android kernelAndroid ID: A-151939299(CVE-2020-0433) - In the Linux kernel through 5.8.7, local attackers able - A memory out-of-bounds read flaw was found in the Linux - A TOCTOU mismatch in the NFS client code in the Linux - The rbd block device driver in drivers/block/rbd.c in - A race condition between hugetlb sysctl handlers in - A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root Note that Tenable Network Security has extracted packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : in the Linux kernel's memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data.(CVE-2020-10773) use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.(CVE-2019-9458) 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.(CVE-2019-20934) subsystem of the Linux kernel through 5.9.13. allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.(CVE-2020-29660) Linux kernel's Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-14305) the Linux kernel through 5.9.13. attack against TIOCSPGRP, aka CID-54ffccbf053b.(CVE-2020-29661) fs/romfs/storage.c in the Linux kernel before 5.8.4. CID-bcf85fcedfdd.(CVE-2020-29371) Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.(CVE-2020-15436) NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init service by using the p->serial_in pointer which uninitialized.(CVE-2020-15437) mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.(CVE-2020-29370) memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14351) fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.(CVE-2020-28915) before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.(CVE-2020-28974) unauthenticated user to potentially enable information disclosure via adjacent access.(CVE-2020-12352) use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. confidentiality and integrity as well as system availability.(CVE-2020-25643) net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user 'root' with CAP_NET_ADMIN can create a CAN frame modification rule that makes the data length code a higher value than the available CAN frame data size. In combination with a configured checksum calculation where the result is stored relatively to the end of the data (e.g. pointer in skb_shared_info) can be rewritten which finally can cause a system crash. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames.(CVE-2019-3701) there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.(CVE-2019-9456) Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter.(CVE-2020-12114) 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.(CVE-2020-25645) of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/ netfilter/ nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.(CVE-2020-25211) kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.(CVE-2020-14314) kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/ nfs/ nfs4proc.c instead of fs/ nfs/ nfs4xdr.c, aka CID-b4487b935452.(CVE-2020-25212) the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.(CVE-2020-25284) mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.(CVE-2020-25285) privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.(CVE-2020-14386) the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

{"id": "EULEROS_SA-2021-1079.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "EulerOS 2.0 SP3 : kernel (EulerOS-SA-2021-1079)", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A stack information leak flaw was found in s390/s390x in the Linux kernel's memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data.(CVE-2020-10773)\n\n - In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.(CVE-2019-9458)\n\n - An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.(CVE-2019-20934)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.(CVE-2020-29660)\n\n - An out-of-bounds memory write flaw was found in how the Linux kernel's Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720.\n This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-14305)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.(CVE-2020-29661)\n\n - An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4.\n Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.(CVE-2020-29371)\n\n - Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.(CVE-2020-15436)\n\n - The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.(CVE-2020-15437)\n\n - An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.(CVE-2020-29370)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14351)\n\n - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.(CVE-2020-28915)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.(CVE-2020-28974)\n\n - Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.(CVE-2020-12352)\n\n - In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:\n Android-10Android ID: A-153467744(CVE-2020-0305)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service.\n The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25643)\n\n - An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user 'root' with CAP_NET_ADMIN can create a CAN frame modification rule that makes the data length code a higher value than the available CAN frame data size. In combination with a configured checksum calculation where the result is stored relatively to the end of the data (e.g.\n cgw_csum_xor_rel) the tail of the skb (e.g. frag_list pointer in skb_shared_info) can be rewritten which finally can cause a system crash. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames.(CVE-2019-3701)\n\n - In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.(CVE-2019-9456)\n\n - A pivot_root race condition in fs/ namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter.(CVE-2020-12114)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.(CVE-2020-25645)\n\n - In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-144161459(CVE-2020-0431)\n\n - In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-151939299(CVE-2020-0433)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/ netfilter/ nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.(CVE-2020-25211)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.(CVE-2020-14314)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/ nfs/ nfs4proc.c instead of fs/ nfs/ nfs4xdr.c, aka CID-b4487b935452.(CVE-2020-25212)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.(CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.(CVE-2020-25285)\n\n - A flaw was found in the Linux kernel before 5.9-rc4.\n Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.(CVE-2020-14386)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2021-01-20T00:00:00", "modified": "2021-01-22T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/145201", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29370", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9456", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3701", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25212", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0431", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28974", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28915", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15437", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14386", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25643", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15436", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25285", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25211", "http://www.nessus.org/u?83f9eb52", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12114", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0305", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29660", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29371", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14314", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0433", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25645", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9458", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29661", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12352", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25284", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14305", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14351", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10773", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20934"], "cvelist": ["CVE-2019-20934", "CVE-2019-3701", "CVE-2019-9456", "CVE-2019-9458", "CVE-2020-0305", "CVE-2020-0431", "CVE-2020-0433", "CVE-2020-10773", "CVE-2020-12114", "CVE-2020-12352", "CVE-2020-14305", "CVE-2020-14314", "CVE-2020-14351", "CVE-2020-14386", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25211", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29370", "CVE-2020-29371", "CVE-2020-29660", "CVE-2020-29661"], "immutableFields": [], "lastseen": "2023-05-28T14:09:55", "viewCount": 23, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:4431", "ALSA-2021:0558", "ALSA-2021:1578", "ALSA-2021:4356", "ALSA-2022:5316", "ALSA-2022:5344"]}, {"type": "altlinux", "idList": ["DA7EB86A979E50AA3788F1F41AC8607F"]}, {"type": "amazon", "idList": ["ALAS-2020-1430", "ALAS-2020-1437", "ALAS-2020-1446", "ALAS-2020-1462", "ALAS-2021-1461", "ALAS-2021-1477", "ALAS2-2020-1488", "ALAS2-2020-1495", "ALAS2-2020-1520", "ALAS2-2020-1556", "ALAS2-2020-1566", "ALAS2-2021-1588"]}, {"type": "androidsecurity", "idList": ["ANDROID:2019-09-01", "ANDROID:2020-06-01", "ANDROID:2020-09-01"]}, {"type": "archlinux", "idList": ["ASA-202010-2", "ASA-202010-3", "ASA-202010-4", "ASA-202010-9"]}, {"type": "centos", "idList": ["CESA-2019:2029", "CESA-2020:4060", "CESA-2020:5437", "CESA-2021:0856", "CESA-2021:2725"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:28D7D983C9283C1F04F738490F4E9234", "CFOUNDRY:2B547AA94018245E71F37CB94BA4EEBC", "CFOUNDRY:3B00E04C67EFB83F5D044A76DD92B52C", "CFOUNDRY:4C29708E9DB1757C4BE1AE571C33062C", "CFOUNDRY:63AC599C6730C4293761CECD360AA195", "CFOUNDRY:6842286EED83D27526CFF6743C20F98E", "CFOUNDRY:8CFF4A0AF748B0C857C01324EB35B6D4", "CFOUNDRY:A005A5D22D18F966EBF6C011F833E895", "CFOUNDRY:B46933C44EA4E2006B38E3D103AAF55E", "CFOUNDRY:BD71AB043932448695E8B3D20302D582", "CFOUNDRY:C1E34CFCE1CF9390C02BBA0BC55EE894"]}, {"type": "cloudlinux", "idList": ["CLSA-2021:1632261812", "CLSA-2021:1632261839"]}, {"type": "cve", "idList": ["CVE-2019-20934", "CVE-2019-3701", "CVE-2019-9456", "CVE-2019-9458", "CVE-2020-0305", "CVE-2020-0431", "CVE-2020-0433", "CVE-2020-10773", "CVE-2020-12114", "CVE-2020-12352", "CVE-2020-14305", "CVE-2020-14314", "CVE-2020-14351", "CVE-2020-14386", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25211", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-25662", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29370", "CVE-2020-29371", "CVE-2020-29660", "CVE-2020-29661"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1731-1:D19BD", "DEBIAN:DLA-1731-2:E6E1E", "DEBIAN:DLA-1771-1:3CE68", "DEBIAN:DLA-2241-1:DE3AB", "DEBIAN:DLA-2241-2:3E557", "DEBIAN:DLA-2242-1:573AF", "DEBIAN:DLA-2385-1:FDE93", "DEBIAN:DLA-2417-1:4ADAB", "DEBIAN:DLA-2420-1:692E7", "DEBIAN:DLA-2420-2:175D1", "DEBIAN:DLA-2483-1:37DA1", "DEBIAN:DLA-2494-1:12C95", "DEBIAN:DLA-2557-1:3E233", "DEBIAN:DLA-2586-1:6B2FD", "DEBIAN:DSA-4698-1:66813", "DEBIAN:DSA-4698-1:E1A7D", "DEBIAN:DSA-4699-1:122C4", "DEBIAN:DSA-4699-1:D5D43", "DEBIAN:DSA-4774-1:EE27B", "DEBIAN:DSA-4774-1:EF524", "DEBIAN:DSA-4843-1:3B37B", "DEBIAN:DSA-4843-1:6BD24"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-20934", "DEBIANCVE:CVE-2019-3701", "DEBIANCVE:CVE-2019-9456", "DEBIANCVE:CVE-2019-9458", "DEBIANCVE:CVE-2020-0305", "DEBIANCVE:CVE-2020-0431", "DEBIANCVE:CVE-2020-0433", "DEBIANCVE:CVE-2020-10773", "DEBIANCVE:CVE-2020-12114", "DEBIANCVE:CVE-2020-12352", "DEBIANCVE:CVE-2020-14305", "DEBIANCVE:CVE-2020-14314", "DEBIANCVE:CVE-2020-14351", "DEBIANCVE:CVE-2020-14386", "DEBIANCVE:CVE-2020-15436", "DEBIANCVE:CVE-2020-15437", "DEBIANCVE:CVE-2020-25211", "DEBIANCVE:CVE-2020-25212", "DEBIANCVE:CVE-2020-25284", "DEBIANCVE:CVE-2020-25285", "DEBIANCVE:CVE-2020-25643", "DEBIANCVE:CVE-2020-25645", "DEBIANCVE:CVE-2020-25662", "DEBIANCVE:CVE-2020-28915", "DEBIANCVE:CVE-2020-28974", "DEBIANCVE:CVE-2020-29370", "DEBIANCVE:CVE-2020-29371", "DEBIANCVE:CVE-2020-29660", "DEBIANCVE:CVE-2020-29661"]}, {"type": "exploitdb", "idList": ["EDB-ID:49754"]}, {"type": "f5", "idList": ["F5:K00194184", "F5:K17957133", "F5:K42355373", "F5:K46444421", "F5:K58523450", "F5:K65213626", "F5:K65234135", "F5:K67830124", "F5:K69232741"]}, {"type": "fedora", "idList": ["FEDORA:041196190421", "FEDORA:04868606351B", "FEDORA:14FCA30C8E50", "FEDORA:1CAC0608E6F2", "FEDORA:1F1BC30987DA", "FEDORA:20DCB60779B2", "FEDORA:22D77604972B", "FEDORA:2836F613193B", "FEDORA:296826040AED", "FEDORA:3266960F0E44", "FEDORA:3C394606D98F", "FEDORA:41B546014626", "FEDORA:4CEF5610D7CA", "FEDORA:4CF35608BFEA", "FEDORA:4D5AD601FDAC", "FEDORA:4F30C30A9F1B", "FEDORA:511986124F82", "FEDORA:511A7608E6E1", "FEDORA:52A7630CF28D", "FEDORA:5956060491DC", "FEDORA:5A4D662AE22C", "FEDORA:5B68260A5858", "FEDORA:690DE6022BA8", "FEDORA:6B66A6047312", "FEDORA:6B6B360567FC", "FEDORA:6B92130C7DAE", "FEDORA:6E67663233DB", "FEDORA:79EAC605FC25", "FEDORA:824E230A6A04", "FEDORA:85FBF6076011", "FEDORA:89C9C6051B3A", "FEDORA:8FD3E60491BA", "FEDORA:95A686085F81", "FEDORA:98E8F6079A11", "FEDORA:9E3D9606D195", "FEDORA:AAA6460491BA", "FEDORA:AFFEA30BBFB5", "FEDORA:B87B460876BA", "FEDORA:BBFE360460D0", "FEDORA:C49D061F375F", "FEDORA:C4D496071279", "FEDORA:C64AE6007F37", "FEDORA:C6AF860C4240", "FEDORA:D2B426045A04", "FEDORA:D90AA30C47EB", "FEDORA:DBB1B659CBE0", "FEDORA:E251030B5E26", "FEDORA:E37FD60924F1", "FEDORA:E88866014636", "FEDORA:E93AE6077DCD", "FEDORA:EF6BA6045A0C", "FEDORA:F417F60477C5"]}, {"type": "githubexploit", "idList": ["A10132DA-F650-5163-A3F9-DBE973D0187D"]}, {"type": "ibm", "idList": ["0AC735C19116A7FB66D9921F93B7D9FF1E6BB4F1F2A9AF8B4AA371BC3E7211BE", "180AC5D7287F51495B95E36020BFF2325D0F58CB7C4B6EA71A4C3D8EEB389808", "1B4C690B7DA33A4807087B34223ECB27C2AA91A91D536267A98B4BCEEB54A441", "2007FD1781CF2022D192260E43DD6A6A9D75EAE1E583F1FF51351C7A5D643FB1", "36F5A24A0FE05876D471A20F32BE0669E453AF841B04CDD94792F8F80EF7F4D4", "3CF3C789E67BC4BED4E00BAB92CFDEBBACDE7238E903B67252519FD7D01B4413", "4777AA656AFE2A7E99CB0D93F8BE73D4229AC1A8C767E59363E711B828FD7059", "4A13A3496FCF6B846B2A1DE1CDC0810F64A5ABAB123B9000E74EC8183260175D", "63C8B1DC63A3A0D366B1AA0E3DB24BD123F14B4EB29B74139B4FE1590E5E48A3", "65AC1B828E41A5505E1A8E4F6E7E2E7A2BE86DE58C539C97379A40C7ED8BBD9F", "8ABFA4E5F7F7D16B993F612C3D1D02C01C8CE6AE7447E041543F609DBD7909DE", "8B24753FF8758BF51E7C6001AC39E0EF90B14323A9756CCEF8AC68E99EF03367", "8FB323EC50EB5CCD3380176BF2571DDA8C7739DBF4BC558C9B57458B912FEEF7", "93800CB903FCF930D2442012C501177682436E51AEBEA85D7632953A9A31B533", "99CA14DDCA02DF626935C110FC2CC56905C90E51E33F2F0B0D000AA1599E99C5", "B208854B100603393ABFE63FA8975A55F6379CCD86BE9A76E5EA76BC92BEB365", "B98F811575D2E16065FC8E4C211A8B74BBF4DCEBB02BCE8974D057BDB7A7A3B4", "CDF395DCA76931626CDB7CC71C6A81A725FA69D7DD15259B58CC23FBAAF0244D", "D93D4935148F7F3B13EA6EFB252FC805F8785D44154C48C5441B79CADDEC8988", "F0AFFAB5446BEF6A6B346CA7237A1583252E55B1EA002352E7DFDFFB5796363C", "FA4B683BEB9B49C87C8F293AD46CC6FEDB68A76B71FDD62413EE14D604E1FE34"]}, {"type": "intel", "idList": ["INTEL:INTEL-SA-00435"]}, {"type": "kitploit", "idList": ["KITPLOIT:8656177976839178440"]}, {"type": "mageia", "idList": ["MGASA-2019-0097", "MGASA-2019-0098", "MGASA-2019-0171", "MGASA-2020-0355", "MGASA-2020-0392", "MGASA-2021-0030", "MGASA-2021-0031"]}, {"type": "nessus", "idList": ["AL2_ALAS-2020-1488.NASL", "AL2_ALAS-2020-1495.NASL", "AL2_ALAS-2020-1520.NASL", "AL2_ALAS-2020-1556.NASL", "AL2_ALAS-2020-1566.NASL", "AL2_ALAS-2021-1588.NASL", "AL2_ALASKERNEL-5_4-2022-015.NASL", "AL2_ALASKERNEL-5_4-2022-016.NASL", "AL2_ALASKERNEL-5_4-2022-017.NASL", "AL2_ALASKERNEL-5_4-2022-018.NASL", "AL2_ALASKERNEL-5_4-2022-019.NASL", "ALA_ALAS-2020-1430.NASL", "ALA_ALAS-2020-1437.NASL", "ALA_ALAS-2020-1446.NASL", "ALA_ALAS-2020-1462.NASL", "ALA_ALAS-2021-1461.NASL", "ALA_ALAS-2021-1477.NASL", "ALMA_LINUX_ALSA-2020-4431.NASL", "ALMA_LINUX_ALSA-2021-0558.NASL", "ALMA_LINUX_ALSA-2021-1578.NASL", "ALMA_LINUX_ALSA-2021-4356.NASL", "ALMA_LINUX_ALSA-2022-5316.NASL", "CENTOS8_RHSA-2020-4286.NASL", "CENTOS8_RHSA-2020-4431.NASL", "CENTOS8_RHSA-2020-4685.NASL", "CENTOS8_RHSA-2021-0003.NASL", "CENTOS8_RHSA-2021-1578.NASL", "CENTOS8_RHSA-2021-4140.NASL", "CENTOS8_RHSA-2021-4356.NASL", "CENTOS_RHSA-2019-2029.NASL", "CENTOS_RHSA-2020-4060.NASL", "CENTOS_RHSA-2020-5437.NASL", "CENTOS_RHSA-2021-0856.NASL", "CENTOS_RHSA-2021-2725.NASL", "DEBIAN_DLA-1731.NASL", "DEBIAN_DLA-1771.NASL", "DEBIAN_DLA-2241.NASL", "DEBIAN_DLA-2242.NASL", "DEBIAN_DLA-2385.NASL", "DEBIAN_DLA-2417.NASL", "DEBIAN_DLA-2420.NASL", "DEBIAN_DLA-2483.NASL", "DEBIAN_DLA-2494.NASL", "DEBIAN_DLA-2557.NASL", "DEBIAN_DLA-2586.NASL", "DEBIAN_DSA-4698.NASL", "DEBIAN_DSA-4699.NASL", "DEBIAN_DSA-4774.NASL", "DEBIAN_DSA-4843.NASL", "EULEROS_SA-2019-1028.NASL", "EULEROS_SA-2019-1131.NASL", "EULEROS_SA-2019-1234.NASL", "EULEROS_SA-2019-1259.NASL", "EULEROS_SA-2019-1512.NASL", "EULEROS_SA-2019-1519.NASL", "EULEROS_SA-2019-2693.NASL", "EULEROS_SA-2020-1112.NASL", "EULEROS_SA-2020-1186.NASL", "EULEROS_SA-2020-1592.NASL", "EULEROS_SA-2020-1606.NASL", "EULEROS_SA-2020-1674.NASL", "EULEROS_SA-2020-1698.NASL", "EULEROS_SA-2020-1958.NASL", "EULEROS_SA-2020-2011.NASL", "EULEROS_SA-2020-2151.NASL", "EULEROS_SA-2020-2166.NASL", "EULEROS_SA-2020-2176.NASL", "EULEROS_SA-2020-2303.NASL", "EULEROS_SA-2020-2311.NASL", "EULEROS_SA-2020-2353.NASL", "EULEROS_SA-2020-2411.NASL", "EULEROS_SA-2020-2429.NASL", "EULEROS_SA-2020-2443.NASL", "EULEROS_SA-2020-2514.NASL", "EULEROS_SA-2020-2549.NASL", "EULEROS_SA-2021-1009.NASL", "EULEROS_SA-2021-1028.NASL", "EULEROS_SA-2021-1039.NASL", "EULEROS_SA-2021-1056.NASL", "EULEROS_SA-2021-1148.NASL", "EULEROS_SA-2021-1200.NASL", "EULEROS_SA-2021-1265.NASL", "EULEROS_SA-2021-1311.NASL", "EULEROS_SA-2021-1386.NASL", "EULEROS_SA-2021-1454.NASL", "EULEROS_SA-2021-1531.NASL", "EULEROS_SA-2021-1604.NASL", "EULEROS_SA-2021-1642.NASL", "EULEROS_SA-2021-1684.NASL", "EULEROS_SA-2021-1751.NASL", "EULEROS_SA-2021-2040.NASL", "EULEROS_SA-2021-2140.NASL", "EULEROS_SA-2021-2392.NASL", "F5_BIGIP_SOL67830124.NASL", "FEDORA_2019-337484D88B.NASL", "FEDORA_2019-B0F7A7B74B.NASL", "FEDORA_2020-3C6FEDEB83.NASL", "FEDORA_2020-5920A7A0B2.NASL", "FEDORA_2020-AD980D282F.NASL", "FEDORA_2020-B732958765.NASL", "FEDORA_2020-B858B48B23.NASL", "FEDORA_2020-BC0CC81A7A.NASL", "FEDORA_2020-CE117EFF51.NASL", "FEDORA_2020-E288ACDA9A.NASL", "NEWSTART_CGSL_NS-SA-2020-0041_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2020-0108_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2021-0012_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2021-0025_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2021-0030_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2021-0051_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2021-0078_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2021-0104_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2021-0126_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2021-0169_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2021-0183_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0002_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0014_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0017_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0026_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0040_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0059_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0073_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0074_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0075_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0078_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0089_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2023-0017_KERNEL.NASL", "NUTANIX_NXSA-AOS-5_15_5.NASL", "NUTANIX_NXSA-AOS-5_15_5_5.NASL", "NUTANIX_NXSA-AOS-5_15_6.NASL", "NUTANIX_NXSA-AOS-5_15_7.NASL", "NUTANIX_NXSA-AOS-5_19_0_5.NASL", "NUTANIX_NXSA-AOS-5_19_1.NASL", "NUTANIX_NXSA-AOS-5_19_1_5.NASL", "NUTANIX_NXSA-AOS-5_19_2.NASL", "NUTANIX_NXSA-AOS-5_20.NASL", "NUTANIX_NXSA-AOS-5_20_2.NASL", "NUTANIX_NXSA-AOS-6_0.NASL", "NUTANIX_NXSA-AOS-6_0_1_5.NASL", "NUTANIX_NXSA-AOS-6_0_2.NASL", "NUTANIX_NXSA-AOS-6_1.NASL", "OPENSUSE-2019-2173.NASL", "OPENSUSE-2019-2181.NASL", "OPENSUSE-2020-1153.NASL", "OPENSUSE-2020-1236.NASL", "OPENSUSE-2020-1325.NASL", "OPENSUSE-2020-1379.NASL", "OPENSUSE-2020-1382.NASL", "OPENSUSE-2020-1586.NASL", "OPENSUSE-2020-1655.NASL", "OPENSUSE-2020-1682.NASL", "OPENSUSE-2020-1698.NASL", "OPENSUSE-2020-1901.NASL", "OPENSUSE-2020-1906.NASL", "OPENSUSE-2020-2034.NASL", "OPENSUSE-2020-2112.NASL", "OPENSUSE-2020-2161.NASL", "OPENSUSE-2020-2193.NASL", "OPENSUSE-2020-2260.NASL", "OPENSUSE-2020-543.NASL", "OPENSUSE-2020-801.NASL", "OPENSUSE-2020-935.NASL", "OPENSUSE-2021-241.NASL", "OPENSUSE-2021-242.NASL", "OPENSUSE-2021-60.NASL", "OPENSUSE-2021-75.NASL", "ORACLELINUX_ELSA-2019-4596.NASL", "ORACLELINUX_ELSA-2019-4600.NASL", "ORACLELINUX_ELSA-2019-4612.NASL", "ORACLELINUX_ELSA-2020-4276.NASL", "ORACLELINUX_ELSA-2020-4286.NASL", "ORACLELINUX_ELSA-2020-4685.NASL", "ORACLELINUX_ELSA-2020-5437.NASL", "ORACLELINUX_ELSA-2020-5845.NASL", "ORACLELINUX_ELSA-2020-5866.NASL", "ORACLELINUX_ELSA-2020-5879.NASL", "ORACLELINUX_ELSA-2020-5881.NASL", "ORACLELINUX_ELSA-2020-5884.NASL", "ORACLELINUX_ELSA-2020-5885.NASL", "ORACLELINUX_ELSA-2020-5912.NASL", "ORACLELINUX_ELSA-2020-5995.NASL", "ORACLELINUX_ELSA-2020-5996.NASL", "ORACLELINUX_ELSA-2021-0003.NASL", "ORACLELINUX_ELSA-2021-0336.NASL", "ORACLELINUX_ELSA-2021-0558.NASL", "ORACLELINUX_ELSA-2021-0856.NASL", "ORACLELINUX_ELSA-2021-1578.NASL", "ORACLELINUX_ELSA-2021-2725.NASL", "ORACLELINUX_ELSA-2021-4356.NASL", "ORACLELINUX_ELSA-2021-9001.NASL", "ORACLELINUX_ELSA-2021-9002.NASL", "ORACLELINUX_ELSA-2021-9006.NASL", "ORACLELINUX_ELSA-2021-9007.NASL", "ORACLELINUX_ELSA-2021-9030.NASL", "ORACLELINUX_ELSA-2021-9035.NASL", "ORACLELINUX_ELSA-2021-9037.NASL", "ORACLELINUX_ELSA-2021-9038.NASL", "ORACLELINUX_ELSA-2021-9039.NASL", "ORACLELINUX_ELSA-2021-9043.NASL", "ORACLELINUX_ELSA-2021-9079.NASL", "ORACLELINUX_ELSA-2021-9085.NASL", "ORACLELINUX_ELSA-2021-9086.NASL", "ORACLELINUX_ELSA-2021-9212.NASL", "ORACLELINUX_ELSA-2021-9346.NASL", "ORACLELINUX_ELSA-2021-9442.NASL", "ORACLELINUX_ELSA-2021-9459.NASL", "ORACLELINUX_ELSA-2022-5316.NASL", "ORACLEVM_OVMSA-2019-0014.NASL", "ORACLEVM_OVMSA-2020-0044.NASL", "ORACLEVM_OVMSA-2020-0051.NASL", "ORACLEVM_OVMSA-2021-0001.NASL", "ORACLEVM_OVMSA-2021-0005.NASL", "ORACLEVM_OVMSA-2021-0022.NASL", "ORACLEVM_OVMSA-2021-0030.NASL", "ORACLEVM_OVMSA-2021-0031.NASL", "ORACLEVM_OVMSA-2021-0035.NASL", "PHOTONOS_PHSA-2020-1_0-0323_LINUX.NASL", "PHOTONOS_PHSA-2020-1_0-0328_LINUX.NASL", "PHOTONOS_PHSA-2020-1_0-0330_LINUX.NASL", "PHOTONOS_PHSA-2020-1_0-0338_LINUX.NASL", "PHOTONOS_PHSA-2020-1_0-0350_LINUX.NASL", "PHOTONOS_PHSA-2020-2_0-0282_LINUX.NASL", "PHOTONOS_PHSA-2020-2_0-0286_LINUX.NASL", "PHOTONOS_PHSA-2020-2_0-0288_LINUX.NASL", "PHOTONOS_PHSA-2020-2_0-0295_LINUX.NASL", "PHOTONOS_PHSA-2020-3_0-0140_LINUX.NASL", "PHOTONOS_PHSA-2020-3_0-0142_LINUX.NASL", "PHOTONOS_PHSA-2020-3_0-0144_LINUX.NASL", "PHOTONOS_PHSA-2020-3_0-0160_LINUX.NASL", "PHOTONOS_PHSA-2020-3_0-0163_LINUX.NASL", "PHOTONOS_PHSA-2021-2_0-0308_LINUX.NASL", "PHOTONOS_PHSA-2021-3_0-0182_LINUX.NASL", "REDHAT-RHSA-2019-2029.NASL", "REDHAT-RHSA-2019-2043.NASL", "REDHAT-RHSA-2020-2854.NASL", "REDHAT-RHSA-2020-4060.NASL", "REDHAT-RHSA-2020-4062.NASL", "REDHAT-RHSA-2020-4276.NASL", "REDHAT-RHSA-2020-4277.NASL", "REDHAT-RHSA-2020-4278.NASL", "REDHAT-RHSA-2020-4279.NASL", "REDHAT-RHSA-2020-4280.NASL", "REDHAT-RHSA-2020-4281.NASL", "REDHAT-RHSA-2020-4286.NASL", "REDHAT-RHSA-2020-4287.NASL", "REDHAT-RHSA-2020-4288.NASL", "REDHAT-RHSA-2020-4289.NASL", "REDHAT-RHSA-2020-4331.NASL", "REDHAT-RHSA-2020-4332.NASL", "REDHAT-RHSA-2020-4431.NASL", "REDHAT-RHSA-2020-4609.NASL", "REDHAT-RHSA-2020-4685.NASL", "REDHAT-RHSA-2020-4686.NASL", "REDHAT-RHSA-2020-4990.NASL", "REDHAT-RHSA-2020-4991.NASL", "REDHAT-RHSA-2020-5199.NASL", "REDHAT-RHSA-2020-5437.NASL", "REDHAT-RHSA-2020-5441.NASL", "REDHAT-RHSA-2021-0003.NASL", "REDHAT-RHSA-2021-0004.NASL", "REDHAT-RHSA-2021-0184.NASL", "REDHAT-RHSA-2021-0189.NASL", "REDHAT-RHSA-2021-0336.NASL", "REDHAT-RHSA-2021-0338.NASL", "REDHAT-RHSA-2021-0354.NASL", "REDHAT-RHSA-2021-0526.NASL", "REDHAT-RHSA-2021-0537.NASL", "REDHAT-RHSA-2021-0558.NASL", "REDHAT-RHSA-2021-0686.NASL", "REDHAT-RHSA-2021-0689.NASL", "REDHAT-RHSA-2021-0760.NASL", "REDHAT-RHSA-2021-0763.NASL", "REDHAT-RHSA-2021-0765.NASL", "REDHAT-RHSA-2021-0774.NASL", "REDHAT-RHSA-2021-0848.NASL", "REDHAT-RHSA-2021-0856.NASL", "REDHAT-RHSA-2021-0857.NASL", "REDHAT-RHSA-2021-0862.NASL", "REDHAT-RHSA-2021-0878.NASL", "REDHAT-RHSA-2021-0940.NASL", "REDHAT-RHSA-2021-1028.NASL", "REDHAT-RHSA-2021-1031.NASL", "REDHAT-RHSA-2021-1267.NASL", "REDHAT-RHSA-2021-1288.NASL", "REDHAT-RHSA-2021-1376.NASL", "REDHAT-RHSA-2021-1531.NASL", "REDHAT-RHSA-2021-1578.NASL", "REDHAT-RHSA-2021-1739.NASL", "REDHAT-RHSA-2021-2164.NASL", "REDHAT-RHSA-2021-2185.NASL", "REDHAT-RHSA-2021-2190.NASL", "REDHAT-RHSA-2021-2355.NASL", "REDHAT-RHSA-2021-2523.NASL", "REDHAT-RHSA-2021-2725.NASL", "REDHAT-RHSA-2021-2726.NASL", "REDHAT-RHSA-2021-3987.NASL", "REDHAT-RHSA-2021-4140.NASL", "REDHAT-RHSA-2021-4356.NASL", "REDHAT-RHSA-2022-5316.NASL", "REDHAT-RHSA-2022-5344.NASL", "SLACKWARE_SSA_2019-030-01.NASL", "SLACKWARE_SSA_2020-295-01.NASL", "SL_20201001_KERNEL_ON_SL7_X.NASL", "SL_20201020_KERNEL_ON_SL7_X.NASL", "SL_20201215_KERNEL_ON_SL7_X.NASL", "SL_20210202_KERNEL_ON_SL7_X.NASL", "SL_20210721_KERNEL_ON_SL7_X.NASL", "SUSE_SU-2019-14218-1.NASL", "SUSE_SU-2019-2412-1.NASL", "SUSE_SU-2019-2414-1.NASL", "SUSE_SU-2019-2424-1.NASL", "SUSE_SU-2019-2648-1.NASL", "SUSE_SU-2019-2738-1.NASL", "SUSE_SU-2019-2949-1.NASL", "SUSE_SU-2019-2950-1.NASL", "SUSE_SU-2019-2984-1.NASL", "SUSE_SU-2019-3200-1.NASL", "SUSE_SU-2020-0093-1.NASL", "SUSE_SU-2020-1118-1.NASL", "SUSE_SU-2020-1119-1.NASL", "SUSE_SU-2020-1123-1.NASL", "SUSE_SU-2020-1141-1.NASL", "SUSE_SU-2020-1142-1.NASL", "SUSE_SU-2020-1146-1.NASL", "SUSE_SU-2020-1255-1.NASL", "SUSE_SU-2020-1275-1.NASL", "SUSE_SU-2020-14442-1.NASL", "SUSE_SU-2020-1587-1.NASL", "SUSE_SU-2020-1596-1.NASL", "SUSE_SU-2020-1597-1.NASL", "SUSE_SU-2020-1599-1.NASL", "SUSE_SU-2020-1602-1.NASL", "SUSE_SU-2020-1603-1.NASL", "SUSE_SU-2020-1605-1.NASL", "SUSE_SU-2020-1663-1.NASL", "SUSE_SU-2020-2105-1.NASL", "SUSE_SU-2020-2106-1.NASL", "SUSE_SU-2020-2107-1.NASL", "SUSE_SU-2020-2119-1.NASL", "SUSE_SU-2020-2121-1.NASL", "SUSE_SU-2020-2122-1.NASL", "SUSE_SU-2020-2134-1.NASL", "SUSE_SU-2020-2152-1.NASL", "SUSE_SU-2020-2486-1.NASL", "SUSE_SU-2020-2487-1.NASL", "SUSE_SU-2020-2491-1.NASL", "SUSE_SU-2020-2492-1.NASL", "SUSE_SU-2020-2497-1.NASL", "SUSE_SU-2020-2498-1.NASL", "SUSE_SU-2020-2540-1.NASL", "SUSE_SU-2020-2574-1.NASL", "SUSE_SU-2020-2575-1.NASL", "SUSE_SU-2020-2576-1.NASL", "SUSE_SU-2020-2577-1.NASL", "SUSE_SU-2020-2578-1.NASL", "SUSE_SU-2020-2582-1.NASL", "SUSE_SU-2020-2610-1.NASL", "SUSE_SU-2020-2623-1.NASL", "SUSE_SU-2020-2631-1.NASL", "SUSE_SU-2020-2879-1.NASL", "SUSE_SU-2020-2904-1.NASL", "SUSE_SU-2020-2905-1.NASL", "SUSE_SU-2020-2907-1.NASL", "SUSE_SU-2020-2972-1.NASL", "SUSE_SU-2020-2980-1.NASL", "SUSE_SU-2020-2981-1.NASL", "SUSE_SU-2020-3014-1.NASL", "SUSE_SU-2020-3122-1.NASL", "SUSE_SU-2020-3219-1.NASL", "SUSE_SU-2020-3225-1.NASL", "SUSE_SU-2020-3230-1.NASL", "SUSE_SU-2020-3272-1.NASL", "SUSE_SU-2020-3281-1.NASL", "SUSE_SU-2020-3326-1.NASL", "SUSE_SU-2020-3433-1.NASL", "SUSE_SU-2020-3501-1.NASL", "SUSE_SU-2020-3503-1.NASL", "SUSE_SU-2020-3513-1.NASL", "SUSE_SU-2020-3522-1.NASL", "SUSE_SU-2020-3532-1.NASL", "SUSE_SU-2020-3544-1.NASL", "SUSE_SU-2020-3648-1.NASL", "SUSE_SU-2020-3656-1.NASL", "SUSE_SU-2020-3715-1.NASL", "SUSE_SU-2020-3717-1.NASL", "SUSE_SU-2020-3718-1.NASL", "SUSE_SU-2020-3748-1.NASL", "SUSE_SU-2020-3764-1.NASL", "SUSE_SU-2020-3798-1.NASL", "SUSE_SU-2021-0095-1.NASL", "SUSE_SU-2021-0098-1.NASL", "SUSE_SU-2021-0108-1.NASL", "SUSE_SU-2021-0117-1.NASL", "SUSE_SU-2021-0118-1.NASL", "SUSE_SU-2021-0133-1.NASL", "SUSE_SU-2021-0353-1.NASL", "SUSE_SU-2021-0354-1.NASL", "SUSE_SU-2021-0408-1.NASL", "SUSE_SU-2021-0427-1.NASL", "SUSE_SU-2021-0434-1.NASL", "SUSE_SU-2021-0437-1.NASL", "SUSE_SU-2021-0438-1.NASL", "SUSE_SU-2021-0452-1.NASL", "SUSE_SU-2021-0835-1.NASL", "SUSE_SU-2021-1074-1.NASL", "SUSE_SU-2021-1175-1.NASL", "SUSE_SU-2021-1210-1.NASL", "SUSE_SU-2021-14630-1.NASL", "SUSE_SU-2021-1573-1.NASL", "SUSE_SU-2021-1596-1.NASL", "SUSE_SU-2021-1617-1.NASL", "SUSE_SU-2021-1623-1.NASL", "SUSE_SU-2021-1624-1.NASL", "SUSE_SU-2021-3929-1.NASL", "SUSE_SU-2021-3935-1.NASL", "UBUNTU_USN-3932-1.NASL", "UBUNTU_USN-3932-2.NASL", "UBUNTU_USN-4115-1.NASL", "UBUNTU_USN-4115-2.NASL", "UBUNTU_USN-4118-1.NASL", "UBUNTU_USN-4387-1.NASL", "UBUNTU_USN-4388-1.NASL", "UBUNTU_USN-4389-1.NASL", "UBUNTU_USN-4390-1.NASL", "UBUNTU_USN-4391-1.NASL", "UBUNTU_USN-4489-1.NASL", "UBUNTU_USN-4525-1.NASL", "UBUNTU_USN-4527-1.NASL", "UBUNTU_USN-4576-1.NASL", "UBUNTU_USN-4578-1.NASL", "UBUNTU_USN-4579-1.NASL", "UBUNTU_USN-4591-1.NASL", "UBUNTU_USN-4592-1.NASL", "UBUNTU_USN-4657-1.NASL", "UBUNTU_USN-4658-1.NASL", "UBUNTU_USN-4659-1.NASL", "UBUNTU_USN-4660-1.NASL", "UBUNTU_USN-4679-1.NASL", "UBUNTU_USN-4680-1.NASL", "UBUNTU_USN-4681-1.NASL", "UBUNTU_USN-4683-1.NASL", "UBUNTU_USN-4748-1.NASL", "UBUNTU_USN-4749-1.NASL", "UBUNTU_USN-4750-1.NASL", "UBUNTU_USN-4751-1.NASL", "UBUNTU_USN-4752-1.NASL", "UBUNTU_USN-4912-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704698", "OPENVAS:1361412562310704699", "OPENVAS:1361412562310843951", "OPENVAS:1361412562310843957", "OPENVAS:1361412562310844156", "OPENVAS:1361412562310844159", "OPENVAS:1361412562310844174", "OPENVAS:1361412562310844461", "OPENVAS:1361412562310844462", "OPENVAS:1361412562310844464", "OPENVAS:1361412562310844465", "OPENVAS:1361412562310844466", "OPENVAS:1361412562310852705", "OPENVAS:1361412562310852855", "OPENVAS:1361412562310853121", "OPENVAS:1361412562310853206", "OPENVAS:1361412562310853260", "OPENVAS:1361412562310875404", "OPENVAS:1361412562310875406", "OPENVAS:1361412562310875407", "OPENVAS:1361412562310875414", "OPENVAS:1361412562310875423", "OPENVAS:1361412562310875438", "OPENVAS:1361412562310875443", "OPENVAS:1361412562310875459", "OPENVAS:1361412562310875476", "OPENVAS:1361412562310875506", "OPENVAS:1361412562310875559", "OPENVAS:1361412562310875566", "OPENVAS:1361412562310875577", "OPENVAS:1361412562310875628", "OPENVAS:1361412562310875629", "OPENVAS:1361412562310875681", "OPENVAS:1361412562310875786", "OPENVAS:1361412562310875801", "OPENVAS:1361412562310875834", "OPENVAS:1361412562310875946", "OPENVAS:1361412562310876049", "OPENVAS:1361412562310876105", "OPENVAS:1361412562310876177", "OPENVAS:1361412562310876322", "OPENVAS:1361412562310876361", "OPENVAS:1361412562310876377", "OPENVAS:1361412562310876423", "OPENVAS:1361412562310876445", "OPENVAS:1361412562310876479", "OPENVAS:1361412562310876510", "OPENVAS:1361412562310876555", "OPENVAS:1361412562310876586", "OPENVAS:1361412562310876621", "OPENVAS:1361412562310876666", "OPENVAS:1361412562310876750", "OPENVAS:1361412562310876869", "OPENVAS:1361412562310876943", "OPENVAS:1361412562310876995", "OPENVAS:1361412562310891731", "OPENVAS:1361412562310891771", "OPENVAS:1361412562310892241", "OPENVAS:1361412562310892242", "OPENVAS:1361412562311220191028", "OPENVAS:1361412562311220191131", "OPENVAS:1361412562311220191234", "OPENVAS:1361412562311220191259", "OPENVAS:1361412562311220191512", "OPENVAS:1361412562311220191519", "OPENVAS:1361412562311220192693", "OPENVAS:1361412562311220201112", "OPENVAS:1361412562311220201186", "OPENVAS:1361412562311220201592", "OPENVAS:1361412562311220201606", "OPENVAS:1361412562311220201674", "OPENVAS:1361412562311220201698"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2021", "ORACLE:CPUOCT2021"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-4596", "ELSA-2019-4600", "ELSA-2019-4612", "ELSA-2020-4060", "ELSA-2020-4276", "ELSA-2020-4286", "ELSA-2020-4431", "ELSA-2020-4685", "ELSA-2020-5023", "ELSA-2020-5437", "ELSA-2020-5473", "ELSA-2020-5845", "ELSA-2020-5866", "ELSA-2020-5879", "ELSA-2020-5881", "ELSA-2020-5884", "ELSA-2020-5885", "ELSA-2020-5912", "ELSA-2020-5913", "ELSA-2020-5914", "ELSA-2020-5923", "ELSA-2020-5924", "ELSA-2020-5926", "ELSA-2020-5995", "ELSA-2020-5996", "ELSA-2021-0003", "ELSA-2021-0336", "ELSA-2021-0558", "ELSA-2021-0856", "ELSA-2021-1578", "ELSA-2021-2725", "ELSA-2021-4356", "ELSA-2021-9001", "ELSA-2021-9002", "ELSA-2021-9005", "ELSA-2021-9006", "ELSA-2021-9007", "ELSA-2021-9008", "ELSA-2021-9030", "ELSA-2021-9035", "ELSA-2021-9037", "ELSA-2021-9038", "ELSA-2021-9039", "ELSA-2021-9043", "ELSA-2021-9052", "ELSA-2021-9079", "ELSA-2021-9085", "ELSA-2021-9086", "ELSA-2021-9212", "ELSA-2021-9346", "ELSA-2021-9442", "ELSA-2021-9459", "ELSA-2022-5316"]}, {"type": "osv", "idList": ["OSV:ASB-A-174737742", "OSV:ASB-A-174904512", "OSV:ASB-A-175451802", "OSV:ASB-A-175451844", "OSV:DLA-1731-1", "OSV:DLA-1771-1", "OSV:DLA-2241-1", "OSV:DLA-2242-1", "OSV:DLA-2385-1", "OSV:DLA-2417-1", "OSV:DLA-2420-1", "OSV:DLA-2483-1", "OSV:DLA-2494-1", "OSV:DLA-2557-1", "OSV:DLA-2586-1", "OSV:DSA-4698-1", "OSV:DSA-4699-1", "OSV:DSA-4774-1", "OSV:DSA-4843-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:160681", "PACKETSTORM:162131"]}, {"type": "photon", "idList": ["PHSA-2019-0026", "PHSA-2019-0128", "PHSA-2019-0175", "PHSA-2019-0212", "PHSA-2019-0250", "PHSA-2019-1.0-0212", "PHSA-2019-3.0-0026", "PHSA-2020-0073", "PHSA-2020-0100", "PHSA-2020-0127", "PHSA-2020-0140", "PHSA-2020-0142", "PHSA-2020-0144", "PHSA-2020-0147", "PHSA-2020-0153", "PHSA-2020-0160", "PHSA-2020-0163", "PHSA-2020-0174", "PHSA-2020-0230", "PHSA-2020-0239", "PHSA-2020-0290", "PHSA-2020-0292", "PHSA-2020-0309", "PHSA-2020-0321", "PHSA-2020-0323", "PHSA-2020-0328", "PHSA-2020-0330", "PHSA-2020-0338", "PHSA-2020-0345", "PHSA-2020-0350", "PHSA-2020-1.0-0309", "PHSA-2020-1.0-0323", "PHSA-2020-1.0-0328", "PHSA-2020-1.0-0330", "PHSA-2020-1.0-0338", "PHSA-2020-1.0-0350", "PHSA-2020-2.0-0282", "PHSA-2020-2.0-0286", "PHSA-2020-2.0-0288", "PHSA-2020-2.0-0295", "PHSA-2020-2.0-0296", "PHSA-2020-3.0-0073", "PHSA-2020-3.0-0100", "PHSA-2020-3.0-0118", "PHSA-2020-3.0-0127", "PHSA-2020-3.0-0140", "PHSA-2020-3.0-0142", "PHSA-2020-3.0-0144", "PHSA-2020-3.0-0147", "PHSA-2020-3.0-0153", "PHSA-2020-3.0-0160", "PHSA-2020-3.0-0163", "PHSA-2020-3.0-0174", "PHSA-2021-0095", "PHSA-2021-0182", "PHSA-2021-0263", "PHSA-2021-0308", "PHSA-2021-2.0-0308", "PHSA-2021-3.0-0182", "PHSA-2021-3.0-0263", "PHSA-2021-4.0-0095"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:C16BBF82FBCDBD2158DDC05C0775BB31"]}, {"type": "redhat", "idList": ["RHSA-2019:2029", "RHSA-2019:2043", "RHSA-2020:2854", "RHSA-2020:4060", "RHSA-2020:4062", "RHSA-2020:4276", "RHSA-2020:4277", "RHSA-2020:4278", "RHSA-2020:4279", "RHSA-2020:4280", "RHSA-2020:4281", "RHSA-2020:4286", "RHSA-2020:4287", "RHSA-2020:4288", "RHSA-2020:4289", "RHSA-2020:4331", "RHSA-2020:4332", "RHSA-2020:4431", "RHSA-2020:4609", "RHSA-2020:4685", "RHSA-2020:4686", "RHSA-2020:4990", "RHSA-2020:4991", "RHSA-2020:5199", "RHSA-2020:5364", "RHSA-2020:5437", "RHSA-2020:5441", "RHSA-2020:5633", "RHSA-2020:5635", "RHSA-2021:0003", "RHSA-2021:0004", "RHSA-2021:0184", "RHSA-2021:0189", "RHSA-2021:0336", "RHSA-2021:0338", "RHSA-2021:0354", "RHSA-2021:0526", "RHSA-2021:0537", "RHSA-2021:0558", "RHSA-2021:0607", "RHSA-2021:0686", "RHSA-2021:0689", "RHSA-2021:0719", "RHSA-2021:0760", "RHSA-2021:0763", "RHSA-2021:0765", "RHSA-2021:0774", "RHSA-2021:0799", "RHSA-2021:0848", "RHSA-2021:0856", "RHSA-2021:0857", "RHSA-2021:0862", "RHSA-2021:0878", "RHSA-2021:0940", "RHSA-2021:1028", "RHSA-2021:1031", "RHSA-2021:1129", "RHSA-2021:1267", "RHSA-2021:1288", "RHSA-2021:1376", "RHSA-2021:1531", "RHSA-2021:1578", "RHSA-2021:1739", "RHSA-2021:2121", "RHSA-2021:2136", "RHSA-2021:2164", "RHSA-2021:2185", "RHSA-2021:2190", "RHSA-2021:2355", "RHSA-2021:2523", "RHSA-2021:2725", "RHSA-2021:2726", "RHSA-2021:3016", "RHSA-2021:3987", "RHSA-2021:4140", "RHSA-2021:4356", "RHSA-2021:4627", "RHSA-2021:5137", "RHSA-2022:5316", "RHSA-2022:5344", "RHSA-2022:5531", "RHSA-2022:5556", "RHSA-2022:5840"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-20934", "RH:CVE-2019-3701", "RH:CVE-2019-9456", "RH:CVE-2019-9458", "RH:CVE-2020-0305", "RH:CVE-2020-0431", "RH:CVE-2020-10773", "RH:CVE-2020-12114", "RH:CVE-2020-12351", "RH:CVE-2020-12352", "RH:CVE-2020-14305", "RH:CVE-2020-14314", "RH:CVE-2020-14351", "RH:CVE-2020-14386", "RH:CVE-2020-15436", "RH:CVE-2020-15437", "RH:CVE-2020-25211", "RH:CVE-2020-25212", "RH:CVE-2020-25284", "RH:CVE-2020-25285", "RH:CVE-2020-25643", "RH:CVE-2020-25645", "RH:CVE-2020-25662", "RH:CVE-2020-28915", "RH:CVE-2020-28974", "RH:CVE-2020-29370", "RH:CVE-2020-29371", "RH:CVE-2020-29660", "RH:CVE-2020-29661"]}, {"type": "rocky", "idList": ["RLSA-2022:5316", "RLSA-2022:5344"]}, {"type": "slackware", "idList": ["SSA-2019-030-01", "SSA-2020-295-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:2173-1", "OPENSUSE-SU-2019:2181-1", "OPENSUSE-SU-2020:0543-1", "OPENSUSE-SU-2020:0801-1", "OPENSUSE-SU-2020:0935-1", "OPENSUSE-SU-2020:1153-1", "OPENSUSE-SU-2020:1236-1", "OPENSUSE-SU-2020:1325-1", "OPENSUSE-SU-2020:1379-1", "OPENSUSE-SU-2020:1382-1", "OPENSUSE-SU-2020:1586-1", "OPENSUSE-SU-2020:1655-1", "OPENSUSE-SU-2020:1682-1", "OPENSUSE-SU-2020:1698-1", "OPENSUSE-SU-2020:1906-1", "OPENSUSE-SU-2020:2034-1", "OPENSUSE-SU-2020:2112-1", "OPENSUSE-SU-2020:2161-1", "OPENSUSE-SU-2020:2193-1", "OPENSUSE-SU-2020:2260-1", "OPENSUSE-SU-2021:0060-1", "OPENSUSE-SU-2021:0075-1", "OPENSUSE-SU-2021:0241-1", "OPENSUSE-SU-2021:0242-1"]}, {"type": "thn", "idList": ["THN:28A0DD53914554D75344C993D91D6B08"]}, {"type": "threatpost", "idList": ["THREATPOST:C408DF21547B7B4327FBAB82B97A4C96", "THREATPOST:CF4E8B0929D149A75E7512A74E569009"]}, {"type": "ubuntu", "idList": ["LSN-0068-1", "LSN-0071-1", "LSN-0072-1", "LSN-0073-1", "LSN-0074-1", "LSN-0082-1", "USN-3932-1", "USN-3932-2", "USN-4115-1", "USN-4115-2", "USN-4118-1", "USN-4387-1", "USN-4388-1", "USN-4389-1", "USN-4390-1", "USN-4391-1", "USN-4392-1", "USN-4489-1", "USN-4525-1", "USN-4527-1", "USN-4576-1", "USN-4578-1", "USN-4579-1", "USN-4591-1", "USN-4592-1", "USN-4657-1", "USN-4658-1", "USN-4658-2", "USN-4659-1", "USN-4659-2", "USN-4660-1", "USN-4660-2", "USN-4679-1", "USN-4680-1", "USN-4681-1", "USN-4683-1", "USN-4748-1", "USN-4749-1", "USN-4750-1", "USN-4751-1", "USN-4752-1", "USN-4912-1", "USN-5130-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-20934", "UB:CVE-2019-3701", "UB:CVE-2019-9456", "UB:CVE-2019-9458", "UB:CVE-2020-0305", "UB:CVE-2020-0431", "UB:CVE-2020-0433", "UB:CVE-2020-10773", "UB:CVE-2020-12114", "UB:CVE-2020-12352", "UB:CVE-2020-14305", "UB:CVE-2020-14314", "UB:CVE-2020-14351", "UB:CVE-2020-14386", "UB:CVE-2020-15436", "UB:CVE-2020-15437", "UB:CVE-2020-25211", "UB:CVE-2020-25212", "UB:CVE-2020-25284", "UB:CVE-2020-25285", "UB:CVE-2020-25643", "UB:CVE-2020-25645", "UB:CVE-2020-25662", "UB:CVE-2020-28915", "UB:CVE-2020-28974", "UB:CVE-2020-29370", "UB:CVE-2020-29371", "UB:CVE-2020-29660", "UB:CVE-2020-29661", "UB:CVE-2021-0448"]}, {"type": "veracode", "idList": ["VERACODE:25427", "VERACODE:26976", "VERACODE:27123", "VERACODE:27240", "VERACODE:27343", "VERACODE:27599", "VERACODE:27608", "VERACODE:27632", "VERACODE:27771", "VERACODE:27802", "VERACODE:27813", "VERACODE:28076", "VERACODE:28080", "VERACODE:28081", "VERACODE:28083", "VERACODE:28085", "VERACODE:28088", "VERACODE:28090", "VERACODE:29416", "VERACODE:30564", "VERACODE:30571", "VERACODE:30573", "VERACODE:30575", "VERACODE:31293", "VERACODE:33108", "VERACODE:36982"]}, {"type": "virtuozzo", "idList": ["VZA-2020-046", "VZA-2020-055", "VZA-2020-056", "VZA-2020-061", "VZA-2020-064", "VZA-2021-006", "VZA-2021-008", "VZA-2021-040"]}, {"type": "zdi", "idList": ["ZDI-20-1372"]}, {"type": "zdt", "idList": ["1337DAY-ID-35569", "1337DAY-ID-36090"]}]}, "score": {"value": 8.9, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:4431", "ALSA-2021:0558"]}, {"type": "amazon", "idList": ["ALAS-2020-1430", "ALAS-2020-1446", "ALAS-2020-1462", "ALAS2-2020-1566"]}, {"type": "androidsecurity", "idList": ["ANDROID:2021-04-01", "ANDROID:2021-05-01", "ANDROID:2021-06-01"]}, {"type": "archlinux", "idList": ["ASA-202010-2", "ASA-202010-4", "ASA-202010-9"]}, {"type": "centos", "idList": ["CESA-2019:2029", "CESA-2020:5437"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:63AC599C6730C4293761CECD360AA195", "CFOUNDRY:A005A5D22D18F966EBF6C011F833E895", "CFOUNDRY:B46933C44EA4E2006B38E3D103AAF55E", "CFOUNDRY:BD71AB043932448695E8B3D20302D582", "CFOUNDRY:C1E34CFCE1CF9390C02BBA0BC55EE894"]}, {"type": "cloudlinux", "idList": ["CLSA-2021:1632261812", "CLSA-2021:1632261839"]}, {"type": "cve", "idList": ["CVE-2019-20934", "CVE-2019-3701", "CVE-2020-12352", "CVE-2020-14305", "CVE-2020-14351", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25645", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29370", "CVE-2020-29371", "CVE-2020-29660", "CVE-2020-29661"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1731-1:D19BD", "DEBIAN:DLA-1731-2:E6E1E", "DEBIAN:DLA-1771-1:3CE68", "DEBIAN:DLA-2483-1:37DA1", "DEBIAN:DLA-2494-1:12C95"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-20934", "DEBIANCVE:CVE-2019-3701", "DEBIANCVE:CVE-2019-9456", "DEBIANCVE:CVE-2019-9458", "DEBIANCVE:CVE-2020-0305", "DEBIANCVE:CVE-2020-0431", "DEBIANCVE:CVE-2020-0433", "DEBIANCVE:CVE-2020-10773", "DEBIANCVE:CVE-2020-12114", "DEBIANCVE:CVE-2020-12352", "DEBIANCVE:CVE-2020-14305", "DEBIANCVE:CVE-2020-14314", "DEBIANCVE:CVE-2020-14351", "DEBIANCVE:CVE-2020-14386", "DEBIANCVE:CVE-2020-15436", "DEBIANCVE:CVE-2020-15437", "DEBIANCVE:CVE-2020-25211", "DEBIANCVE:CVE-2020-25212", "DEBIANCVE:CVE-2020-25284", "DEBIANCVE:CVE-2020-25285", "DEBIANCVE:CVE-2020-25643", "DEBIANCVE:CVE-2020-25645", "DEBIANCVE:CVE-2020-28915", "DEBIANCVE:CVE-2020-28974", "DEBIANCVE:CVE-2020-29370", "DEBIANCVE:CVE-2020-29371", "DEBIANCVE:CVE-2020-29660", "DEBIANCVE:CVE-2020-29661"]}, {"type": "exploitdb", "idList": ["EDB-ID:49754"]}, {"type": "f5", "idList": ["F5:K17957133"]}, {"type": "fedora", "idList": ["FEDORA:041196190421", "FEDORA:04868606351B", "FEDORA:14FCA30C8E50", "FEDORA:1CAC0608E6F2", "FEDORA:1F1BC30987DA", "FEDORA:20DCB60779B2", "FEDORA:22D77604972B", "FEDORA:2836F613193B", "FEDORA:296826040AED", "FEDORA:3266960F0E44", "FEDORA:3C394606D98F", "FEDORA:41B546014626", "FEDORA:4CEF5610D7CA", "FEDORA:4CF35608BFEA", "FEDORA:4D5AD601FDAC", "FEDORA:4F30C30A9F1B", "FEDORA:511986124F82", "FEDORA:511A7608E6E1", "FEDORA:52A7630CF28D", "FEDORA:5956060491DC", "FEDORA:5A4D662AE22C", "FEDORA:5B68260A5858", "FEDORA:690DE6022BA8", "FEDORA:6B66A6047312", "FEDORA:6B6B360567FC", "FEDORA:6B92130C7DAE", "FEDORA:6E67663233DB", "FEDORA:79EAC605FC25", "FEDORA:824E230A6A04", "FEDORA:85FBF6076011", "FEDORA:89C9C6051B3A", "FEDORA:8FD3E60491BA", "FEDORA:95A686085F81", "FEDORA:98E8F6079A11", "FEDORA:9E3D9606D195", "FEDORA:AAA6460491BA", "FEDORA:AFFEA30BBFB5", "FEDORA:B87B460876BA", "FEDORA:BBFE360460D0", "FEDORA:C49D061F375F", "FEDORA:C4D496071279", "FEDORA:C64AE6007F37", "FEDORA:C6AF860C4240", "FEDORA:D2B426045A04", "FEDORA:D90AA30C47EB", "FEDORA:DBB1B659CBE0", "FEDORA:E251030B5E26", "FEDORA:E37FD60924F1", "FEDORA:E88866014636", "FEDORA:E93AE6077DCD", "FEDORA:EF6BA6045A0C", "FEDORA:F417F60477C5"]}, {"type": "githubexploit", "idList": ["A10132DA-F650-5163-A3F9-DBE973D0187D"]}, {"type": "ibm", "idList": ["36F5A24A0FE05876D471A20F32BE0669E453AF841B04CDD94792F8F80EF7F4D4", "4A13A3496FCF6B846B2A1DE1CDC0810F64A5ABAB123B9000E74EC8183260175D", "8ABFA4E5F7F7D16B993F612C3D1D02C01C8CE6AE7447E041543F609DBD7909DE", "8B24753FF8758BF51E7C6001AC39E0EF90B14323A9756CCEF8AC68E99EF03367", "93800CB903FCF930D2442012C501177682436E51AEBEA85D7632953A9A31B533", "B208854B100603393ABFE63FA8975A55F6379CCD86BE9A76E5EA76BC92BEB365", "B98F811575D2E16065FC8E4C211A8B74BBF4DCEBB02BCE8974D057BDB7A7A3B4", "D93D4935148F7F3B13EA6EFB252FC805F8785D44154C48C5441B79CADDEC8988", "F0AFFAB5446BEF6A6B346CA7237A1583252E55B1EA002352E7DFDFFB5796363C"]}, {"type": "kitploit", "idList": ["KITPLOIT:8656177976839178440"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/CENTOS_LINUX-CVE-2020-25645/", "MSF:ILITIES/ORACLE_LINUX-CVE-2020-10742/", "MSF:ILITIES/UBUNTU-CVE-2020-28588/"]}, {"type": "nessus", "idList": ["AL2_ALAS-2020-1566.NASL", "ALA_ALAS-2020-1446.NASL", "ALA_ALAS-2020-1462.NASL", "CENTOS8_RHSA-2021-1578.NASL", "CENTOS_RHSA-2020-5437.NASL", "DEBIAN_DLA-2483.NASL", "DEBIAN_DLA-2494.NASL", "EULEROS_SA-2019-1028.NASL", "EULEROS_SA-2020-2514.NASL", "EULEROS_SA-2020-2549.NASL", "EULEROS_SA-2021-1009.NASL", "EULEROS_SA-2021-1028.NASL", "EULEROS_SA-2021-1751.NASL", "FEDORA_2019-337484D88B.NASL", "FEDORA_2019-B0F7A7B74B.NASL", "FEDORA_2020-B732958765.NASL", "FEDORA_2020-BC0CC81A7A.NASL", "NEWSTART_CGSL_NS-SA-2020-0041_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2020-0108_KERNEL.NASL", "OPENSUSE-2020-1655.NASL", "OPENSUSE-2020-1901.NASL", "OPENSUSE-2020-1906.NASL", "OPENSUSE-2020-2034.NASL", "OPENSUSE-2020-2112.NASL", "OPENSUSE-2020-2161.NASL", "OPENSUSE-2020-2193.NASL", "OPENSUSE-2020-2260.NASL", "ORACLELINUX_ELSA-2020-5437.NASL", "ORACLELINUX_ELSA-2020-5884.NASL", "ORACLELINUX_ELSA-2020-5885.NASL", "ORACLELINUX_ELSA-2020-5995.NASL", "ORACLELINUX_ELSA-2020-5996.NASL", "ORACLELINUX_ELSA-2021-0003.NASL", "ORACLELINUX_ELSA-2021-1578.NASL", "ORACLELINUX_ELSA-2021-9037.NASL", "ORACLELINUX_ELSA-2021-9038.NASL", "ORACLELINUX_ELSA-2021-9212.NASL", "ORACLELINUX_ELSA-2021-9459.NASL", "ORACLEVM_OVMSA-2020-0044.NASL", "ORACLEVM_OVMSA-2021-0031.NASL", "PHOTONOS_PHSA-2020-1_0-0330_LINUX.NASL", "PHOTONOS_PHSA-2020-1_0-0338_LINUX.NASL", "PHOTONOS_PHSA-2020-1_0-0350_LINUX.NASL", "PHOTONOS_PHSA-2020-2_0-0288_LINUX.NASL", "PHOTONOS_PHSA-2020-2_0-0295_LINUX.NASL", "PHOTONOS_PHSA-2020-3_0-0163_LINUX.NASL", "REDHAT-RHSA-2020-2854.NASL", "REDHAT-RHSA-2020-5199.NASL", "REDHAT-RHSA-2020-5437.NASL", "REDHAT-RHSA-2020-5441.NASL", "REDHAT-RHSA-2021-0003.NASL", "REDHAT-RHSA-2021-0004.NASL", "REDHAT-RHSA-2021-1028.NASL", "REDHAT-RHSA-2021-1031.NASL", "REDHAT-RHSA-2021-1267.NASL", "REDHAT-RHSA-2021-1376.NASL", "REDHAT-RHSA-2021-1578.NASL", "REDHAT-RHSA-2021-1739.NASL", "REDHAT-RHSA-2021-2164.NASL", "REDHAT-RHSA-2021-2185.NASL", "REDHAT-RHSA-2021-2190.NASL", "SLACKWARE_SSA_2019-030-01.NASL", "SL_20201215_KERNEL_ON_SL7_X.NASL", "SUSE_SU-2020-2610-1.NASL", "SUSE_SU-2020-2623-1.NASL", "SUSE_SU-2020-2631-1.NASL", "SUSE_SU-2020-2879-1.NASL", "SUSE_SU-2020-2904-1.NASL", "SUSE_SU-2020-2905-1.NASL", "SUSE_SU-2020-2907-1.NASL", "SUSE_SU-2020-2972-1.NASL", "SUSE_SU-2020-2980-1.NASL", "SUSE_SU-2020-2981-1.NASL", "SUSE_SU-2020-3014-1.NASL", "SUSE_SU-2020-3122-1.NASL", "SUSE_SU-2020-3219-1.NASL", "SUSE_SU-2020-3225-1.NASL", "SUSE_SU-2020-3230-1.NASL", "SUSE_SU-2020-3272-1.NASL", "SUSE_SU-2020-3281-1.NASL", "SUSE_SU-2020-3326-1.NASL", "SUSE_SU-2020-3433-1.NASL", "SUSE_SU-2020-3501-1.NASL", "SUSE_SU-2020-3503-1.NASL", "SUSE_SU-2020-3513-1.NASL", "SUSE_SU-2020-3522-1.NASL", "SUSE_SU-2020-3532-1.NASL", "SUSE_SU-2020-3544-1.NASL", "SUSE_SU-2020-3648-1.NASL", "SUSE_SU-2020-3656-1.NASL", "SUSE_SU-2020-3715-1.NASL", "SUSE_SU-2020-3717-1.NASL", "SUSE_SU-2020-3718-1.NASL", "SUSE_SU-2020-3748-1.NASL", "SUSE_SU-2020-3764-1.NASL", "SUSE_SU-2020-3798-1.NASL", "SUSE_SU-2021-1074-1.NASL", "SUSE_SU-2021-1175-1.NASL", "SUSE_SU-2021-1210-1.NASL", "SUSE_SU-2021-1617-1.NASL", "SUSE_SU-2021-1623-1.NASL", "SUSE_SU-2021-1624-1.NASL", "SUSE_SU-2021-3929-1.NASL", "SUSE_SU-2021-3935-1.NASL", "UBUNTU_USN-4576-1.NASL", "UBUNTU_USN-4578-1.NASL", "UBUNTU_USN-4579-1.NASL", "UBUNTU_USN-4657-1.NASL", "UBUNTU_USN-4658-1.NASL", "UBUNTU_USN-4659-1.NASL", "UBUNTU_USN-4660-1.NASL", "UBUNTU_USN-4912-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843951", "OPENVAS:1361412562310843957", "OPENVAS:1361412562310844174", "OPENVAS:1361412562310852705", "OPENVAS:1361412562310853206", "OPENVAS:1361412562310875404", "OPENVAS:1361412562310875406", "OPENVAS:1361412562310875407", "OPENVAS:1361412562310875414", "OPENVAS:1361412562310875423", "OPENVAS:1361412562310875438", "OPENVAS:1361412562310875443", "OPENVAS:1361412562310875459", "OPENVAS:1361412562310875476", "OPENVAS:1361412562310875506", "OPENVAS:1361412562310875559", "OPENVAS:1361412562310875566", "OPENVAS:1361412562310875577", "OPENVAS:1361412562310875628", "OPENVAS:1361412562310875629", "OPENVAS:1361412562310875681", "OPENVAS:1361412562310875786", "OPENVAS:1361412562310875801", "OPENVAS:1361412562310875834", "OPENVAS:1361412562310875946", "OPENVAS:1361412562310876049", "OPENVAS:1361412562310876105", "OPENVAS:1361412562310876177", "OPENVAS:1361412562310876322", "OPENVAS:1361412562310876361", "OPENVAS:1361412562310876377", "OPENVAS:1361412562310876869", "OPENVAS:1361412562310891731", "OPENVAS:1361412562310891771"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-4596", "ELSA-2019-4600", "ELSA-2019-4612", "ELSA-2020-5437", "ELSA-2020-5473", "ELSA-2020-5885", "ELSA-2020-5995", "ELSA-2021-0003", "ELSA-2021-1578", "ELSA-2021-9212", "ELSA-2021-9442", "ELSA-2021-9459"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:160681", "PACKETSTORM:162131"]}, {"type": "photon", "idList": ["PHSA-2019-0212", "PHSA-2019-1.0-0212", "PHSA-2020-1.0-0309", "PHSA-2020-1.0-0323", "PHSA-2020-1.0-0328", "PHSA-2020-1.0-0338", "PHSA-2020-1.0-0350", "PHSA-2020-2.0-0282", "PHSA-2020-2.0-0286", "PHSA-2020-2.0-0295", "PHSA-2020-2.0-0296", "PHSA-2020-3.0-0127", "PHSA-2020-3.0-0140", "PHSA-2020-3.0-0142", "PHSA-2020-3.0-0144", "PHSA-2020-3.0-0153", "PHSA-2020-3.0-0160", "PHSA-2020-3.0-0163", "PHSA-2020-3.0-0174", "PHSA-2021-2.0-0308", "PHSA-2021-3.0-0182"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:C16BBF82FBCDBD2158DDC05C0775BB31"]}, {"type": "redhat", "idList": ["RHSA-2020:5437", "RHSA-2021:0003", "RHSA-2021:0004", "RHSA-2021:0686"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-0431", "RH:CVE-2020-12351", "RH:CVE-2020-12352", "RH:CVE-2020-14351", "RH:CVE-2020-25284", "RH:CVE-2020-25643", "RH:CVE-2020-25662", "RH:CVE-2020-28915", "RH:CVE-2020-28974", "RH:CVE-2020-29660", "RH:CVE-2020-29661"]}, {"type": "slackware", "idList": ["SSA-2019-030-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:2173-1", "OPENSUSE-SU-2019:2181-1"]}, {"type": "thn", "idList": ["THN:28A0DD53914554D75344C993D91D6B08"]}, {"type": "threatpost", "idList": ["THREATPOST:CF4E8B0929D149A75E7512A74E569009"]}, {"type": "ubuntu", "idList": ["USN-3932-1", "USN-3932-2", "USN-4115-2", "USN-4576-1", "USN-4578-1", "USN-4579-1", "USN-4657-1", "USN-4658-1", "USN-4658-2", "USN-4659-1", "USN-4659-2", "USN-4660-1", "USN-4660-2", "USN-4679-1", "USN-4680-1", "USN-4681-1", "USN-4683-1", "USN-4912-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-20934", "UB:CVE-2019-9456", "UB:CVE-2019-9458", "UB:CVE-2020-0305", "UB:CVE-2020-0431", "UB:CVE-2020-0433", "UB:CVE-2020-10773", "UB:CVE-2020-12114", "UB:CVE-2020-12352", "UB:CVE-2020-14305", "UB:CVE-2020-14314", "UB:CVE-2020-14351", "UB:CVE-2020-14386", "UB:CVE-2020-15436", "UB:CVE-2020-15437", "UB:CVE-2020-25211", "UB:CVE-2020-25212", "UB:CVE-2020-25284", "UB:CVE-2020-25285", "UB:CVE-2020-25643", "UB:CVE-2020-25645", "UB:CVE-2020-28915", "UB:CVE-2020-28974", "UB:CVE-2020-29370", "UB:CVE-2020-29371", "UB:CVE-2020-29660"]}, {"type": "virtuozzo", "idList": ["VZA-2020-046"]}, {"type": "zdi", "idList": ["ZDI-20-1372"]}, {"type": "zdt", "idList": ["1337DAY-ID-35569", "1337DAY-ID-36090"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2019-20934", "epss": 0.00044, "percentile": 0.10248, "modified": "2023-05-07"}, {"cve": "CVE-2019-3701", "epss": 0.00074, "percentile": 0.30171, "modified": "2023-05-07"}, {"cve": "CVE-2019-9456", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2019-9458", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2020-0305", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2020-0431", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2020-0433", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2020-10773", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2020-12114", "epss": 0.00044, "percentile": 0.0825, "modified": "2023-05-07"}, {"cve": "CVE-2020-12352", "epss": 0.00154, "percentile": 0.50249, "modified": "2023-05-07"}, {"cve": "CVE-2020-14305", "epss": 0.02071, "percentile": 0.87363, "modified": "2023-05-07"}, {"cve": "CVE-2020-14314", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2020-14351", "epss": 0.00092, "percentile": 0.37989, "modified": "2023-05-07"}, {"cve": "CVE-2020-14386", "epss": 0.00045, "percentile": 0.121, "modified": "2023-05-07"}, {"cve": "CVE-2020-15436", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2020-15437", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2020-25211", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2020-25212", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2020-25284", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2020-25285", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2020-25643", "epss": 0.00129, "percentile": 0.46241, "modified": "2023-05-07"}, {"cve": "CVE-2020-25645", "epss": 0.00429, "percentile": 0.70687, "modified": "2023-05-07"}, {"cve": "CVE-2020-28915", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2020-28974", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2020-29370", "epss": 0.0008, "percentile": 0.32762, "modified": "2023-05-07"}, {"cve": "CVE-2020-29371", "epss": 0.00062, "percentile": 0.24438, "modified": "2023-05-07"}, {"cve": "CVE-2020-29660", "epss": 0.00064, "percentile": 0.25984, "modified": "2023-05-07"}, {"cve": "CVE-2020-29661", "epss": 0.00046, "percentile": 0.12753, "modified": "2023-05-07"}], "vulnersScore": 8.9}, "_state": {"dependencies": 1685296624, "score": 1685283403, "epss": 0}, "_internal": {"score_hash": "529bf686b880db86993b070702e43d0c"}, "pluginID": "145201", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145201);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/22\");\n\n script_cve_id(\n \"CVE-2019-20934\",\n \"CVE-2019-3701\",\n \"CVE-2019-9456\",\n \"CVE-2019-9458\",\n \"CVE-2020-0305\",\n \"CVE-2020-0431\",\n \"CVE-2020-0433\",\n \"CVE-2020-10773\",\n \"CVE-2020-12114\",\n \"CVE-2020-12352\",\n \"CVE-2020-14305\",\n \"CVE-2020-14314\",\n \"CVE-2020-14351\",\n \"CVE-2020-14386\",\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25211\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\",\n \"CVE-2020-25643\",\n \"CVE-2020-25645\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\",\n \"CVE-2020-29370\",\n \"CVE-2020-29371\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : kernel (EulerOS-SA-2021-1079)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A stack information leak flaw was found in s390/s390x\n in the Linux kernel's memory manager functionality,\n where it incorrectly writes to the\n /proc/sys/vm/cmm_timeout file. This flaw allows a local\n user to see the kernel data.(CVE-2020-10773)\n\n - In the Android kernel in the video driver there is a\n use after free due to a race condition. This could lead\n to local escalation of privilege with no additional\n execution privileges needed. User interaction is not\n needed for exploitation.(CVE-2019-9458)\n\n - An issue was discovered in the Linux kernel before\n 5.2.6. On NUMA systems, the Linux fair scheduler has a\n use-after-free in show_numa_stats() because NUMA fault\n statistics are inappropriately freed, aka\n CID-16d51a590a8c.(CVE-2019-20934)\n\n - A locking inconsistency issue was discovered in the tty\n subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may\n allow a read-after-free attack against TIOCGSID, aka\n CID-c8bcd9c5be24.(CVE-2020-29660)\n\n - An out-of-bounds memory write flaw was found in how the\n Linux kernel's Voice Over IP H.323 connection tracking\n functionality handled connections on ipv6 port 1720.\n This flaw allows an unauthenticated remote user to\n crash the system, causing a denial of service. The\n highest threat from this vulnerability is to\n confidentiality, integrity, as well as system\n availability.(CVE-2020-14305)\n\n - A locking issue was discovered in the tty subsystem of\n the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free\n attack against TIOCSPGRP, aka\n CID-54ffccbf053b.(CVE-2020-29661)\n\n - An issue was discovered in romfs_dev_read in\n fs/romfs/storage.c in the Linux kernel before 5.8.4.\n Uninitialized memory leaks to userspace, aka\n CID-bcf85fcedfdd.(CVE-2020-29371)\n\n - Use-after-free vulnerability in fs/block_dev.c in the\n Linux kernel before 5.8 allows local users to gain\n privileges or cause a denial of service by leveraging\n improper access to a certain error\n field.(CVE-2020-15436)\n\n - The Linux kernel before version 5.8 is vulnerable to a\n NULL pointer dereference in\n drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of\n service by using the p->serial_in pointer which\n uninitialized.(CVE-2020-15437)\n\n - An issue was discovered in kmem_cache_alloc_bulk in\n mm/slub.c in the Linux kernel before 5.5.11. The\n slowpath lacks the required TID increment, aka\n CID-fd4d9c7d0c71.(CVE-2020-29370)\n\n - A flaw was found in the Linux kernel. A use-after-free\n memory flaw was found in the perf subsystem allowing a\n local attacker with permission to monitor perf events\n to corrupt memory and possibly escalate privileges. The\n highest threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability.(CVE-2020-14351)\n\n - A buffer over-read (at the framebuffer layer) in the\n fbcon code in the Linux kernel before 5.8.15 could be\n used by local attackers to read kernel memory, aka\n CID-6735b4632def.(CVE-2020-28915)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel\n before 5.9.7 could be used by local attackers to read\n privileged information or potentially crash the kernel,\n aka CID-3c4e0dff2095. This occurs because\n KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for\n manipulations such as font height.(CVE-2020-28974)\n\n - Improper access control in BlueZ may allow an\n unauthenticated user to potentially enable information\n disclosure via adjacent access.(CVE-2020-12352)\n\n - In cdev_get of char_dev.c, there is a possible\n use-after-free due to a race condition. This could lead\n to local escalation of privilege with System execution\n privileges needed. User interaction is not needed for\n exploitation.Product: AndroidVersions:\n Android-10Android ID: A-153467744(CVE-2020-0305)\n\n - A flaw was found in the HDLC_PPP module of the Linux\n kernel in versions before 5.9-rc7. Memory corruption\n and a read overflow is caused by improper input\n validation in the ppp_cp_parse_cr function which can\n cause the system to crash or cause a denial of service.\n The highest threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability.(CVE-2020-25643)\n\n - An issue was discovered in can_can_gw_rcv in\n net/can/gw.c in the Linux kernel through 4.19.13. The\n CAN frame modification rules allow bitwise logical\n operations that can be also applied to the can_dlc\n field. The privileged user 'root' with CAP_NET_ADMIN\n can create a CAN frame modification rule that makes the\n data length code a higher value than the available CAN\n frame data size. In combination with a configured\n checksum calculation where the result is stored\n relatively to the end of the data (e.g.\n cgw_csum_xor_rel) the tail of the skb (e.g. frag_list\n pointer in skb_shared_info) can be rewritten which\n finally can cause a system crash. Because of a missing\n check, the CAN drivers may write arbitrary content\n beyond the data registers in the CAN controller's I/O\n memory when processing can-gw manipulated outgoing\n frames.(CVE-2019-3701)\n\n - In the Android kernel in Pixel C USB monitor driver\n there is a possible OOB write due to a missing bounds\n check. This could lead to local escalation of privilege\n with System execution privileges needed. User\n interaction is not needed for\n exploitation.(CVE-2019-9456)\n\n - A pivot_root race condition in fs/ namespace.c in the\n Linux kernel 4.4.x before 4.4.221, 4.9.x before\n 4.9.221, 4.14.x before 4.14.178, 4.19.x before\n 4.19.119, and 5.x before 5.3 allows local users to\n cause a denial of service (panic) by corrupting a\n mountpoint reference counter.(CVE-2020-12114)\n\n - A flaw was found in the Linux kernel in versions before\n 5.9-rc7. Traffic between two Geneve endpoints may be\n unencrypted when IPsec is configured to encrypt traffic\n for the specific UDP port used by the GENEVE tunnel\n allowing anyone between the two endpoints to read the\n traffic unencrypted. The main threat from this\n vulnerability is to data\n confidentiality.(CVE-2020-25645)\n\n - In kbd_keycode of keyboard.c, there is a possible out\n of bounds write due to a missing bounds check. This\n could lead to local escalation of privilege with no\n additional execution privileges needed. User\n interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-144161459(CVE-2020-0431)\n\n - In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is\n a possible use after free due to improper locking. This\n could lead to local escalation of privilege with no\n additional execution privileges needed. User\n interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-151939299(CVE-2020-0433)\n\n - In the Linux kernel through 5.8.7, local attackers able\n to inject conntrack netlink configuration could\n overflow a local buffer, causing crashes or triggering\n use of incorrect protocol numbers in\n ctnetlink_parse_tuple_filter in net/ netfilter/\n nf_conntrack_netlink.c, aka\n CID-1cc5ef91d2ff.(CVE-2020-25211)\n\n - A memory out-of-bounds read flaw was found in the Linux\n kernel before 5.9-rc2 with the ext3/ext4 file system,\n in the way it accesses a directory with broken\n indexing. This flaw allows a local user to crash the\n system if the directory exists. The highest threat from\n this vulnerability is to system\n availability.(CVE-2020-14314)\n\n - A TOCTOU mismatch in the NFS client code in the Linux\n kernel before 5.8.3 could be used by local attackers to\n corrupt memory or possibly have unspecified other\n impact because a size check is in fs/ nfs/ nfs4proc.c\n instead of fs/ nfs/ nfs4xdr.c, aka\n CID-b4487b935452.(CVE-2020-25212)\n\n - The rbd block device driver in drivers/block/rbd.c in\n the Linux kernel through 5.8.9 used incomplete\n permission checking for access to rbd devices, which\n could be leveraged by local attackers to map or unmap\n rbd block devices, aka\n CID-f44d04e696fe.(CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in\n mm/hugetlb.c in the Linux kernel before 5.8.8 could be\n used by local attackers to corrupt memory, cause a NULL\n pointer dereference, or possibly have unspecified other\n impact, aka CID-17743798d812.(CVE-2020-25285)\n\n - A flaw was found in the Linux kernel before 5.9-rc4.\n Memory corruption can be exploited to gain root\n privileges from unprivileged processes. The highest\n threat from this vulnerability is to data\n confidentiality and integrity.(CVE-2020-14386)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1079\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?83f9eb52\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-514.44.5.10.h296\",\n \"kernel-debuginfo-3.10.0-514.44.5.10.h296\",\n \"kernel-debuginfo-common-x86_64-3.10.0-514.44.5.10.h296\",\n \"kernel-devel-3.10.0-514.44.5.10.h296\",\n \"kernel-headers-3.10.0-514.44.5.10.h296\",\n \"kernel-tools-3.10.0-514.44.5.10.h296\",\n \"kernel-tools-libs-3.10.0-514.44.5.10.h296\",\n \"perf-3.10.0-514.44.5.10.h296\",\n \"python-perf-3.10.0-514.44.5.10.h296\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "naslFamily": "Huawei Local Security Checks", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "solution": "Update the affected kernel packages.", "nessusSeverity": "High", "cvssScoreSource": "", "vendor_cvss2": {"score": 8.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C"}, "vendor_cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "Medium", "score": "6.7"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2021-01-18T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": []}

{"nessus": [{"lastseen": "2023-05-18T15:25:07", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.(CVE-2020-36158)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.(CVE-2020-25656)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14351)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.(CVE-2020-27777)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.(CVE-2020-29661)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.(CVE-2020-29660)\n\n - An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.(CVE-2019-20934)\n\n - A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation.(CVE-2020-27786)\n\n - An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4.\n Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.(CVE-2020-29371)\n\n - In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.(CVE-2019-9456)\n\n - A stack information leak flaw was found in s390/s390x in the Linux kernel's memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data.(CVE-2020-10773)\n\n - A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter.(CVE-2020-12114)\n\n - An out-of-bounds memory write flaw was found in how the Linux kernel's Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720.\n This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-14305)\n\n - Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.(CVE-2020-15436)\n\n - The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.(CVE-2020-15437)\n\n - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.(CVE-2020-28915)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.(CVE-2020-28974)\n\n - In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:\n Android-10Android ID: A-153467744(CVE-2020-0305)\n\n - Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.(CVE-2020-12352)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-02-22T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : kernel (EulerOS-SA-2021-1311)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-20934", "CVE-2019-9456", "CVE-2020-0305", "CVE-2020-10773", "CVE-2020-12114", "CVE-2020-12352", "CVE-2020-14305", "CVE-2020-14351", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25656", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29371", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158"], "modified": "2021-02-24T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debug", "p-cpe:/a:huawei:euleros:kernel-debug-devel", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1311.NASL", "href": "https://www.tenable.com/plugins/nessus/146701", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146701);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/24\");\n\n script_cve_id(\n \"CVE-2019-20934\",\n \"CVE-2019-9456\",\n \"CVE-2020-0305\",\n \"CVE-2020-10773\",\n \"CVE-2020-12114\",\n \"CVE-2020-12352\",\n \"CVE-2020-14305\",\n \"CVE-2020-14351\",\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25656\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\",\n \"CVE-2020-29371\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : kernel (EulerOS-SA-2021-1311)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - mwifiex_cmd_802_11_ad_hoc_start in\n drivers/net/wireless/marvell/mwifiex/join.c in the\n Linux kernel through 5.10.4 might allow remote\n attackers to execute arbitrary code via a long SSID\n value, aka CID-5c455c5ab332.(CVE-2020-36158)\n\n - A flaw was found in the Linux kernel. A use-after-free\n was found in the way the console subsystem was using\n ioctls KDGKBSENT and KDSKBSENT. A local user could use\n this flaw to get read memory access out of bounds. The\n highest threat from this vulnerability is to data\n confidentiality.(CVE-2020-25656)\n\n - A flaw was found in the Linux kernel. A use-after-free\n memory flaw was found in the perf subsystem allowing a\n local attacker with permission to monitor perf events\n to corrupt memory and possibly escalate privileges. The\n highest threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability.(CVE-2020-14351)\n\n - A flaw was found in the way RTAS handled memory\n accesses in userspace to kernel communication. On a\n locked down (usually due to Secure Boot) guest system\n running on top of PowerVM or KVM hypervisors (pseries\n platform) a root like local user could use this flaw to\n further increase their privileges to that of a running\n kernel.(CVE-2020-27777)\n\n - A locking issue was discovered in the tty subsystem of\n the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free\n attack against TIOCSPGRP, aka\n CID-54ffccbf053b.(CVE-2020-29661)\n\n - A locking inconsistency issue was discovered in the tty\n subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may\n allow a read-after-free attack against TIOCGSID, aka\n CID-c8bcd9c5be24.(CVE-2020-29660)\n\n - An issue was discovered in the Linux kernel before\n 5.2.6. On NUMA systems, the Linux fair scheduler has a\n use-after-free in show_numa_stats() because NUMA fault\n statistics are inappropriately freed, aka\n CID-16d51a590a8c.(CVE-2019-20934)\n\n - A flaw was found in the Linux kernels implementation of\n MIDI, where an attacker with a local account and the\n permissions to issue an ioctl commands to midi devices,\n could trigger a use-after-free. A write to this\n specific memory while freed and before use could cause\n the flow of execution to change and possibly allow for\n memory corruption or privilege\n escalation.(CVE-2020-27786)\n\n - An issue was discovered in romfs_dev_read in\n fs/romfs/storage.c in the Linux kernel before 5.8.4.\n Uninitialized memory leaks to userspace, aka\n CID-bcf85fcedfdd.(CVE-2020-29371)\n\n - In the Android kernel in Pixel C USB monitor driver\n there is a possible OOB write due to a missing bounds\n check. This could lead to local escalation of privilege\n with System execution privileges needed. User\n interaction is not needed for\n exploitation.(CVE-2019-9456)\n\n - A stack information leak flaw was found in s390/s390x\n in the Linux kernel's memory manager functionality,\n where it incorrectly writes to the\n /proc/sys/vm/cmm_timeout file. This flaw allows a local\n user to see the kernel data.(CVE-2020-10773)\n\n - A pivot_root race condition in fs/namespace.c in the\n Linux kernel 4.4.x before 4.4.221, 4.9.x before\n 4.9.221, 4.14.x before 4.14.178, 4.19.x before\n 4.19.119, and 5.x before 5.3 allows local users to\n cause a denial of service (panic) by corrupting a\n mountpoint reference counter.(CVE-2020-12114)\n\n - An out-of-bounds memory write flaw was found in how the\n Linux kernel's Voice Over IP H.323 connection tracking\n functionality handled connections on ipv6 port 1720.\n This flaw allows an unauthenticated remote user to\n crash the system, causing a denial of service. The\n highest threat from this vulnerability is to\n confidentiality, integrity, as well as system\n availability.(CVE-2020-14305)\n\n - Use-after-free vulnerability in fs/block_dev.c in the\n Linux kernel before 5.8 allows local users to gain\n privileges or cause a denial of service by leveraging\n improper access to a certain error\n field.(CVE-2020-15436)\n\n - The Linux kernel before version 5.8 is vulnerable to a\n NULL pointer dereference in\n drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of\n service by using the p->serial_in pointer which\n uninitialized.(CVE-2020-15437)\n\n - A buffer over-read (at the framebuffer layer) in the\n fbcon code in the Linux kernel before 5.8.15 could be\n used by local attackers to read kernel memory, aka\n CID-6735b4632def.(CVE-2020-28915)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel\n before 5.9.7 could be used by local attackers to read\n privileged information or potentially crash the kernel,\n aka CID-3c4e0dff2095. This occurs because\n KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for\n manipulations such as font height.(CVE-2020-28974)\n\n - In cdev_get of char_dev.c, there is a possible\n use-after-free due to a race condition. This could lead\n to local escalation of privilege with System execution\n privileges needed. User interaction is not needed for\n exploitation.Product: AndroidVersions:\n Android-10Android ID: A-153467744(CVE-2020-0305)\n\n - Improper access control in BlueZ may allow an\n unauthenticated user to potentially enable information\n disclosure via adjacent access.(CVE-2020-12352)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1311\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a5285fd5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-327.62.59.83.h255\",\n \"kernel-debug-3.10.0-327.62.59.83.h255\",\n \"kernel-debug-devel-3.10.0-327.62.59.83.h255\",\n \"kernel-debuginfo-3.10.0-327.62.59.83.h255\",\n \"kernel-debuginfo-common-x86_64-3.10.0-327.62.59.83.h255\",\n \"kernel-devel-3.10.0-327.62.59.83.h255\",\n \"kernel-headers-3.10.0-327.62.59.83.h255\",\n \"kernel-tools-3.10.0-327.62.59.83.h255\",\n \"kernel-tools-libs-3.10.0-327.62.59.83.h255\",\n \"perf-3.10.0-327.62.59.83.h255\",\n \"python-perf-3.10.0-327.62.59.83.h255\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:03", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4660-1 advisory.\n\n - IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.\n (CVE-2020-4788)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of- bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2020-14390)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. (CVE-2020-25285)\n\n - A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability. (CVE-2020-25641)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. (CVE-2020-28915)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-03T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4660-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14351", "CVE-2020-14390", "CVE-2020-25211", "CVE-2020-25284", "CVE-2020-25285", "CVE-2020-25641", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-28915", "CVE-2020-4788"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1059-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1074-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1074-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1079-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1088-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1088-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1091-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1100-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1103-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-126-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-126-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-126-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-4.15", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04-edge"], "id": "UBUNTU_USN-4660-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143445", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4660-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143445);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2020-4788\",\n \"CVE-2020-14351\",\n \"CVE-2020-14390\",\n \"CVE-2020-25211\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\",\n \"CVE-2020-25641\",\n \"CVE-2020-25643\",\n \"CVE-2020-25645\",\n \"CVE-2020-28915\"\n );\n script_xref(name:\"USN\", value:\"4660-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4660-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-4660-1 advisory.\n\n - IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive\n information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.\n (CVE-2020-4788)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of-\n bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of\n the flaw, privilege escalation cannot be fully ruled out. (CVE-2020-14390)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could\n overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in\n ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete\n permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap\n rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be\n used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified\n other impact, aka CID-17743798d812. (CVE-2020-25285)\n\n - A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length\n biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a\n denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block\n device, resulting in a denial of service. The highest threat from this vulnerability is to system\n availability. (CVE-2020-25641)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption\n and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause\n the system to crash or cause a denial of service. The highest threat from this vulnerability is to data\n confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may\n be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE\n tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from\n this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be\n used by local attackers to read kernel memory, aka CID-6735b4632def. (CVE-2020-28915)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4660-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14351\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1059-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1074-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1074-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1079-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1088-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1088-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1091-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1100-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1103-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-126-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-126-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-126-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-4.15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04-edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-4788', 'CVE-2020-14351', 'CVE-2020-14390', 'CVE-2020-25211', 'CVE-2020-25284', 'CVE-2020-25285', 'CVE-2020-25641', 'CVE-2020-25643', 'CVE-2020-25645', 'CVE-2020-28915');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4660-1');\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-1059-oracle', 'pkgver': '4.15.0-1059.65~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-1088-aws', 'pkgver': '4.15.0-1088.93~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-1088-gcp', 'pkgver': '4.15.0-1088.101~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-1100-azure', 'pkgver': '4.15.0-1100.111~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-126-generic', 'pkgver': '4.15.0-126.129~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-126-generic-lpae', 'pkgver': '4.15.0-126.129~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-126-lowlatency', 'pkgver': '4.15.0-126.129~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-aws-hwe', 'pkgver': '4.15.0.1088.82'},\n {'osver': '16.04', 'pkgname': 'linux-image-azure', 'pkgver': '4.15.0.1100.93'},\n {'osver': '16.04', 'pkgname': 'linux-image-azure-edge', 'pkgver': '4.15.0.1100.93'},\n {'osver': '16.04', 'pkgname': 'linux-image-gcp', 'pkgver': '4.15.0.1088.89'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-hwe-16.04', 'pkgver': '4.15.0.126.125'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-hwe-16.04-edge', 'pkgver': '4.15.0.126.125'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lpae-hwe-16.04', 'pkgver': '4.15.0.126.125'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lpae-hwe-16.04-edge', 'pkgver': '4.15.0.126.125'},\n {'osver': '16.04', 'pkgname': 'linux-image-gke', 'pkgver': '4.15.0.1088.89'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency-hwe-16.04', 'pkgver': '4.15.0.126.125'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency-hwe-16.04-edge', 'pkgver': '4.15.0.126.125'},\n {'osver': '16.04', 'pkgname': 'linux-image-oem', 'pkgver': '4.15.0.126.125'},\n {'osver': '16.04', 'pkgname': 'linux-image-oracle', 'pkgver': '4.15.0.1059.48'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual-hwe-16.04', 'pkgver': '4.15.0.126.125'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual-hwe-16.04-edge', 'pkgver': '4.15.0.126.125'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1059-oracle', 'pkgver': '4.15.0-1059.65'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1074-gke', 'pkgver': '4.15.0-1074.79'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1074-raspi2', 'pkgver': '4.15.0-1074.79'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1079-kvm', 'pkgver': '4.15.0-1079.81'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1088-aws', 'pkgver': '4.15.0-1088.93'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1088-gcp', 'pkgver': '4.15.0-1088.101'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1091-snapdragon', 'pkgver': '4.15.0-1091.100'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1100-azure', 'pkgver': '4.15.0-1100.111'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1103-oem', 'pkgver': '4.15.0-1103.114'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-126-generic', 'pkgver': '4.15.0-126.129'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-126-generic-lpae', 'pkgver': '4.15.0-126.129'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-126-lowlatency', 'pkgver': '4.15.0-126.129'},\n {'osver': '18.04', 'pkgname': 'linux-image-aws-lts-18.04', 'pkgver': '4.15.0.1088.90'},\n {'osver': '18.04', 'pkgname': 'linux-image-azure-lts-18.04', 'pkgver': '4.15.0.1100.73'},\n {'osver': '18.04', 'pkgname': 'linux-image-gcp-lts-18.04', 'pkgver': '4.15.0.1088.106'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic', 'pkgver': '4.15.0.126.113'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-hwe-16.04', 'pkgver': '4.15.0.126.113'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-hwe-16.04-edge', 'pkgver': '4.15.0.126.113'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae', 'pkgver': '4.15.0.126.113'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae-hwe-16.04', 'pkgver': '4.15.0.126.113'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae-hwe-16.04-edge', 'pkgver': '4.15.0.126.113'},\n {'osver': '18.04', 'pkgname': 'linux-image-gke', 'pkgver': '4.15.0.1074.78'},\n {'osver': '18.04', 'pkgname': 'linux-image-gke-4.15', 'pkgver': '4.15.0.1074.78'},\n {'osver': '18.04', 'pkgname': 'linux-image-kvm', 'pkgver': '4.15.0.1079.75'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency', 'pkgver': '4.15.0.126.113'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency-hwe-16.04', 'pkgver': '4.15.0.126.113'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency-hwe-16.04-edge', 'pkgver': '4.15.0.126.113'},\n {'osver': '18.04', 'pkgname': 'linux-image-oem', 'pkgver': '4.15.0.1103.107'},\n {'osver': '18.04', 'pkgname': 'linux-image-oracle-lts-18.04', 'pkgver': '4.15.0.1059.69'},\n {'osver': '18.04', 'pkgname': 'linux-image-raspi2', 'pkgver': '4.15.0.1074.71'},\n {'osver': '18.04', 'pkgname': 'linux-image-snapdragon', 'pkgver': '4.15.0.1091.94'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual', 'pkgver': '4.15.0.126.113'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual-hwe-16.04', 'pkgver': '4.15.0.126.113'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual-hwe-16.04-edge', 'pkgver': '4.15.0.126.113'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-image-4.15.0-1059-oracle / linux-image-4.15.0-1074-gke / etc');\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:13", "description": "The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).\n\nCVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:3718-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25669", "CVE-2020-27777", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29371"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-3718-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143633", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3718-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143633);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25669\",\n \"CVE-2020-27777\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\",\n \"CVE-2020-29371\"\n );\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:3718-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c\nwhich could have allowed local users to gain privileges or cause a\ndenial of service (bsc#1179141).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have\nallowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit()\n(bsc#1178182).\n\nCVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could\nhave been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could\nhave been used by local attackers to read privileged information or\npotentially crash the kernel (bsc#1178589).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace\n(bsc#1179429).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1067665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175916\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177808\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177819\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178182\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178838\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179213\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179259\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179403\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179406\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179421\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15436/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15437/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25669/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28915/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28974/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29371/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203718-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8809a5f5\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-3718=1\n\nSUSE Linux Enterprise Module for Live Patching 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-3718=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-3718=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Development-Tools-15-SP1-2020-3718=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3718=1\n\nSUSE Linux Enterprise High Availability 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-3718=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27777\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-25669\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-debuginfo-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debuginfo-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debugsource-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-debuginfo-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-debugsource-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-syms-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-debuginfo-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-base-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-base-debuginfo-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-debuginfo-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-debugsource-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-devel-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-devel-debuginfo-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-obs-build-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-obs-build-debugsource-4.12.14-197.75.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-syms-4.12.14-197.75.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-29T14:24:49", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc.Security Fix(es):A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/ nfs/ nfs4proc.c instead of fs/ nfs/ nfs4xdr.c, aka CID-b4487b935452..(CVE-2020-25212)A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.(CVE-2020-14385)In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel(CVE-2020-0404)The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.(CVE-2020-25284)A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.(CVE-2020-25285)A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.(CVE-2020-14314)A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.(CVE-2020-14386)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-10-09T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : kernel (EulerOS-SA-2020-2176)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0404", "CVE-2020-14314", "CVE-2020-14385", "CVE-2020-14386", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285"], "modified": "2021-04-19T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2176.NASL", "href": "https://www.tenable.com/plugins/nessus/141329", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141329);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/19\");\n\n script_cve_id(\n \"CVE-2020-0404\",\n \"CVE-2020-14314\",\n \"CVE-2020-14385\",\n \"CVE-2020-14386\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : kernel (EulerOS-SA-2020-2176)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):A TOCTOU mismatch in the\n NFS client code in the Linux kernel before 5.8.3 could\n be used by local attackers to corrupt memory or\n possibly have unspecified other impact because a size\n check is in fs/ nfs/ nfs4proc.c instead of fs/ nfs/\n nfs4xdr.c, aka CID-b4487b935452..(CVE-2020-25212)A flaw\n was found in the Linux kernel before 5.9-rc4. A failure\n of the file system metadata validator in XFS can cause\n an inode with a valid, user-creatable extended\n attribute to be flagged as corrupt. This can lead to\n the filesystem being shutdown, or otherwise rendered\n inaccessible until it is remounted, leading to a denial\n of service. The highest threat from this vulnerability\n is to system availability.(CVE-2020-14385)In\n uvc_scan_chain_forward of uvc_driver.c, there is a\n possible linked list corruption due to an unusual root\n cause. This could lead to local escalation of privilege\n in the kernel with no additional execution privileges\n needed. User interaction is not needed for\n exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-111893654References: Upstream\n kernel(CVE-2020-0404)The rbd block device driver in\n drivers/block/rbd.c in the Linux kernel through 5.8.9\n used incomplete permission checking for access to rbd\n devices, which could be leveraged by local attackers to\n map or unmap rbd block devices, aka\n CID-f44d04e696fe.(CVE-2020-25284)A race condition\n between hugetlb sysctl handlers in mm/hugetlb.c in the\n Linux kernel before 5.8.8 could be used by local\n attackers to corrupt memory, cause a NULL pointer\n dereference, or possibly have unspecified other impact,\n aka CID-17743798d812.(CVE-2020-25285)A memory\n out-of-bounds read flaw was found in the Linux kernel\n before 5.9-rc2 with the ext3/ext4 file system, in the\n way it accesses a directory with broken indexing. This\n flaw allows a local user to crash the system if the\n directory exists. The highest threat from this\n vulnerability is to system\n availability.(CVE-2020-14314)A flaw was found in the\n Linux kernel before 5.9-rc4. Memory corruption can be\n exploited to gain root privileges from unprivileged\n processes. The highest threat from this vulnerability\n is to data confidentiality and\n integrity.(CVE-2020-14386)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2176\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7ba7a261\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.18.0-147.5.1.0.h208.eulerosv2r9\",\n \"kernel-tools-4.18.0-147.5.1.0.h208.eulerosv2r9\",\n \"kernel-tools-libs-4.18.0-147.5.1.0.h208.eulerosv2r9\",\n \"python3-perf-4.18.0-147.5.1.0.h208.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-29T14:25:13", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5884 advisory.\n\n - A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2020-14356)\n\n - A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14385)\n\n - A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity. (CVE-2020-14386)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. (CVE-2020-25285)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-12T00:00:00", "type": "nessus", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2020-5884)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14314", "CVE-2020-14356", "CVE-2020-14385", "CVE-2020-14386", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2020-5884.NASL", "href": "https://www.tenable.com/plugins/nessus/141395", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5884.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141395);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2020-14314\",\n \"CVE-2020-14356\",\n \"CVE-2020-14385\",\n \"CVE-2020-14386\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\"\n );\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2020-5884)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2020-5884 advisory.\n\n - A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found\n in the way when reboot the system. A local user could use this flaw to crash the system or escalate their\n privileges on the system. (CVE-2020-14356)\n\n - A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in\n XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can\n lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading\n to a denial of service. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14385)\n\n - A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root\n privileges from unprivileged processes. The highest threat from this vulnerability is to data\n confidentiality and integrity. (CVE-2020-14386)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file\n system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash\n the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers\n to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c\n instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete\n permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap\n rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be\n used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified\n other impact, aka CID-17743798d812. (CVE-2020-25285)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5884.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14386\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.4.17-2011.7.4.el7uek', '5.4.17-2011.7.4.el8uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-5884');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-5.4.17-2011.7.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2011.7.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2011.7.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2011.7.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2011.7.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2011.7.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2011.7.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2011.7.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2011.7.4.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2011.7.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2011.7.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-libs-5.4.17-2011.7.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-5.4.17'},\n {'reference':'perf-5.4.17-2011.7.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-5.4.17-2011.7.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-5.4.17-2011.7.4.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2011.7.4.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2011.7.4.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2011.7.4.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2011.7.4.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2011.7.4.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2011.7.4.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2011.7.4.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2011.7.4.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-28T14:16:56", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-b8d17e7d93d2.(CVE-2019-19078)\n\n - In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.(CVE-2020-11668)\n\n - An issue was found in Linux kernel before 5.5.4.\n mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591.(CVE-2020-12654)\n\n - A flaw was found in the way the Linux kernel's networking subsystem handled the write queue between TCP disconnection and re-connections. A local attacker could use this flaw to trigger multiple use-after-free conditions potentially escalating their privileges on the system.(CVE-2019-15239)\n\n - A use-after-free flaw was found in the way the Linux kernel's filesystem subsystem handled a race condition in the chrdev_open function. This flaw allows a privileged local user to starve the resources, causing a denial of service or potentially escalating their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-0305)\n\n - A flaw was found in the Linux pinctrl system. It is possible to trigger an of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed.(CVE-2020-0427)\n\n - A stack information leak flaw was found in s390/s390x in the Linux kernel's memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data.(CVE-2020-10773)\n\n - A flaw was found in the Linux kernel's implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14331)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14351)\n\n - A flaw was found in the Linux kernel before 5.9-rc4.\n Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.(CVE-2020-14386)\n\n - Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.(CVE-2020-15436)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.(CVE-2020-25645)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.(CVE-2020-25656)\n\n - Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.(CVE-2020-25669)\n\n - A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.(CVE-2020-25704)\n\n - A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D:\n v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7:\n All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU:\n Version(CVE-2020-25705)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.(CVE-2020-28974)\n\n - An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.(CVE-2020-29370)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.(CVE-2020-29661)\n\n - A flaw was found in the USB monitor driver of the Linux kernel. This flaw allows an attacker with physical access to the system to crash the system or potentially escalate their privileges(CVE-2019-9456)\n\n - A flaw out of bounds write in the Linux kernel human interface devices subsystem was found in the way user calls find key code by index. A local user could use this flaw to crash the system or escalate privileges on the system.(CVE-2020-0431)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-07-06T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.2 : kernel (EulerOS-SA-2021-2140)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-15239", "CVE-2019-19078", "CVE-2019-9456", "CVE-2020-0305", "CVE-2020-0427", "CVE-2020-0431", "CVE-2020-10773", "CVE-2020-11668", "CVE-2020-12654", "CVE-2020-14331", "CVE-2020-14351", "CVE-2020-14386", "CVE-2020-15436", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-25669", "CVE-2020-25704", "CVE-2020-25705", "CVE-2020-28974", "CVE-2020-29370", "CVE-2020-29661"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.2.2"], "id": "EULEROS_SA-2021-2140.NASL", "href": "https://www.tenable.com/plugins/nessus/151419", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151419);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-15239\",\n \"CVE-2019-19078\",\n \"CVE-2019-9456\",\n \"CVE-2020-0305\",\n \"CVE-2020-0427\",\n \"CVE-2020-0431\",\n \"CVE-2020-10773\",\n \"CVE-2020-11668\",\n \"CVE-2020-12654\",\n \"CVE-2020-14331\",\n \"CVE-2020-14351\",\n \"CVE-2020-14386\",\n \"CVE-2020-15436\",\n \"CVE-2020-25645\",\n \"CVE-2020-25656\",\n \"CVE-2020-25669\",\n \"CVE-2020-25704\",\n \"CVE-2020-25705\",\n \"CVE-2020-28974\",\n \"CVE-2020-29370\",\n \"CVE-2020-29661\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"EulerOS Virtualization 3.0.2.2 : kernel (EulerOS-SA-2021-2140)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A memory leak in the ath10k_usb_hif_tx_sg() function in\n drivers/net/wireless/ath/ath10k/usb.c in the Linux\n kernel through 5.3.11 allows attackers to cause a\n denial of service (memory consumption) by triggering\n usb_submit_urb() failures, aka\n CID-b8d17e7d93d2.(CVE-2019-19078)\n\n - In the Linux kernel before 5.6.1,\n drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink\n camera USB driver) mishandles invalid descriptors, aka\n CID-a246b4d54770.(CVE-2020-11668)\n\n - An issue was found in Linux kernel before 5.5.4.\n mwifiex_ret_wmm_get_status() in\n drivers/net/wireless/marvell/mwifiex/wmm.c allows a\n remote AP to trigger a heap-based buffer overflow\n because of an incorrect memcpy, aka\n CID-3a9b153c5591.(CVE-2020-12654)\n\n - A flaw was found in the way the Linux kernel's\n networking subsystem handled the write queue between\n TCP disconnection and re-connections. A local attacker\n could use this flaw to trigger multiple use-after-free\n conditions potentially escalating their privileges on\n the system.(CVE-2019-15239)\n\n - A use-after-free flaw was found in the way the Linux\n kernel's filesystem subsystem handled a race condition\n in the chrdev_open function. This flaw allows a\n privileged local user to starve the resources, causing\n a denial of service or potentially escalating their\n privileges. The highest threat from this vulnerability\n is to confidentiality, integrity, as well as system\n availability.(CVE-2020-0305)\n\n - A flaw was found in the Linux pinctrl system. It is\n possible to trigger an of bounds read due to a use\n after free. This could lead to local information\n disclosure with no additional execution privileges\n needed.(CVE-2020-0427)\n\n - A stack information leak flaw was found in s390/s390x\n in the Linux kernel's memory manager functionality,\n where it incorrectly writes to the\n /proc/sys/vm/cmm_timeout file. This flaw allows a local\n user to see the kernel data.(CVE-2020-10773)\n\n - A flaw was found in the Linux kernel's implementation\n of the invert video code on VGA consoles when a local\n attacker attempts to resize the console, calling an\n ioctl VT_RESIZE, which causes an out-of-bounds write to\n occur. This flaw allows a local user with access to the\n VGA console to crash the system, potentially escalating\n their privileges on the system. The highest threat from\n this vulnerability is to data confidentiality and\n integrity as well as system\n availability.(CVE-2020-14331)\n\n - A flaw was found in the Linux kernel. A use-after-free\n memory flaw was found in the perf subsystem allowing a\n local attacker with permission to monitor perf events\n to corrupt memory and possibly escalate privileges. The\n highest threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability.(CVE-2020-14351)\n\n - A flaw was found in the Linux kernel before 5.9-rc4.\n Memory corruption can be exploited to gain root\n privileges from unprivileged processes. The highest\n threat from this vulnerability is to data\n confidentiality and integrity.(CVE-2020-14386)\n\n - Use-after-free vulnerability in fs/block_dev.c in the\n Linux kernel before 5.8 allows local users to gain\n privileges or cause a denial of service by leveraging\n improper access to a certain error\n field.(CVE-2020-15436)\n\n - A flaw was found in the Linux kernel in versions before\n 5.9-rc7. Traffic between two Geneve endpoints may be\n unencrypted when IPsec is configured to encrypt traffic\n for the specific UDP port used by the GENEVE tunnel\n allowing anyone between the two endpoints to read the\n traffic unencrypted. The main threat from this\n vulnerability is to data\n confidentiality.(CVE-2020-25645)\n\n - A flaw was found in the Linux kernel. A use-after-free\n was found in the way the console subsystem was using\n ioctls KDGKBSENT and KDSKBSENT. A local user could use\n this flaw to get read memory access out of bounds. The\n highest threat from this vulnerability is to data\n confidentiality.(CVE-2020-25656)\n\n - Bodong Zhao discovered a use-after-free in the Sun\n keyboard driver implementation in the Linux kernel. A\n local attacker could use this to cause a denial of\n service or possibly execute arbitrary\n code.(CVE-2020-25669)\n\n - A flaw memory leak in the Linux kernel performance\n monitoring subsystem was found in the way if using\n PERF_EVENT_IOC_SET_FILTER. A local user could use this\n flaw to starve the resources causing denial of\n service.(CVE-2020-25704)\n\n - A flaw in ICMP packets in the Linux kernel may allow an\n attacker to quickly scan open UDP ports. This flaw\n allows an off-path remote attacker to effectively\n bypass source port UDP randomization. Software that\n relies on UDP source port randomization are indirectly\n affected as well on the Linux Based Products (RUGGEDCOM\n RM1224: All versions between v5.0 and v6.4, SCALANCE\n M-800: All versions between v5.0 and v6.4, SCALANCE\n S615: All versions between v5.0 and v6.4, SCALANCE\n SC-600: All versions prior to v2.1.3, SCALANCE W1750D:\n v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7:\n All versions, SIMATIC MV500 Family: All versions,\n SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions\n 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU:\n Version(CVE-2020-25705)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel\n before 5.9.7 could be used by local attackers to read\n privileged information or potentially crash the kernel,\n aka CID-3c4e0dff2095. This occurs because\n KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for\n manipulations such as font height.(CVE-2020-28974)\n\n - An issue was discovered in kmem_cache_alloc_bulk in\n mm/slub.c in the Linux kernel before 5.5.11. The\n slowpath lacks the required TID increment, aka\n CID-fd4d9c7d0c71.(CVE-2020-29370)\n\n - A locking issue was discovered in the tty subsystem of\n the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free\n attack against TIOCSPGRP, aka\n CID-54ffccbf053b.(CVE-2020-29661)\n\n - A flaw was found in the USB monitor driver of the Linux\n kernel. This flaw allows an attacker with physical\n access to the system to crash the system or potentially\n escalate their privileges(CVE-2019-9456)\n\n - A flaw out of bounds write in the Linux kernel human\n interface devices subsystem was found in the way user\n calls find key code by index. A local user could use\n this flaw to crash the system or escalate privileges on\n the system.(CVE-2020-0431)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2140\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b3064040\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.2\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.2\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.6_77\",\n \"kernel-devel-3.10.0-862.14.1.6_77\",\n \"kernel-headers-3.10.0-862.14.1.6_77\",\n \"kernel-tools-3.10.0-862.14.1.6_77\",\n \"kernel-tools-libs-3.10.0-862.14.1.6_77\",\n \"perf-3.10.0-862.14.1.6_77\",\n \"python-perf-3.10.0-862.14.1.6_77\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-29T14:26:54", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc.Security Fix(es):A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device.\n With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable.(CVE-2020-10781)The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.(CVE-2020-25284)A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.(CVE-2020-14314)A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.(CVE-2020-14386)A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.(CVE-2020-25285)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-15T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-2549)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10781", "CVE-2020-14314", "CVE-2020-14386", "CVE-2020-25284", "CVE-2020-25285"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2549.NASL", "href": "https://www.tenable.com/plugins/nessus/144244", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144244);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/02\");\n\n script_cve_id(\n \"CVE-2020-10781\",\n \"CVE-2020-14314\",\n \"CVE-2020-14386\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-2549)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):A flaw was found in the\n Linux Kernel before 5.8-rc6 in the ZRAM kernel module,\n where a user with a local account and the ability to\n read the /sys/class/zram-control/hot_add file can\n create ZRAM device nodes in the /dev/ directory. This\n read allocates kernel memory and is not accounted for a\n user that triggers the creation of that ZRAM device.\n With this vulnerability, continually reading the device\n may consume a large amount of system memory and cause\n the Out-of-Memory (OOM) killer to activate and\n terminate random userspace processes, possibly making\n the system inoperable.(CVE-2020-10781)The rbd block\n device driver in drivers/block/rbd.c in the Linux\n kernel through 5.8.9 used incomplete permission\n checking for access to rbd devices, which could be\n leveraged by local attackers to map or unmap rbd block\n devices, aka CID-f44d04e696fe.(CVE-2020-25284)A memory\n out-of-bounds read flaw was found in the Linux kernel\n before 5.9-rc2 with the ext3/ext4 file system, in the\n way it accesses a directory with broken indexing. This\n flaw allows a local user to crash the system if the\n directory exists. The highest threat from this\n vulnerability is to system\n availability.(CVE-2020-14314)A flaw was found in the\n Linux kernel before 5.9-rc4. Memory corruption can be\n exploited to gain root privileges from unprivileged\n processes. The highest threat from this vulnerability\n is to data confidentiality and\n integrity.(CVE-2020-14386)A race condition between\n hugetlb sysctl handlers in mm/hugetlb.c in the Linux\n kernel before 5.8.8 could be used by local attackers to\n corrupt memory, cause a NULL pointer dereference, or\n possibly have unspecified other impact, aka\n CID-17743798d812.(CVE-2020-25285)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2549\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?78c0e5a2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.5.h483.eulerosv2r7\",\n \"kernel-devel-3.10.0-862.14.1.5.h483.eulerosv2r7\",\n \"kernel-headers-3.10.0-862.14.1.5.h483.eulerosv2r7\",\n \"kernel-tools-3.10.0-862.14.1.5.h483.eulerosv2r7\",\n \"kernel-tools-libs-3.10.0-862.14.1.5.h483.eulerosv2r7\",\n \"perf-3.10.0-862.14.1.5.h483.eulerosv2r7\",\n \"python-perf-3.10.0-862.14.1.5.h483.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:31", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service or information leaks.\n\nCVE-2020-12351\n\nAndy Nguyen discovered a flaw in the Bluetooth implementation in the way L2CAP packets with A2MP CID are handled. A remote attacker in short distance knowing the victim's Bluetooth device address can send a malicious l2cap packet and cause a denial of service or possibly arbitrary code execution with kernel privileges.\n\nCVE-2020-12352\n\nAndy Nguyen discovered a flaw in the Bluetooth implementation. Stack memory is not properly initialised when handling certain AMP packets.\nA remote attacker in short distance knowing the victim's Bluetooth device address address can retrieve kernel stack information.\n\nCVE-2020-25211\n\nA flaw was discovered in netfilter subsystem. A local attacker able to inject conntrack Netlink configuration can cause a denial of service.\n\nCVE-2020-25643\n\nChenNan Of Chaitin Security Research Lab discovered a flaw in the hdlc_ppp module. Improper input validation in the ppp_cp_parse_cr() function may lead to memory corruption and information disclosure.\n\nCVE-2020-25645\n\nA flaw was discovered in the interface driver for GENEVE encapsulated traffic when combined with IPsec. If IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel, tunneled data isn't correctly routed over the encrypted link and sent unencrypted instead.\n\nFor Debian 9 stretch, these problems have been fixed in version 4.19.152-1~deb9u1.\n\nWe recommend that you upgrade your linux-4.19 packages.\n\nFor the detailed security status of linux-4.19 please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/linux-4.19\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-10-29T00:00:00", "type": "nessus", "title": "Debian DLA-2417-1 : linux-4.19 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12351", "CVE-2020-12352", "CVE-2020-25211", "CVE-2020-25643", "CVE-2020-25645"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-config-4.19", "p-cpe:/a:debian:debian_linux:linux-doc-4.19", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-cloud-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common-rt", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-marvell", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rpi", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.19", "p-cpe:/a:debian:debian_linux:linux-perf-4.19", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-source-4.19", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-arm64", "p-cpe:/a:debian:debian_linux:linux-support-4.19.0-0.bpo.10", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-armmp", "cpe:/o:debian:debian_linux:9.0", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64"], "id": "DEBIAN_DLA-2417.NASL", "href": "https://www.tenable.com/plugins/nessus/142052", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2417-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142052);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2020-12351\", \"CVE-2020-12352\", \"CVE-2020-25211\", \"CVE-2020-25643\", \"CVE-2020-25645\");\n\n script_name(english:\"Debian DLA-2417-1 : linux-4.19 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service or information leaks.\n\nCVE-2020-12351\n\nAndy Nguyen discovered a flaw in the Bluetooth implementation in the\nway L2CAP packets with A2MP CID are handled. A remote attacker in\nshort distance knowing the victim's Bluetooth device address can send\na malicious l2cap packet and cause a denial of service or possibly\narbitrary code execution with kernel privileges.\n\nCVE-2020-12352\n\nAndy Nguyen discovered a flaw in the Bluetooth implementation. Stack\nmemory is not properly initialised when handling certain AMP packets.\nA remote attacker in short distance knowing the victim's Bluetooth\ndevice address address can retrieve kernel stack information.\n\nCVE-2020-25211\n\nA flaw was discovered in netfilter subsystem. A local attacker able to\ninject conntrack Netlink configuration can cause a denial of service.\n\nCVE-2020-25643\n\nChenNan Of Chaitin Security Research Lab discovered a flaw in the\nhdlc_ppp module. Improper input validation in the ppp_cp_parse_cr()\nfunction may lead to memory corruption and information disclosure.\n\nCVE-2020-25645\n\nA flaw was discovered in the interface driver for GENEVE encapsulated\ntraffic when combined with IPsec. If IPsec is configured to encrypt\ntraffic for the specific UDP port used by the GENEVE tunnel, tunneled\ndata isn't correctly routed over the encrypted link and sent\nunencrypted instead.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.19.152-1~deb9u1.\n\nWe recommend that you upgrade your linux-4.19 packages.\n\nFor the detailed security status of linux-4.19 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/linux-4.19\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux-4.19\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux-4.19\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-config-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-cloud-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.19.0-0.bpo.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"linux-config-4.19\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.19\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-686\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-686-pae\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-amd64\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-arm64\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-armel\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-armhf\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-i386\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-amd64\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-arm64\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-armmp\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-armmp-lpae\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-cloud-amd64\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-common\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-common-rt\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-marvell\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rpi\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-686-pae\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-amd64\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-arm64\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-armmp\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-dbg\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-pae\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-pae-dbg\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-amd64\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-amd64-dbg\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-arm64\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-arm64-dbg\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-dbg\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-lpae\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-cloud-amd64\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-marvell\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-marvell-dbg\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rpi\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rpi-dbg\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-686-pae\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-amd64\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-amd64-dbg\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-arm64\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-arm64-dbg\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-armmp\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-armmp-dbg\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.19\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.19\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.19\", reference:\"4.19.152-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.19.0-0.bpo.10\", reference:\"4.19.152-1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:23", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service or information leaks.\n\n - CVE-2020-12351 Andy Nguyen discovered a flaw in the Bluetooth implementation in the way L2CAP packets with A2MP CID are handled. A remote attacker in short distance knowing the victim's Bluetooth device address can send a malicious l2cap packet and cause a denial of service or possibly arbitrary code execution with kernel privileges.\n\n - CVE-2020-12352 Andy Nguyen discovered a flaw in the Bluetooth implementation. Stack memory is not properly initialised when handling certain AMP packets. A remote attacker in short distance knowing the victim's Bluetooth device address can retrieve kernel stack information.\n\n - CVE-2020-25211 A flaw was discovered in netfilter subsystem. A local attacker able to inject conntrack Netlink configuration can cause a denial of service.\n\n - CVE-2020-25643 ChenNan Of Chaitin Security Research Lab discovered a flaw in the hdlc_ppp module. Improper input validation in the ppp_cp_parse_cr() function may lead to memory corruption and information disclosure.\n\n - CVE-2020-25645 A flaw was discovered in the interface driver for GENEVE encapsulated traffic when combined with IPsec. If IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel, tunneled data isn't correctly routed over the encrypted link and sent unencrypted instead.", "cvss3": {}, "published": "2020-10-20T00:00:00", "type": "nessus", "title": "Debian DSA-4774-1 : linux - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12351", "CVE-2020-12352", "CVE-2020-25211", "CVE-2020-25643", "CVE-2020-25645"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4774.NASL", "href": "https://www.tenable.com/plugins/nessus/141552", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4774. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141552);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2020-12351\", \"CVE-2020-12352\", \"CVE-2020-25211\", \"CVE-2020-25643\", \"CVE-2020-25645\");\n script_xref(name:\"DSA\", value:\"4774\");\n\n script_name(english:\"Debian DSA-4774-1 : linux - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service or information leaks.\n\n - CVE-2020-12351\n Andy Nguyen discovered a flaw in the Bluetooth\n implementation in the way L2CAP packets with A2MP CID\n are handled. A remote attacker in short distance knowing\n the victim's Bluetooth device address can send a\n malicious l2cap packet and cause a denial of service or\n possibly arbitrary code execution with kernel\n privileges.\n\n - CVE-2020-12352\n Andy Nguyen discovered a flaw in the Bluetooth\n implementation. Stack memory is not properly initialised\n when handling certain AMP packets. A remote attacker in\n short distance knowing the victim's Bluetooth device\n address can retrieve kernel stack information.\n\n - CVE-2020-25211\n A flaw was discovered in netfilter subsystem. A local\n attacker able to inject conntrack Netlink configuration\n can cause a denial of service.\n\n - CVE-2020-25643\n ChenNan Of Chaitin Security Research Lab discovered a\n flaw in the hdlc_ppp module. Improper input validation\n in the ppp_cp_parse_cr() function may lead to memory\n corruption and information disclosure.\n\n - CVE-2020-25645\n A flaw was discovered in the interface driver for GENEVE\n encapsulated traffic when combined with IPsec. If IPsec\n is configured to encrypt traffic for the specific UDP\n port used by the GENEVE tunnel, tunneled data isn't\n correctly routed over the encrypted link and sent\n unencrypted instead.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-12351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-12352\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-25211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-25643\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-25645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020/dsa-4774\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the linux packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 4.19.152-1. The vulnerabilities are fixed by rebasing to\nthe new stable upstream version 4.19.152 which includes additional\nbugfixes.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"affs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"affs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"affs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"affs-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ata-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ata-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ata-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ata-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ata-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"btrfs-modules-4.19.0-5-s390x-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cdrom-core-modules-4.19.0-5-s390x-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"compress-modules-4.19.0-5-s390x-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crc-modules-4.19.0-5-s390x-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-dm-modules-4.19.0-5-s390x-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"crypto-modules-4.19.0-5-s390x-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"dasd-extra-modules-4.19.0-5-s390x-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"dasd-modules-4.19.0-5-s390x-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"efi-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"event-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ext4-modules-4.19.0-5-s390x-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fancontrol-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fat-modules-4.19.0-5-s390x-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fb-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fb-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fb-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fb-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fb-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fb-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firewire-core-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"firewire-core-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"fuse-modules-4.19.0-5-s390x-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"hfs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"hfs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"hfs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"hfs-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"hyperv-daemons\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"hypervisor-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"i2c-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"i2c-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"i2c-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"i2c-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"input-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ipv6-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"isofs-modules-4.19.0-5-s390x-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jffs2-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"jfs-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"kernel-image-4.19.0-5-s390x-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"leds-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"leds-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libbpf-dev\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libbpf4.19\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libcpupower-dev\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libcpupower1\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"liblockdep-dev\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"liblockdep4.19\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-compiler-gcc-8-arm\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-compiler-gcc-8-s390\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-compiler-gcc-8-x86\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-config-4.19\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-cpupower\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-doc-4.19\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-4kc-malta\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-5kc-malta\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-686\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-686-pae\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-amd64\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-arm64\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-armel\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-armhf\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-i386\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-mips\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-mips64el\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-mipsel\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-ppc64el\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-all-s390x\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-amd64\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-arm64\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-armmp\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-armmp-lpae\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-cloud-amd64\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-common\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-common-rt\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-loongson-3\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-marvell\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-octeon\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-powerpc64le\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-rpi\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-rt-686-pae\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-rt-amd64\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-rt-arm64\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-rt-armmp\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-headers-4.19.0-5-s390x\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-4kc-malta\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-4kc-malta-dbg\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-5kc-malta\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-5kc-malta-dbg\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-686-dbg\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-686-pae-dbg\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-686-pae-unsigned\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-686-unsigned\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-amd64-dbg\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-amd64-unsigned\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-arm64-dbg\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-arm64-unsigned\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-armmp\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-armmp-dbg\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-armmp-lpae\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-armmp-lpae-dbg\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-cloud-amd64-dbg\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-cloud-amd64-unsigned\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-loongson-3\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-loongson-3-dbg\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-marvell\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-marvell-dbg\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-octeon\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-octeon-dbg\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-powerpc64le\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-powerpc64le-dbg\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rpi\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rpi-dbg\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-686-pae-dbg\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-686-pae-unsigned\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-amd64-dbg\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-amd64-unsigned\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-arm64-dbg\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-arm64-unsigned\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-armmp\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-rt-armmp-dbg\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-s390x\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-4.19.0-5-s390x-dbg\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-amd64-signed-template\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-arm64-signed-template\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-image-i386-signed-template\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-kbuild-4.19\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-libc-dev\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-perf-4.19\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-source-4.19\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"linux-support-4.19.0-5\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"lockdep\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"loop-modules-4.19.0-5-s390x-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"md-modules-4.19.0-5-s390x-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"minix-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"minix-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"minix-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"minix-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"minix-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-core-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-core-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-core-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mmc-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mouse-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mouse-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mouse-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mouse-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-core-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-core-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-core-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-core-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-core-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-core-modules-4.19.0-5-s390x-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"mtd-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"multipath-modules-4.19.0-5-s390x-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nbd-modules-4.19.0-5-s390x-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nfs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-modules-4.19.0-5-s390x-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-shared-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-usb-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-wireless-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-wireless-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-wireless-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-wireless-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-wireless-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"nic-wireless-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"pata-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"pata-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"pata-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"pata-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"pata-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ppp-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"rtc-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sata-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-core-modules-4.19.0-5-s390x-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-modules-4.19.0-5-s390x-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-nic-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-nic-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-nic-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-nic-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-nic-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"scsi-nic-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"serial-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sound-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sound-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sound-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"sound-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"speakup-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"squashfs-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"udf-modules-4.19.0-5-s390x-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"uinput-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"uinput-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"uinput-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-serial-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usb-storage-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"usbip\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xfs-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xfs-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xfs-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xfs-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xfs-modules-4.19.0-5-powerpc64le-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"xfs-modules-4.19.0-5-s390x-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-4kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-5kc-malta-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-armmp-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-loongson-3-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-marvell-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-octeon-di\", reference:\"4.19.152-1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"zlib-modules-4.19.0-5-s390x-di\", reference:\"4.19.152-1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:33", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc. Security Fix(es):In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-111893654References: Upstream kernel.(CVE-2020-0404)A flaw was found in the Linux kernel in versions from 2.2.3 through 5.9.rc5. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. This highest threat from this vulnerability is to system availability.(CVE-2020-14390)A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs4proc.c instead of fsfs4xdr.c, aka CID-b4487b935452.(CVE-2020-25212)A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service.\n The highest threat from this vulnerability is to system availability.(CVE-2020-14385)In the Linux kernel before 5.7.8, fsfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131.\n This occurs because the current umask is not considered.(CVE-2020-24394)The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.(CVE-2020-25284)An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys et/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.(CVE-2019-18805)Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access.(CVE-2019-0147)Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access.(CVE-2020-0145)A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.(CVE-2020-25285)A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.(CVE-2020-14314)A missing CAP_NET_RAW check in NFC socket creation in net fc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.(CVE-2020-26088)A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25643)The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot.(CVE-2015-7837)A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability.(CVE-2020-25641)A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.(CVE-2020-14386)A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.(CVE-2020-25645)perf: Fix race in perf_mmap_close function.(CVE-2020-14351)An information leak flaw was found in the way the Linux kernel's Bluetooth stack implementation handled initialization of stack memory when handling certain AMP packets. A remote attacker in adjacent range could use this flaw to leak small portions of stack memory on the system by sending a specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality.(CVE-2020-12352)A flaw was found in the way the Linux kernel Bluetooth implementation handled L2CAP packets with A2MP CID. A remote attacker in adjacent range could use this flaw to crash the system causing denial of service or potentially execute arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-12351)A heap buffer overflow flaw was found in the way the Linux kernel's Bluetooth implementation processed extended advertising report events. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or to potentially execute arbitrary code on the system by sending a specially crafted Bluetooth packet. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-24490)** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2020-25656)In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143560807(CVE-2020-0432)A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.(CVE-2020-28974)A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.(CVE-2020-25704)A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.(CVE-2020-28915)There is a use-after-free problem seen due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.(CVE-2020-10690)A device tracking vulnerability was found in the flow_dissector feature in the Linux kernel. This flaw occurs because the auto flowlabel of the UDP IPv6 packet relies on a 32-bit hashmd value as a secret, and jhash (instead of siphash) is used. The hashmd value remains the same starting from boot time and can be inferred by an attacker.(CVE-2019-18282)Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.(CVE-2020-15436)The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.(CVE-2020-15437)An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.(CVE-2020-29370)An issue was discovered in the Linux kernel before 5.2.6.\n On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.(CVE-2019-20934)An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.(CVE-2020-29371)An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.(CVE-2020-29374)A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.(CVE-2020-27777)In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459(CVE-2020-0431)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-01-05T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2021-1039)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7837", "CVE-2019-0145", "CVE-2019-0147", "CVE-2019-18282", "CVE-2019-18805", "CVE-2019-20934", "CVE-2020-0145", "CVE-2020-0404", "CVE-2020-0431", "CVE-2020-0432", "CVE-2020-10690", "CVE-2020-12351", "CVE-2020-12352", "CVE-2020-14314", "CVE-2020-14351", "CVE-2020-14385", "CVE-2020-14386", "CVE-2020-14390", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-24394", "CVE-2020-24490", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285", "CVE-2020-25641", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-25704", "CVE-2020-26088", "CVE-2020-27777", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29370", "CVE-2020-29371", "CVE-2020-29374"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2021-1039.NASL", "href": "https://www.tenable.com/plugins/nessus/144731", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144731);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2015-7837\",\n \"CVE-2019-0145\",\n \"CVE-2019-0147\",\n \"CVE-2019-18282\",\n \"CVE-2019-18805\",\n \"CVE-2019-20934\",\n \"CVE-2020-0404\",\n \"CVE-2020-0431\",\n \"CVE-2020-0432\",\n \"CVE-2020-10690\",\n \"CVE-2020-12351\",\n \"CVE-2020-12352\",\n \"CVE-2020-14314\",\n \"CVE-2020-14351\",\n \"CVE-2020-14385\",\n \"CVE-2020-14386\",\n \"CVE-2020-14390\",\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-24394\",\n \"CVE-2020-24490\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\",\n \"CVE-2020-25641\",\n \"CVE-2020-25643\",\n \"CVE-2020-25645\",\n \"CVE-2020-25656\",\n \"CVE-2020-25704\",\n \"CVE-2020-26088\",\n \"CVE-2020-27777\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\",\n \"CVE-2020-29370\",\n \"CVE-2020-29371\",\n \"CVE-2020-29374\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2021-1039)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc. Security Fix(es):In uvc_scan_chain_forward\n of uvc_driver.c, there is a possible linked list\n corruption due to an unusual root cause. This could\n lead to local escalation of privilege in the kernel\n with no additional execution privileges needed. User\n interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-111893654References: Upstream kernel.(CVE-2020-0404)A\n flaw was found in the Linux kernel in versions from\n 2.2.3 through 5.9.rc5. When changing screen size, an\n out-of-bounds memory write can occur leading to memory\n corruption or a denial of service. This highest threat\n from this vulnerability is to system\n availability.(CVE-2020-14390)A TOCTOU mismatch in the\n NFS client code in the Linux kernel before 5.8.3 could\n be used by local attackers to corrupt memory or\n possibly have unspecified other impact because a size\n check is in fs4proc.c instead of fsfs4xdr.c, aka\n CID-b4487b935452.(CVE-2020-25212)A flaw was found in\n the Linux kernel before 5.9-rc4. A failure of the file\n system metadata validator in XFS can cause an inode\n with a valid, user-creatable extended attribute to be\n flagged as corrupt. This can lead to the filesystem\n being shutdown, or otherwise rendered inaccessible\n until it is remounted, leading to a denial of service.\n The highest threat from this vulnerability is to system\n availability.(CVE-2020-14385)In the Linux kernel before\n 5.7.8, fsfsd/vfs.c (in the NFS server) can set\n incorrect permissions on new filesystem objects when\n the filesystem lacks ACL support, aka CID-22cf8419f131.\n This occurs because the current umask is not\n considered.(CVE-2020-24394)The rbd block device driver\n in drivers/block/rbd.c in the Linux kernel through\n 5.8.9 used incomplete permission checking for access to\n rbd devices, which could be leveraged by local\n attackers to map or unmap rbd block devices, aka\n CID-f44d04e696fe.(CVE-2020-25284)An issue was\n discovered in net/ipv4/sysctl_net_ipv4.c in the Linux\n kernel before 5.0.11. There is a net/ipv4/tcp_input.c\n signed integer overflow in tcp_ack_update_rtt() when\n userspace writes a very large integer to /proc/sys\n et/ipv4/tcp_min_rtt_wlen, leading to a denial of\n service or possibly unspecified other impact, aka\n CID-19fad20d15a6.(CVE-2019-18805)Insufficient input\n validation in i40e driver for Intel(R) Ethernet 700\n Series Controllers versions before 7.0 may allow an\n authenticated user to potentially enable a denial of\n service via local access.(CVE-2019-0147)Buffer overflow\n in i40e driver for Intel(R) Ethernet 700 Series\n Controllers versions before 7.0 may allow an\n authenticated user to potentially enable an escalation\n of privilege via local access.(CVE-2020-0145)A race\n condition between hugetlb sysctl handlers in\n mm/hugetlb.c in the Linux kernel before 5.8.8 could be\n used by local attackers to corrupt memory, cause a NULL\n pointer dereference, or possibly have unspecified other\n impact, aka CID-17743798d812.(CVE-2020-25285)A memory\n out-of-bounds read flaw was found in the Linux kernel\n before 5.9-rc2 with the ext3/ext4 file system, in the\n way it accesses a directory with broken indexing. This\n flaw allows a local user to crash the system if the\n directory exists. The highest threat from this\n vulnerability is to system\n availability.(CVE-2020-14314)A missing CAP_NET_RAW\n check in NFC socket creation in net fc/rawsock.c in the\n Linux kernel before 5.8.2 could be used by local\n attackers to create raw sockets, bypassing security\n mechanisms, aka CID-26896f01467a.(CVE-2020-26088)A flaw\n was found in the HDLC_PPP module of the Linux kernel in\n versions before 5.9-rc7. Memory corruption and a read\n overflow is caused by improper input validation in the\n ppp_cp_parse_cr function which can cause the system to\n crash or cause a denial of service. The highest threat\n from this vulnerability is to data confidentiality and\n integrity as well as system\n availability.(CVE-2020-25643)The Linux kernel, as used\n in Red Hat Enterprise Linux 7, kernel-rt, and\n Enterprise MRG 2 and when booted with UEFI Secure Boot\n enabled, allows local users to bypass intended\n securelevel/secureboot restrictions by leveraging\n improper handling of secure_boot flag across kexec\n reboot.(CVE-2015-7837)A flaw was found in the Linux\n kernel's implementation of biovecs in versions before\n 5.9-rc7. A zero-length biovec request issued by the\n block subsystem could cause the kernel to enter an\n infinite loop, causing a denial of service. This flaw\n allows a local attacker with basic privileges to issue\n requests to a block device, resulting in a denial of\n service. The highest threat from this vulnerability is\n to system availability.(CVE-2020-25641)A flaw was found\n in the Linux kernel before 5.9-rc4. Memory corruption\n can be exploited to gain root privileges from\n unprivileged processes. The highest threat from this\n vulnerability is to data confidentiality and\n integrity.(CVE-2020-14386)A flaw was found in the Linux\n kernel in versions before 5.9-rc7. Traffic between two\n Geneve endpoints may be unencrypted when IPsec is\n configured to encrypt traffic for the specific UDP port\n used by the GENEVE tunnel allowing anyone between the\n two endpoints to read the traffic unencrypted. The main\n threat from this vulnerability is to data\n confidentiality.(CVE-2020-25645)perf: Fix race in\n perf_mmap_close function.(CVE-2020-14351)An information\n leak flaw was found in the way the Linux kernel's\n Bluetooth stack implementation handled initialization\n of stack memory when handling certain AMP packets. A\n remote attacker in adjacent range could use this flaw\n to leak small portions of stack memory on the system by\n sending a specially crafted AMP packets. The highest\n threat from this vulnerability is to data\n confidentiality.(CVE-2020-12352)A flaw was found in the\n way the Linux kernel Bluetooth implementation handled\n L2CAP packets with A2MP CID. A remote attacker in\n adjacent range could use this flaw to crash the system\n causing denial of service or potentially execute\n arbitrary code on the system by sending a specially\n crafted L2CAP packet. The highest threat from this\n vulnerability is to data confidentiality and integrity\n as well as system availability.(CVE-2020-12351)A heap\n buffer overflow flaw was found in the way the Linux\n kernel's Bluetooth implementation processed extended\n advertising report events. This flaw allows a remote\n attacker in an adjacent range to crash the system,\n causing a denial of service or to potentially execute\n arbitrary code on the system by sending a specially\n crafted Bluetooth packet. The highest threat from this\n vulnerability is to confidentiality, integrity, as well\n as system availability.(CVE-2020-24490)** RESERVED **\n This candidate has been reserved by an organization or\n individual that will use it when announcing a new\n security problem. When the candidate has been\n publicized, the details for this candidate will be\n provided.(CVE-2020-25656)In skb_to_mamac of\n networking.c, there is a possible out of bounds write\n due to an integer overflow. This could lead to local\n escalation of privilege with no additional execution\n privileges needed. User interaction is not needed for\n exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-143560807(CVE-2020-0432)A\n slab-out-of-bounds read in fbcon in the Linux kernel\n before 5.9.7 could be used by local attackers to read\n privileged information or potentially crash the kernel,\n aka CID-3c4e0dff2095. This occurs because\n KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for\n manipulations such as font height.(CVE-2020-28974)A\n flaw memory leak in the Linux kernel performance\n monitoring subsystem was found in the way if using\n PERF_EVENT_IOC_SET_FILTER. A local user could use this\n flaw to starve the resources causing denial of\n service.(CVE-2020-25704)A buffer over-read (at the\n framebuffer layer) in the fbcon code in the Linux\n kernel before 5.8.15 could be used by local attackers\n to read kernel memory, aka\n CID-6735b4632def.(CVE-2020-28915)There is a\n use-after-free problem seen due to a race condition\n between the release of ptp_clock and cdev while\n resource deallocation. When a (high privileged) process\n allocates a ptp device file (like /dev/ptpX) and\n voluntarily goes to sleep. During this time if the\n underlying device is removed, it can cause an\n exploitable condition as the process wakes up to\n terminate and clean all attached files. The system\n crashes due to the cdev structure being invalid (as\n already freed) which is pointed to by the\n inode.(CVE-2020-10690)A device tracking vulnerability\n was found in the flow_dissector feature in the Linux\n kernel. This flaw occurs because the auto flowlabel of\n the UDP IPv6 packet relies on a 32-bit hashmd value as\n a secret, and jhash (instead of siphash) is used. The\n hashmd value remains the same starting from boot time\n and can be inferred by an\n attacker.(CVE-2019-18282)Use-after-free vulnerability\n in fs/block_dev.c in the Linux kernel before 5.8 allows\n local users to gain privileges or cause a denial of\n service by leveraging improper access to a certain\n error field.(CVE-2020-15436)The Linux kernel before\n version 5.8 is vulnerable to a NULL pointer dereference\n in\n drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of\n service by using the p->serial_in pointer which\n uninitialized.(CVE-2020-15437)An issue was discovered\n in kmem_cache_alloc_bulk in mm/slub.c in the Linux\n kernel before 5.5.11. The slowpath lacks the required\n TID increment, aka CID-fd4d9c7d0c71.(CVE-2020-29370)An\n issue was discovered in the Linux kernel before 5.2.6.\n On NUMA systems, the Linux fair scheduler has a\n use-after-free in show_numa_stats() because NUMA fault\n statistics are inappropriately freed, aka\n CID-16d51a590a8c.(CVE-2019-20934)An issue was\n discovered in romfs_dev_read in fs/romfs/storage.c in\n the Linux kernel before 5.8.4. Uninitialized memory\n leaks to userspace, aka\n CID-bcf85fcedfdd.(CVE-2020-29371)An issue was\n discovered in the Linux kernel before 5.7.3, related to\n mm/gup.c and mm/huge_memory.c. The get_user_pages (aka\n gup) implementation, when used for a copy-on-write\n page, does not properly consider the semantics of read\n operations and therefore can grant unintended write\n access, aka CID-17839856fd58.(CVE-2020-29374)A flaw was\n found in the way RTAS handled memory accesses in\n userspace to kernel communication. On a locked down\n (usually due to Secure Boot) guest system running on\n top of PowerVM or KVM hypervisors (pseries platform) a\n root like local user could use this flaw to further\n increase their privileges to that of a running\n kernel.(CVE-2020-27777)In kbd_keycode of keyboard.c,\n there is a possible out of bounds write due to a\n missing bounds check. This could lead to local\n escalation of privilege with no additional execution\n privileges needed. User interaction is not needed for\n exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-144161459(CVE-2020-0431)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1039\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?92f0c0ab\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-18805\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.36-vhulk1907.1.0.h906\",\n \"kernel-devel-4.19.36-vhulk1907.1.0.h906\",\n \"kernel-headers-4.19.36-vhulk1907.1.0.h906\",\n \"kernel-tools-4.19.36-vhulk1907.1.0.h906\",\n \"kernel-tools-libs-4.19.36-vhulk1907.1.0.h906\",\n \"kernel-tools-libs-devel-4.19.36-vhulk1907.1.0.h906\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:09", "description": "The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4657-1 advisory.\n\n - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171 (CVE-2020-0427)\n\n - IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.\n (CVE-2020-4788)\n\n - Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key. (CVE-2020-10135)\n\n - Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access. (CVE-2020-12352)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of- bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2020-14390)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.\n Kernel versions before 5.10 may be vulnerable to this issue. (CVE-2020-25705)\n\n - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. (CVE-2020-28915)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-02T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4657-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0427", "CVE-2020-10135", "CVE-2020-12352", "CVE-2020-14351", "CVE-2020-14390", "CVE-2020-25211", "CVE-2020-25284", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-25705", "CVE-2020-28915", "CVE-2020-4788"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1082-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1084-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1118-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1142-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1146-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-197-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-197-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-197-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-xenial"], "id": "UBUNTU_USN-4657-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143433", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4657-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143433);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2020-0427\",\n \"CVE-2020-4788\",\n \"CVE-2020-10135\",\n \"CVE-2020-12352\",\n \"CVE-2020-14351\",\n \"CVE-2020-14390\",\n \"CVE-2020-25211\",\n \"CVE-2020-25284\",\n \"CVE-2020-25643\",\n \"CVE-2020-25645\",\n \"CVE-2020-25705\",\n \"CVE-2020-28915\"\n );\n script_xref(name:\"USN\", value:\"4657-1\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4657-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-4657-1 advisory.\n\n - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could\n lead to local information disclosure with no additional execution privileges needed. User interaction is\n not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171\n (CVE-2020-0427)\n\n - IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive\n information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.\n (CVE-2020-4788)\n\n - Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2\n and earlier may allow an unauthenticated user to complete authentication without pairing credentials via\n adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or\n slave to pair with a previously paired remote device to successfully complete the authentication procedure\n without knowing the link key. (CVE-2020-10135)\n\n - Improper access control in BlueZ may allow an unauthenticated user to potentially enable information\n disclosure via adjacent access. (CVE-2020-12352)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of-\n bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of\n the flaw, privilege escalation cannot be fully ruled out. (CVE-2020-14390)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could\n overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in\n ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete\n permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap\n rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption\n and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause\n the system to crash or cause a denial of service. The highest threat from this vulnerability is to data\n confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may\n be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE\n tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from\n this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows\n to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source\n port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly\n integrity, because software that relies on UDP source port randomization are indirectly affected as well.\n Kernel versions before 5.10 may be vulnerable to this issue. (CVE-2020-25705)\n\n - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be\n used by local attackers to read kernel memory, aka CID-6735b4632def. (CVE-2020-28915)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4657-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14351\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1082-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1084-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1118-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1142-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1146-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-197-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-197-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-197-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-xenial\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-0427', 'CVE-2020-4788', 'CVE-2020-10135', 'CVE-2020-12352', 'CVE-2020-14351', 'CVE-2020-14390', 'CVE-2020-25211', 'CVE-2020-25284', 'CVE-2020-25643', 'CVE-2020-25645', 'CVE-2020-25705', 'CVE-2020-28915');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4657-1');\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'linux-image-4.4.0-1084-kvm', 'pkgver': '4.4.0-1084.93'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.4.0-1118-aws', 'pkgver': '4.4.0-1118.132'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.4.0-1142-raspi2', 'pkgver': '4.4.0-1142.152'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.4.0-1146-snapdragon', 'pkgver': '4.4.0-1146.156'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.4.0-197-generic', 'pkgver': '4.4.0-197.229'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.4.0-197-generic-lpae', 'pkgver': '4.4.0-197.229'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.4.0-197-lowlatency', 'pkgver': '4.4.0-197.229'},\n {'osver': '16.04', 'pkgname': 'linux-image-aws', 'pkgver': '4.4.0.1118.123'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic', 'pkgver': '4.4.0.197.203'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lpae', 'pkgver': '4.4.0.197.203'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lpae-lts-utopic', 'pkgver': '4.4.0.197.203'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lpae-lts-vivid', 'pkgver': '4.4.0.197.203'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lpae-lts-wily', 'pkgver': '4.4.0.197.203'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lpae-lts-xenial', 'pkgver': '4.4.0.197.203'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lts-utopic', 'pkgver': '4.4.0.197.203'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lts-vivid', 'pkgver': '4.4.0.197.203'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lts-wily', 'pkgver': '4.4.0.197.203'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lts-xenial', 'pkgver': '4.4.0.197.203'},\n {'osver': '16.04', 'pkgname': 'linux-image-kvm', 'pkgver': '4.4.0.1084.82'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency', 'pkgver': '4.4.0.197.203'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency-lts-utopic', 'pkgver': '4.4.0.197.203'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency-lts-vivid', 'pkgver': '4.4.0.197.203'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency-lts-wily', 'pkgver': '4.4.0.197.203'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency-lts-xenial', 'pkgver': '4.4.0.197.203'},\n {'osver': '16.04', 'pkgname': 'linux-image-raspi2', 'pkgver': '4.4.0.1142.142'},\n {'osver': '16.04', 'pkgname': 'linux-image-snapdragon', 'pkgver': '4.4.0.1146.138'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual', 'pkgver': '4.4.0.197.203'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual-lts-utopic', 'pkgver': '4.4.0.197.203'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual-lts-vivid', 'pkgver': '4.4.0.197.203'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual-lts-wily', 'pkgver': '4.4.0.197.203'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual-lts-xenial', 'pkgver': '4.4.0.197.203'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-image-4.4.0-1084-kvm / linux-image-4.4.0-1118-aws / etc');\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:04:09", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.(CVE-2020-25656)\n\n - The time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by reading the /proc/timer_list file, related to the print_timer function in kernel/time/timer_list.c and the\n __timer_stats_timer_set_start_info function in kernel/time/timer.c.(CVE-2017-5967)\n\n - A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.\n Kernel versions before 5.10 may be vulnerable to this issue.(CVE-2020-25705)\n\n - In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:\n Android-10Android ID: A-153467744(CVE-2020-0305)\n\n - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:\n Android kernelAndroid ID: A-140550171(CVE-2020-0427)\n\n - A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest.(CVE-2020-2732)\n\n - In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel(CVE-2020-0404)\n\n - A stack information leak flaw was found in s390/s390x in the Linux kernel's memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data.(CVE-2020-10773)\n\n - Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.(CVE-2020-12352)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14351)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service.\n The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25643)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.(CVE-2020-25645)\n\n - In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-144161459(CVE-2020-0431)\n\n - In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-151939299(CVE-2020-0433)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-02-04T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : kernel (EulerOS-SA-2021-1200)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5967", "CVE-2020-0305", "CVE-2020-0404", "CVE-2020-0427", "CVE-2020-0431", "CVE-2020-0433", "CVE-2020-10773", "CVE-2020-12352", "CVE-2020-14351", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-25705", "CVE-2020-2732"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1200.NASL", "href": "https://www.tenable.com/plugins/nessus/146181", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146181);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2017-5967\",\n \"CVE-2020-0305\",\n \"CVE-2020-0404\",\n \"CVE-2020-0427\",\n \"CVE-2020-0431\",\n \"CVE-2020-0433\",\n \"CVE-2020-2732\",\n \"CVE-2020-10773\",\n \"CVE-2020-12352\",\n \"CVE-2020-14351\",\n \"CVE-2020-25643\",\n \"CVE-2020-25645\",\n \"CVE-2020-25656\",\n \"CVE-2020-25705\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"EulerOS 2.0 SP5 : kernel (EulerOS-SA-2021-1200)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in the Linux kernel. A use-after-free\n was found in the way the console subsystem was using\n ioctls KDGKBSENT and KDSKBSENT. A local user could use\n this flaw to get read memory access out of bounds. The\n highest threat from this vulnerability is to data\n confidentiality.(CVE-2020-25656)\n\n - The time subsystem in the Linux kernel through 4.9.9,\n when CONFIG_TIMER_STATS is enabled, allows local users\n to discover real PID values (as distinguished from PID\n values inside a PID namespace) by reading the\n /proc/timer_list file, related to the print_timer\n function in kernel/time/timer_list.c and the\n __timer_stats_timer_set_start_info function in\n kernel/time/timer.c.(CVE-2017-5967)\n\n - A flaw in the way reply ICMP packets are limited in the\n Linux kernel functionality was found that allows to\n quickly scan open UDP ports. This flaw allows an\n off-path remote user to effectively bypassing source\n port UDP randomization. The highest threat from this\n vulnerability is to confidentiality and possibly\n integrity, because software that relies on UDP source\n port randomization are indirectly affected as well.\n Kernel versions before 5.10 may be vulnerable to this\n issue.(CVE-2020-25705)\n\n - In cdev_get of char_dev.c, there is a possible\n use-after-free due to a race condition. This could lead\n to local escalation of privilege with System execution\n privileges needed. User interaction is not needed for\n exploitation.Product: AndroidVersions:\n Android-10Android ID: A-153467744(CVE-2020-0305)\n\n - In create_pinctrl of core.c, there is a possible out of\n bounds read due to a use after free. This could lead to\n local information disclosure with no additional\n execution privileges needed. User interaction is not\n needed for exploitation.Product: AndroidVersions:\n Android kernelAndroid ID: A-140550171(CVE-2020-0427)\n\n - A flaw was discovered in the way that the KVM\n hypervisor handled instruction emulation for an L2\n guest when nested virtualisation is enabled. Under some\n circumstances, an L2 guest may trick the L0 guest into\n accessing sensitive L1 resources that should be\n inaccessible to the L2 guest.(CVE-2020-2732)\n\n - In uvc_scan_chain_forward of uvc_driver.c, there is a\n possible linked list corruption due to an unusual root\n cause. This could lead to local escalation of privilege\n in the kernel with no additional execution privileges\n needed. User interaction is not needed for\n exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-111893654References: Upstream\n kernel(CVE-2020-0404)\n\n - A stack information leak flaw was found in s390/s390x\n in the Linux kernel's memory manager functionality,\n where it incorrectly writes to the\n /proc/sys/vm/cmm_timeout file. This flaw allows a local\n user to see the kernel data.(CVE-2020-10773)\n\n - Improper access control in BlueZ may allow an\n unauthenticated user to potentially enable information\n disclosure via adjacent access.(CVE-2020-12352)\n\n - A flaw was found in the Linux kernel. A use-after-free\n memory flaw was found in the perf subsystem allowing a\n local attacker with permission to monitor perf events\n to corrupt memory and possibly escalate privileges. The\n highest threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability.(CVE-2020-14351)\n\n - A flaw was found in the HDLC_PPP module of the Linux\n kernel in versions before 5.9-rc7. Memory corruption\n and a read overflow is caused by improper input\n validation in the ppp_cp_parse_cr function which can\n cause the system to crash or cause a denial of service.\n The highest threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability.(CVE-2020-25643)\n\n - A flaw was found in the Linux kernel in versions before\n 5.9-rc7. Traffic between two Geneve endpoints may be\n unencrypted when IPsec is configured to encrypt traffic\n for the specific UDP port used by the GENEVE tunnel\n allowing anyone between the two endpoints to read the\n traffic unencrypted. The main threat from this\n vulnerability is to data\n confidentiality.(CVE-2020-25645)\n\n - In kbd_keycode of keyboard.c, there is a possible out\n of bounds write due to a missing bounds check. This\n could lead to local escalation of privilege with no\n additional execution privileges needed. User\n interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-144161459(CVE-2020-0431)\n\n - In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is\n a possible use after free due to improper locking. This\n could lead to local escalation of privilege with no\n additional execution privileges needed. User\n interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-151939299(CVE-2020-0433)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1200\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ac6252fc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14351\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.5.h494.eulerosv2r7\",\n \"kernel-devel-3.10.0-862.14.1.5.h494.eulerosv2r7\",\n \"kernel-headers-3.10.0-862.14.1.5.h494.eulerosv2r7\",\n \"kernel-tools-3.10.0-862.14.1.5.h494.eulerosv2r7\",\n \"kernel-tools-libs-3.10.0-862.14.1.5.h494.eulerosv2r7\",\n \"perf-3.10.0-862.14.1.5.h494.eulerosv2r7\",\n \"python-perf-3.10.0-862.14.1.5.h494.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:36", "description": "The SUSE Linux Enterprise 15-SP1 RT kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-20669: Fixed an improper check i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c (bsc#1122971).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c (bsc#1179663).\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).\n\nCVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)\n\nCVE-2020-27786: Fixed a use after free in kernel midi subsystem snd_rawmidi_kernel_read1() (bsc#1179601).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095 (bsc#1178589).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-15T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3798-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20669", "CVE-2019-20934", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25669", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29371", "CVE-2020-4788"], "modified": "2020-12-17T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt", "p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt-base", "p-cpe:/a:novell:suse_linux:kernel-rt-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt-devel", "p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-3798-1.NASL", "href": "https://www.tenable.com/plugins/nessus/144259", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3798-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144259);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/17\");\n\n script_cve_id(\"CVE-2018-20669\", \"CVE-2019-20934\", \"CVE-2020-15436\", \"CVE-2020-15437\", \"CVE-2020-25669\", \"CVE-2020-27777\", \"CVE-2020-27786\", \"CVE-2020-28915\", \"CVE-2020-28974\", \"CVE-2020-29371\", \"CVE-2020-4788\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3798-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 15-SP1 RT kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-20669: Fixed an improper check i915_gem_execbuffer2_ioctl in\ndrivers/gpu/drm/i915/i915_gem_execbuffer.c (bsc#1122971).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because\nNUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c\n(bsc#1179663).\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c\nwhich could have allowed local users to gain privileges or cause a\ndenial of service (bsc#1179141).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have\nallowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit()\n(bsc#1178182).\n\nCVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)\n\nCVE-2020-27786: Fixed a use after free in kernel midi subsystem\nsnd_rawmidi_kernel_read1() (bsc#1179601).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could\nhave been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could\nhave been used by local attackers to read privileged information or\npotentially crash the kernel, aka CID-3c4e0dff2095 (bsc#1178589).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace\n(bsc#1179429).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have\nallowed a local user to obtain sensitive information from the data in\nthe L1 cache under extenuating circumstances (bsc#1177666).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1067665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104389\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122971\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139944\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175916\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176559\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176956\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177397\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178270\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178590\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178669\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178854\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178897\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178962\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179141\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179259\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179403\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179418\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179520\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179601\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179616\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179672\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179724\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20669/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-20934/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15436/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15437/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25669/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27777/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27786/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-28915/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-28974/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-29371/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-4788/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203798-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?84d49865\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Realtime 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-RT-15-SP1-2020-3798=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-debuginfo-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-debuginfo-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-debuginfo-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-base-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-base-debuginfo-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-debugsource-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-devel-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-devel-debuginfo-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debuginfo-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debugsource-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-debuginfo-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-syms-rt-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-debuginfo-4.12.14-14.44.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-02T15:36:18", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc.Security Fix(es):A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.(CVE-2020-25285)A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.(CVE-2020-14386)Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access.(CVE-2019-0147)A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/ nfs/ nfs4proc.c instead of fs/ nfs/ nfs4xdr.c, aka CID-b4487b935452.(CVE-2020-25212)A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service.\n The highest threat from this vulnerability is to system availability.(CVE-2020-14385)In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-111893654References: Upstream kernel(CVE-2020-0404)The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.(CVE-2020-25284)A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists.\n The highest threat from this vulnerability is to system availability.(CVE-2020-14314)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-10-09T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : kernel (EulerOS-SA-2020-2166)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0147", "CVE-2020-0404", "CVE-2020-14314", "CVE-2020-14385", "CVE-2020-14386", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2166.NASL", "href": "https://www.tenable.com/plugins/nessus/141332", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141332);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/02\");\n\n script_cve_id(\n \"CVE-2019-0147\",\n \"CVE-2020-0404\",\n \"CVE-2020-14314\",\n \"CVE-2020-14385\",\n \"CVE-2020-14386\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : kernel (EulerOS-SA-2020-2166)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):A race condition between\n hugetlb sysctl handlers in mm/hugetlb.c in the Linux\n kernel before 5.8.8 could be used by local attackers to\n corrupt memory, cause a NULL pointer dereference, or\n possibly have unspecified other impact, aka\n CID-17743798d812.(CVE-2020-25285)A flaw was found in\n the Linux kernel before 5.9-rc4. Memory corruption can\n be exploited to gain root privileges from unprivileged\n processes. The highest threat from this vulnerability\n is to data confidentiality and\n integrity.(CVE-2020-14386)Insufficient input validation\n in i40e driver for Intel(R) Ethernet 700 Series\n Controllers versions before 7.0 may allow an\n authenticated user to potentially enable a denial of\n service via local access.(CVE-2019-0147)A TOCTOU\n mismatch in the NFS client code in the Linux kernel\n before 5.8.3 could be used by local attackers to\n corrupt memory or possibly have unspecified other\n impact because a size check is in fs/ nfs/ nfs4proc.c\n instead of fs/ nfs/ nfs4xdr.c, aka\n CID-b4487b935452.(CVE-2020-25212)A flaw was found in\n the Linux kernel before 5.9-rc4. A failure of the file\n system metadata validator in XFS can cause an inode\n with a valid, user-creatable extended attribute to be\n flagged as corrupt. This can lead to the filesystem\n being shutdown, or otherwise rendered inaccessible\n until it is remounted, leading to a denial of service.\n The highest threat from this vulnerability is to system\n availability.(CVE-2020-14385)In uvc_scan_chain_forward\n of uvc_driver.c, there is a possible linked list\n corruption due to an unusual root cause. This could\n lead to local escalation of privilege in the kernel\n with no additional execution privileges needed. User\n interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-111893654References: Upstream\n kernel(CVE-2020-0404)The rbd block device driver in\n drivers/block/rbd.c in the Linux kernel through 5.8.9\n used incomplete permission checking for access to rbd\n devices, which could be leveraged by local attackers to\n map or unmap rbd block devices, aka\n CID-f44d04e696fe.(CVE-2020-25284)A memory out-of-bounds\n read flaw was found in the Linux kernel before 5.9-rc2\n with the ext3/ext4 file system, in the way it accesses\n a directory with broken indexing. This flaw allows a\n local user to crash the system if the directory exists.\n The highest threat from this vulnerability is to system\n availability.(CVE-2020-14314)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2166\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?af285e64\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.90-vhulk2009.2.0.h269.eulerosv2r9\",\n \"kernel-tools-4.19.90-vhulk2009.2.0.h269.eulerosv2r9\",\n \"kernel-tools-libs-4.19.90-vhulk2009.2.0.h269.eulerosv2r9\",\n \"python3-perf-4.19.90-vhulk2009.2.0.h269.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:06:24", "description": "The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4752-1 advisory.\n\n - Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key. (CVE-2020-10135)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.\n (CVE-2020-15436)\n\n - The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized. (CVE-2020-15437)\n\n - Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ. (CVE-2020-24490)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability. (CVE-2020-25641)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. (CVE-2020-25704)\n\n - An issue was discovered in ioapic_lazy_update_eoi in arch/x86/kvm/ioapic.c in the Linux kernel before 5.9.2. It has an infinite loop related to improper interaction between a resampler and edge triggering, aka CID-77377064c3a9. (CVE-2020-27152)\n\n - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. (CVE-2020-28915)\n\n - An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1. (CVE-2020-29368)\n\n - An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe. (CVE-2020-29369)\n\n - An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4.\n Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd. (CVE-2020-29371)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-23T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-4752-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10135", "CVE-2020-14314", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-24490", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25641", "CVE-2020-25643", "CVE-2020-25704", "CVE-2020-27152", "CVE-2020-27815", "CVE-2020-28588", "CVE-2020-28915", "CVE-2020-29368", "CVE-2020-29369", "CVE-2020-29371", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-35508"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.6.0-1048-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04"], "id": "UBUNTU_USN-4752-1.NASL", "href": "https://www.tenable.com/plugins/nessus/147982", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4752-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147982);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2020-10135\",\n \"CVE-2020-14314\",\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-24490\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25641\",\n \"CVE-2020-25643\",\n \"CVE-2020-25704\",\n \"CVE-2020-27152\",\n \"CVE-2020-27815\",\n \"CVE-2020-28588\",\n \"CVE-2020-28915\",\n \"CVE-2020-29368\",\n \"CVE-2020-29369\",\n \"CVE-2020-29371\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-35508\"\n );\n script_xref(name:\"USN\", value:\"4752-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-4752-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-4752-1 advisory.\n\n - Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2\n and earlier may allow an unauthenticated user to complete authentication without pairing credentials via\n adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or\n slave to pair with a previously paired remote device to successfully complete the authentication procedure\n without knowing the link key. (CVE-2020-10135)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file\n system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash\n the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain\n privileges or cause a denial of service by leveraging improper access to a certain error field.\n (CVE-2020-15436)\n\n - The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in\n drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial\n of service by using the p->serial_in pointer which uninitialized. (CVE-2020-15437)\n\n - Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of\n service via adjacent access. This affects all Linux kernel versions that support BlueZ. (CVE-2020-24490)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers\n to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c\n instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete\n permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap\n rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length\n biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a\n denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block\n device, resulting in a denial of service. The highest threat from this vulnerability is to system\n availability. (CVE-2020-25641)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption\n and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause\n the system to crash or cause a denial of service. The highest threat from this vulnerability is to data\n confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using\n PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of\n service. (CVE-2020-25704)\n\n - An issue was discovered in ioapic_lazy_update_eoi in arch/x86/kvm/ioapic.c in the Linux kernel before\n 5.9.2. It has an infinite loop related to improper interaction between a resampler and edge triggering,\n aka CID-77377064c3a9. (CVE-2020-27152)\n\n - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be\n used by local attackers to read kernel memory, aka CID-6735b4632def. (CVE-2020-28915)\n\n - An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The\n copy-on-write implementation can grant unintended write access because of a race condition in a THP\n mapcount check, aka CID-c444eb564fb1. (CVE-2020-29368)\n\n - An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between\n certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an\n munmap call, aka CID-246c320a8cfe. (CVE-2020-29369)\n\n - An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4.\n Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd. (CVE-2020-29371)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID,\n aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4752-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected linux-image-5.6.0-1048-oem and / or linux-image-oem-20.04 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-29661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.6.0-1048-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-10135', 'CVE-2020-14314', 'CVE-2020-15436', 'CVE-2020-15437', 'CVE-2020-24490', 'CVE-2020-25212', 'CVE-2020-25284', 'CVE-2020-25641', 'CVE-2020-25643', 'CVE-2020-25704', 'CVE-2020-27152', 'CVE-2020-27815', 'CVE-2020-28588', 'CVE-2020-28915', 'CVE-2020-29368', 'CVE-2020-29369', 'CVE-2020-29371', 'CVE-2020-29660', 'CVE-2020-29661', 'CVE-2020-35508');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4752-1');\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'osver': '20.04', 'pkgname': 'linux-image-5.6.0-1048-oem', 'pkgver': '5.6.0-1048.52'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem-20.04', 'pkgver': '5.6.0.1048.44'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-image-5.6.0-1048-oem / linux-image-oem-20.04');\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:14", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:\n Android-10Android ID: A-153467744(CVE-2020-0305)\n\n - A flaw was found in the Linux kernel's implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14331)\n\n - To mitigate this issue, prevent the module nouveau from being loaded. Please see <a href='https://access.redhat.com/solutions/41278'>https:\n //access.redhat.com/solutions/41278</a> for information on how to blacklist a kernel module to prevent it from loading automatically.(CVE-2020-27820)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14351)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service.\n The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25643)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.(CVE-2020-25645)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.6 : kernel (EulerOS-SA-2021-1454)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0305", "CVE-2020-12352", "CVE-2020-14331", "CVE-2020-14351", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-25705", "CVE-2020-27820"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-source", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-debuginfo", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:perf-debuginfo", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:python-perf-debuginfo", "cpe:/o:huawei:euleros:uvp:3.0.6.6"], "id": "EULEROS_SA-2021-1454.NASL", "href": "https://www.tenable.com/plugins/nessus/147559", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147559);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-0305\",\n \"CVE-2020-12352\",\n \"CVE-2020-14331\",\n \"CVE-2020-14351\",\n \"CVE-2020-25643\",\n \"CVE-2020-25645\",\n \"CVE-2020-25705\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"EulerOS Virtualization 3.0.6.6 : kernel (EulerOS-SA-2021-1454)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - In cdev_get of char_dev.c, there is a possible\n use-after-free due to a race condition. This could lead\n to local escalation of privilege with System execution\n privileges needed. User interaction is not needed for\n exploitation.Product: AndroidVersions:\n Android-10Android ID: A-153467744(CVE-2020-0305)\n\n - A flaw was found in the Linux kernel's implementation\n of the invert video code on VGA consoles when a local\n attacker attempts to resize the console, calling an\n ioctl VT_RESIZE, which causes an out-of-bounds write to\n occur. This flaw allows a local user with access to the\n VGA console to crash the system, potentially escalating\n their privileges on the system. The highest threat from\n this vulnerability is to data confidentiality and\n integrity as well as system\n availability.(CVE-2020-14331)\n\n - To mitigate this issue, prevent the module nouveau from\n being loaded. Please see <a\n href='https://access.redhat.com/solutions/41278'>https:\n //access.redhat.com/solutions/41278</a> for information\n on how to blacklist a kernel module to prevent it from\n loading automatically.(CVE-2020-27820)\n\n - A flaw was found in the Linux kernel. A use-after-free\n memory flaw was found in the perf subsystem allowing a\n local attacker with permission to monitor perf events\n to corrupt memory and possibly escalate privileges. The\n highest threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability.(CVE-2020-14351)\n\n - A flaw was found in the HDLC_PPP module of the Linux\n kernel in versions before 5.9-rc7. Memory corruption\n and a read overflow is caused by improper input\n validation in the ppp_cp_parse_cr function which can\n cause the system to crash or cause a denial of service.\n The highest threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability.(CVE-2020-25643)\n\n - A flaw was found in the Linux kernel in versions before\n 5.9-rc7. Traffic between two Geneve endpoints may be\n unencrypted when IPsec is configured to encrypt traffic\n for the specific UDP port used by the GENEVE tunnel\n allowing anyone between the two endpoints to read the\n traffic unencrypted. The main threat from this\n vulnerability is to data\n confidentiality.(CVE-2020-25645)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1454\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7f469041\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14351\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.6_122\",\n \"kernel-debuginfo-3.10.0-862.14.1.6_122\",\n \"kernel-debuginfo-common-x86_64-3.10.0-862.14.1.6_122\",\n \"kernel-devel-3.10.0-862.14.1.6_122\",\n \"kernel-headers-3.10.0-862.14.1.6_122\",\n \"kernel-source-3.10.0-862.14.1.6_122\",\n \"kernel-tools-3.10.0-862.14.1.6_122\",\n \"kernel-tools-debuginfo-3.10.0-862.14.1.6_122\",\n \"kernel-tools-libs-3.10.0-862.14.1.6_122\",\n \"kernel-tools-libs-devel-3.10.0-862.14.1.6_122\",\n \"perf-3.10.0-862.14.1.6_122\",\n \"perf-debuginfo-3.10.0-862.14.1.6_122\",\n \"python-perf-3.10.0-862.14.1.6_122\",\n \"python-perf-debuginfo-3.10.0-862.14.1.6_122\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:07:34", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1495 advisory.\n\n - In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure. (CVE-2019-19448)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - A flaw was found in the Linux kernels implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14331)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. (CVE-2020-25285)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-01T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALAS-2020-1495)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19448", "CVE-2020-14314", "CVE-2020-14331", "CVE-2020-25211", "CVE-2020-25212", "CVE-2020-25285"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-livepatch-4.14.198-152.320", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2020-1495.NASL", "href": "https://www.tenable.com/plugins/nessus/141106", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1495.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141106);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\n \"CVE-2019-19448\",\n \"CVE-2020-14314\",\n \"CVE-2020-14331\",\n \"CVE-2020-25211\",\n \"CVE-2020-25212\",\n \"CVE-2020-25285\"\n );\n script_xref(name:\"ALAS\", value:\"2020-1495\");\n\n script_name(english:\"Amazon Linux 2 : kernel (ALAS-2020-1495)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the ALAS2-2020-1495 advisory.\n\n - In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some\n operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in\n fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to\n a right data structure. (CVE-2019-19448)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file\n system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash\n the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - A flaw was found in the Linux kernels implementation of the invert video code on VGA consoles when a\n local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds\n write to occur. This flaw allows a local user with access to the VGA console to crash the system,\n potentially escalating their privileges on the system. The highest threat from this vulnerability is to\n data confidentiality and integrity as well as system availability. (CVE-2020-14331)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could\n overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in\n ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers\n to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c\n instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be\n used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified\n other impact, aka CID-17743798d812. (CVE-2020-25285)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1495.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14314\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25212\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25285\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14331\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-19448\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-4.14.198-152.320\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n cve_list = make_list(\"CVE-2019-19448\", \"CVE-2020-14314\", \"CVE-2020-14331\", \"CVE-2020-25211\", \"CVE-2020-25212\", \"CVE-2020-25285\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALAS-2020-1495\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\npkgs = [\n {'reference':'kernel-4.14.198-152.320.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-4.14.198-152.320.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-debuginfo-4.14.198-152.320.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-debuginfo-4.14.198-152.320.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-debuginfo-common-aarch64-4.14.198-152.320.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-debuginfo-common-x86_64-4.14.198-152.320.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-devel-4.14.198-152.320.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-devel-4.14.198-152.320.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-headers-4.14.198-152.320.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-headers-4.14.198-152.320.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'kernel-headers-4.14.198-152.320.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-livepatch-4.14.198-152.320-1.0-0.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-tools-4.14.198-152.320.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-tools-4.14.198-152.320.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-tools-debuginfo-4.14.198-152.320.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-tools-debuginfo-4.14.198-152.320.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-tools-devel-4.14.198-152.320.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-tools-devel-4.14.198-152.320.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'perf-4.14.198-152.320.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'perf-4.14.198-152.320.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'perf-debuginfo-4.14.198-152.320.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'perf-debuginfo-4.14.198-152.320.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'python-perf-4.14.198-152.320.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'python-perf-4.14.198-152.320.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'python-perf-debuginfo-4.14.198-152.320.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'python-perf-debuginfo-4.14.198-152.320.amzn2', 'cpu':'x86_64', 'release':'AL2'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:13:53", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4658-1 advisory.\n\n - In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-161151868References: N/A (CVE-2020-0423)\n\n - IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.\n (CVE-2020-4788)\n\n - Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key. (CVE-2020-10135)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of- bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2020-14390)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.\n Kernel versions before 5.10 may be vulnerable to this issue. (CVE-2020-25705)\n\n - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. (CVE-2020-28915)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-02T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4658-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0423", "CVE-2020-10135", "CVE-2020-14351", "CVE-2020-14390", "CVE-2020-25211", "CVE-2020-25284", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-25705", "CVE-2020-28915", "CVE-2020-4788"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1028-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1030-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1030-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1030-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1032-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-56-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-56-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-56-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-osp1", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04"], "id": "UBUNTU_USN-4658-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143431", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4658-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143431);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2020-0423\",\n \"CVE-2020-4788\",\n \"CVE-2020-10135\",\n \"CVE-2020-14351\",\n \"CVE-2020-14390\",\n \"CVE-2020-25211\",\n \"CVE-2020-25284\",\n \"CVE-2020-25643\",\n \"CVE-2020-25645\",\n \"CVE-2020-25705\",\n \"CVE-2020-28915\"\n );\n script_xref(name:\"USN\", value:\"4658-1\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4658-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-4658-1 advisory.\n\n - In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could\n lead to local escalation of privilege in the kernel with no additional execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-161151868References: N/A (CVE-2020-0423)\n\n - IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive\n information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.\n (CVE-2020-4788)\n\n - Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2\n and earlier may allow an unauthenticated user to complete authentication without pairing credentials via\n adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or\n slave to pair with a previously paired remote device to successfully complete the authentication procedure\n without knowing the link key. (CVE-2020-10135)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of-\n bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of\n the flaw, privilege escalation cannot be fully ruled out. (CVE-2020-14390)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could\n overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in\n ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete\n permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap\n rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption\n and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause\n the system to crash or cause a denial of service. The highest threat from this vulnerability is to data\n confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may\n be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE\n tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from\n this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows\n to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source\n port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly\n integrity, because software that relies on UDP source port randomization are indirectly affected as well.\n Kernel versions before 5.10 may be vulnerable to this issue. (CVE-2020-25705)\n\n - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be\n used by local attackers to read kernel memory, aka CID-6735b4632def. (CVE-2020-28915)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4658-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-14351\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1028-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1030-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1030-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1030-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1032-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-56-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-56-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-56-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-osp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04|20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-0423', 'CVE-2020-4788', 'CVE-2020-10135', 'CVE-2020-14351', 'CVE-2020-14390', 'CVE-2020-25211', 'CVE-2020-25284', 'CVE-2020-25643', 'CVE-2020-25645', 'CVE-2020-25705', 'CVE-2020-28915');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4658-1');\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1030-aws', 'pkgver': '5.4.0-1030.31~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1030-gcp', 'pkgver': '5.4.0-1030.32~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1030-oracle', 'pkgver': '5.4.0-1030.32~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1032-azure', 'pkgver': '5.4.0-1032.33~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-56-generic', 'pkgver': '5.4.0-56.62~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-56-generic-lpae', 'pkgver': '5.4.0-56.62~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-56-lowlatency', 'pkgver': '5.4.0-56.62~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-aws', 'pkgver': '5.4.0.1030.15'},\n {'osver': '18.04', 'pkgname': 'linux-image-aws-edge', 'pkgver': '5.4.0.1030.15'},\n {'osver': '18.04', 'pkgname': 'linux-image-azure', 'pkgver': '5.4.0.1032.14'},\n {'osver': '18.04', 'pkgname': 'linux-image-azure-edge', 'pkgver': '5.4.0.1032.14'},\n {'osver': '18.04', 'pkgname': 'linux-image-gcp', 'pkgver': '5.4.0.1030.18'},\n {'osver': '18.04', 'pkgname': 'linux-image-gcp-edge', 'pkgver': '5.4.0.1030.18'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-hwe-18.04', 'pkgver': '5.4.0.56.62~18.04.50'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-hwe-18.04-edge', 'pkgver': '5.4.0.56.62~18.04.50'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.56.62~18.04.50'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.56.62~18.04.50'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04', 'pkgver': '5.4.0.56.62~18.04.50'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.56.62~18.04.50'},\n {'osver': '18.04', 'pkgname': 'linux-image-oem-osp1', 'pkgver': '5.4.0.56.62~18.04.50'},\n {'osver': '18.04', 'pkgname': 'linux-image-oracle', 'pkgver': '5.4.0.1030.14'},\n {'osver': '18.04', 'pkgname': 'linux-image-oracle-edge', 'pkgver': '5.4.0.1030.14'},\n {'osver': '18.04', 'pkgname': 'linux-image-snapdragon-hwe-18.04', 'pkgver': '5.4.0.56.62~18.04.50'},\n {'osver': '18.04', 'pkgname': 'linux-image-snapdragon-hwe-18.04-edge', 'pkgver': '5.4.0.56.62~18.04.50'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual-hwe-18.04', 'pkgver': '5.4.0.56.62~18.04.50'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.56.62~18.04.50'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1028-kvm', 'pkgver': '5.4.0-1028.29'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1030-aws', 'pkgver': '5.4.0-1030.31'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1030-gcp', 'pkgver': '5.4.0-1030.32'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1030-oracle', 'pkgver': '5.4.0-1030.32'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1032-azure', 'pkgver': '5.4.0-1032.33'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-56-generic', 'pkgver': '5.4.0-56.62'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-56-generic-lpae', 'pkgver': '5.4.0-56.62'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-56-lowlatency', 'pkgver': '5.4.0-56.62'},\n {'osver': '20.04', 'pkgname': 'linux-image-aws', 'pkgver': '5.4.0.1030.31'},\n {'osver': '20.04', 'pkgname': 'linux-image-azure', 'pkgver': '5.4.0.1032.30'},\n {'osver': '20.04', 'pkgname': 'linux-image-gcp', 'pkgver': '5.4.0.1030.38'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic', 'pkgver': '5.4.0.56.59'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-hwe-18.04', 'pkgver': '5.4.0.56.59'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-hwe-18.04-edge', 'pkgver': '5.4.0.56.59'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-hwe-20.04', 'pkgver': '5.4.0.56.59'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae', 'pkgver': '5.4.0.56.59'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.56.59'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.56.59'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae-hwe-20.04', 'pkgver': '5.4.0.56.59'},\n {'osver': '20.04', 'pkgname': 'linux-image-gke', 'pkgver': '5.4.0.1030.38'},\n {'osver': '20.04', 'pkgname': 'linux-image-kvm', 'pkgver': '5.4.0.1028.26'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency', 'pkgver': '5.4.0.56.59'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04', 'pkgver': '5.4.0.56.59'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.56.59'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency-hwe-20.04', 'pkgver': '5.4.0.56.59'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem', 'pkgver': '5.4.0.56.59'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem-osp1', 'pkgver': '5.4.0.56.59'},\n {'osver': '20.04', 'pkgname': 'linux-image-oracle', 'pkgver': '5.4.0.1030.27'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual', 'pkgver': '5.4.0.56.59'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual-hwe-18.04', 'pkgver': '5.4.0.56.59'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.56.59'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual-hwe-20.04', 'pkgver': '5.4.0.56.59'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-image-5.4.0-1028-kvm / linux-image-5.4.0-1030-aws / etc');\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:29", "description": "The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-29371: An issue was discovered in romfs_dev_read in fs/romfs/storage.c where uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd (bnc#1179429).\n\n - CVE-2020-15436: Use-after-free vulnerability in fs/block_dev.c allowed local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field (bnc#1179141).\n\n - CVE-2020-4788: IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296 (bnc#1177666).\n\n - CVE-2018-20669: An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c, where a local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation (bnc#1122971).\n\n - CVE-2020-15437: The Linux kernel was vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ ports() that allowed local users to cause a denial of service by using the p->serial_in pointer which uninitialized (bnc#1179140).\n\n - CVE-2020-27777: Restrict RTAS requests from userspace (CVE-2020-27777 bsc#1179107).\n\n - CVE-2020-28974: A slab-out-of-bounds read in fbcon could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height (bnc#1178589).\n\nThe following non-security bugs were fixed :\n\n - ACPI: GED: fix -Wformat (git-fixes).\n\n - ALSA: ctl: fix error path at adding user-defined element set (git-fixes).\n\n - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes).\n\n - ALSA: mixart: Fix mutex deadlock (git-fixes).\n\n - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes).\n\n - Bluetooth: btusb: Fix and detect most of the Chinese Bluetooth controllers (git-fixes).\n\n - Bluetooth: hci_bcm: fix freeing not-requested IRQ (git-fixes).\n\n - Convert trailing spaces and periods in path components (bsc#1179424).\n\n - Drivers: hv: vmbus: Remove the unused 'tsc_page' from struct hv_context (git-fixes).\n\n - IB/cma: Fix ports memory leak in cma_configfs (bsc#1111666)\n\n - IB/core: Set qp->real_qp before it may be accessed (bsc#1111666)\n\n - IB/hfi1, qib: Ensure RCU is locked when accessing list (bsc#1111666)\n\n - IB/hfi1: Add RcvShortLengthErrCnt to hfi1stats (bsc#1111666)\n\n - IB/hfi1: Add missing INVALIDATE opcodes for trace (bsc#1111666)\n\n - IB/hfi1: Add software counter for ctxt0 seq drop (bsc#1111666)\n\n - IB/hfi1: Avoid hardlockup with flushlist_lock (bsc#1111666)\n\n - IB/hfi1: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666)\n\n - IB/hfi1: Check for error on call to alloc_rsm_map_table (bsc#1111666)\n\n - IB/hfi1: Close PSM sdma_progress sleep window (bsc#1111666)\n\n - IB/hfi1: Define variables as unsigned long to fix KASAN warning (bsc#1111666)\n\n - IB/hfi1: Ensure full Gen3 speed in a Gen4 system (bsc#1111666)\n\n - IB/hfi1: Fix Spectre v1 vulnerability (bsc#1111666)\n\n - IB/hfi1: Fix memory leaks in sysfs registration and unregistration (bsc#1111666)\n\n - IB/hfi1: Handle port down properly in pio (bsc#1111666)\n\n - IB/hfi1: Handle wakeup of orphaned QPs for pio (bsc#1111666)\n\n - IB/hfi1: Insure freeze_work work_struct is canceled on shutdown (bsc#1111666)\n\n - IB/hfi1: Remove unused define (bsc#1111666)\n\n - IB/hfi1: Silence txreq allocation warnings (bsc#1111666)\n\n - IB/hfi1: Validate page aligned for a given virtual address (bsc#1111666)\n\n - IB/hfi1: Wakeup QPs orphaned on wait list after flush (bsc#1111666)\n\n - IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (bsc#1111666)\n\n - IB/ipoib: Fix for use-after-free in ipoib_cm_tx_start (bsc#1111666)\n\n - IB/ipoib: drop useless LIST_HEAD (bsc#1111666)\n\n - IB/iser: Fix dma_nents type definition (bsc#1111666)\n\n - IB/iser: Pass the correct number of entries for dma mapped SGL (bsc#1111666)\n\n - IB/mad: Fix use-after-free in ib mad completion handling (bsc#1111666)\n\n - IB/mlx4: Add and improve logging (bsc#1111666)\n\n - IB/mlx4: Add support for MRA (bsc#1111666)\n\n - IB/mlx4: Adjust delayed work when a dup is observed (bsc#1111666)\n\n - IB/mlx4: Fix leak in id_map_find_del (bsc#1111666)\n\n - IB/mlx4: Fix memory leak in add_gid error flow (bsc#1111666)\n\n - IB/mlx4: Fix race condition between catas error reset and aliasguid flows (bsc#1111666)\n\n - IB/mlx4: Fix starvation in paravirt mux/demux (bsc#1111666)\n\n - IB/mlx4: Follow mirror sequence of device add during device removal (bsc#1111666)\n\n - IB/mlx4: Remove unneeded NULL check (bsc#1111666)\n\n - IB/mlx4: Test return value of calls to ib_get_cached_pkey (bsc#1111666)\n\n - IB/mlx5: Add missing XRC options to QP optional params mask (bsc#1111666)\n\n - IB/mlx5: Compare only index part of a memory window rkey (bsc#1111666)\n\n - IB/mlx5: Do not override existing ip_protocol (bsc#1111666)\n\n - IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification (bsc#1111666)\n\n - IB/mlx5: Fix clean_mr() to work in the expected order (bsc#1111666)\n\n - IB/mlx5: Fix implicit MR release flow (bsc#1111666)\n\n - IB/mlx5: Fix outstanding_pi index for GSI qps (bsc#1111666)\n\n - IB/mlx5: Fix unreg_umr to ignore the mkey state (bsc#1111666)\n\n - IB/mlx5: Improve ODP debugging messages (bsc#1111666)\n\n - IB/mlx5: Move MRs to a kernel PD when freeing them to the MR cache (bsc#1111666)\n\n - IB/mlx5: Prevent concurrent MR updates during invalidation (bsc#1111666)\n\n - IB/mlx5: Reset access mask when looping inside page fault handler (bsc#1111666)\n\n - IB/mlx5: Set correct write permissions for implicit ODP MR (bsc#1111666)\n\n - IB/mlx5: Use direct mkey destroy command upon UMR unreg failure (bsc#1111666)\n\n - IB/mlx5: Use fragmented QP's buffer for in-kernel users (bsc#1111666)\n\n - IB/mlx5: WQE dump jumps over first 16 bytes (bsc#1111666)\n\n - IB/mthca: fix return value of error branch in mthca_init_cq() (bsc#1111666)\n\n - IB/qib: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666)\n\n - IB/qib: Fix an error code in qib_sdma_verbs_send() (bsc#1111666)\n\n - IB/qib: Remove a set-but-not-used variable (bsc#1111666)\n\n - IB/rdmavt: Convert timers to use timer_setup() (bsc#1111666)\n\n - IB/rdmavt: Fix alloc_qpn() WARN_ON() (bsc#1111666)\n\n - IB/rdmavt: Fix sizeof mismatch (bsc#1111666)\n\n - IB/rdmavt: Reset all QPs when the device is shut down (bsc#1111666)\n\n - IB/rxe: Fix incorrect cache cleanup in error flow (bsc#1111666)\n\n - IB/rxe: Make counters thread safe (bsc#1111666)\n\n - IB/srpt: Fix memory leak in srpt_add_one (bsc#1111666)\n\n - IB/umad: Avoid additional device reference during open()/close() (bsc#1111666)\n\n - IB/umad: Avoid destroying device while it is accessed (bsc#1111666)\n\n - IB/umad: Do not check status of nonseekable_open() (bsc#1111666)\n\n - IB/umad: Fix kernel crash while unloading ib_umad (bsc#1111666)\n\n - IB/umad: Refactor code to use cdev_device_add() (bsc#1111666)\n\n - IB/umad: Simplify and avoid dynamic allocation of class (bsc#1111666)\n\n - IB/usnic: Fix out of bounds index check in query pkey (bsc#1111666)\n\n - IB/uverbs: Fix OOPs upon device disassociation (bsc#1111666)\n\n - IB/(hfi1, qib): Fix WC.byte_len calculation for UD_SEND_WITH_IMM (bsc#1111666)\n\n - IB/(qib, hfi1, rdmavt): Correct ibv_devinfo max_mr value (bsc#1111666)\n\n - KVM host: kabi fixes for psci_version (bsc#1174726).\n\n - KVM: arm64: Add missing #include of <linux/string.h> in guest.c (bsc#1174726).\n\n - KVM: arm64: Factor out core register ID enumeration (bsc#1174726).\n\n - KVM: arm64: Filter out invalid core register IDs in KVM_GET_REG_LIST (bsc#1174726).\n\n - KVM: arm64: Refactor kvm_arm_num_regs() for easier maintenance (bsc#1174726).\n\n - KVM: arm64: Reject ioctl access to FPSIMD V-regs on SVE vcpus (bsc#1174726).\n\n - NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304).\n\n - NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139).\n\n - PCI: pci-hyperv: Fix build errors on non-SYSFS config (git-fixes).\n\n - RDMA/bnxt_re: Fix Send Work Entry state check while polling completions (bsc#1111666)\n\n - RDMA/bnxt_re: Fix lifetimes in bnxt_re_task (bsc#1111666)\n\n - RDMA/bnxt_re: Fix sizeof mismatch for allocation of pbl_tbl. (bsc#1111666)\n\n - RDMA/bnxt_re: Fix stack-out-of-bounds in bnxt_qplib_rcfw_send_message (bsc#1111666)\n\n - RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (bsc#1111666)\n\n - RDMA/cm: Fix checking for allowed duplicate listens (bsc#1111666)\n\n - RDMA/cm: Remove a race freeing timewait_info (bsc#1111666)\n\n - RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow (bsc#1111666)\n\n - RDMA/cma: Fix false error message (bsc#1111666)\n\n - RDMA/cma: Protect bind_list and listen_list while finding matching cm id (bsc#1111666)\n\n - RDMA/cma: add missed unregister_pernet_subsys in init failure (bsc#1111666)\n\n - RDMA/cma: fix null-ptr-deref Read in cma_cleanup (bsc#1111666)\n\n - RDMA/core: Do not depend device ODP capabilities on kconfig option (bsc#1111666)\n\n - RDMA/core: Fix invalid memory access in spec_filter_size (bsc#1111666)\n\n - RDMA/core: Fix locking in ib_uverbs_event_read (bsc#1111666)\n\n - RDMA/core: Fix protection fault in ib_mr_pool_destroy (bsc#1111666)\n\n - RDMA/core: Fix race between destroy and release FD object (bsc#1111666)\n\n - RDMA/core: Fix race when resolving IP address (bsc#1111666)\n\n - RDMA/core: Prevent mixed use of FDs between shared ufiles (bsc#1111666)\n\n - RDMA/cxgb3: Delete and properly mark unimplemented resize CQ function (bsc#1111666)\n\n - RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN (bsc#1111666)\n\n - RDMA/hns: Correct typo of hns_roce_create_cq() (bsc#1111666)\n\n - RDMA/hns: Remove unsupported modify_port callback (bsc#1111666)\n\n - RDMA/hns: Set the unsupported wr opcode (bsc#1111666)\n\n - RDMA/i40iw: Set queue pair state when being queried (bsc#1111666)\n\n - RDMA/i40iw: fix a potential NULL pointer dereference (bsc#1111666)\n\n - RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah() (bsc#1111666)\n\n - RDMA/ipoib: Remove check for ETH_SS_TEST (bsc#1111666)\n\n - RDMA/ipoib: Return void from ipoib_ib_dev_stop() (bsc#1111666)\n\n - RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces (bsc#1111666)\n\n - RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case (bsc#1111666)\n\n - RDMA/iw_cxgb4: Fix the unchecked ep dereference (bsc#1111666)\n\n - RDMA/iwcm: Fix a lock inversion issue (bsc#1111666)\n\n - RDMA/iwcm: Fix iwcm work deallocation (bsc#1111666)\n\n - RDMA/iwcm: move iw_rem_ref() calls out of spinlock (bsc#1111666)\n\n - RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() (bsc#1111666)\n\n - RDMA/mlx4: Initialize ib_spec on the stack (bsc#1111666)\n\n - RDMA/mlx4: Read pkey table length instead of hardcoded value (bsc#1111666)\n\n - RDMA/mlx5: Clear old rate limit when closing QP (bsc#1111666)\n\n - RDMA/mlx5: Delete unreachable handle_atomic code by simplifying SW completion (bsc#1111666)\n\n - RDMA/mlx5: Fix a race with mlx5_ib_update_xlt on an implicit MR (bsc#1111666)\n\n - RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (bsc#1111666)\n\n - RDMA/mlx5: Fix function name typo 'fileds' -> 'fields' (bsc#1111666)\n\n - RDMA/mlx5: Return proper error value (bsc#1111666)\n\n - RDMA/mlx5: Set GRH fields in query QP on RoCE (bsc#1111666)\n\n - RDMA/mlx5: Verify that QP is created with RQ or SQ (bsc#1111666)\n\n - RDMA/nes: Remove second wait queue initialization call (bsc#1111666)\n\n - RDMA/netlink: Do not always generate an ACK for some netlink operations (bsc#1111666)\n\n - RDMA/ocrdma: Fix out of bounds index check in query pkey (bsc#1111666)\n\n - RDMA/ocrdma: Remove unsupported modify_port callback (bsc#1111666)\n\n - RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (bsc#1111666)\n\n - RDMA/qedr: Endianness warnings cleanup (bsc#1111666)\n\n - RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532 (bsc#1050545).\n\n - RDMA/qedr: Fix doorbell setting (bsc#1111666)\n\n - RDMA/qedr: Fix memory leak in iWARP CM (bsc#1050545 ).\n\n - RDMA/qedr: Fix memory leak in user qp and mr (bsc#1111666)\n\n - RDMA/qedr: Fix reported firmware version (bsc#1111666)\n\n - RDMA/qedr: Fix use of uninitialized field (bsc#1111666)\n\n - RDMA/qedr: Remove unsupported modify_port callback (bsc#1111666)\n\n - RDMA/qedr: SRQ's bug fixes (bsc#1111666)\n\n - RDMA/qib: Delete extra line (bsc#1111666)\n\n - RDMA/qib: Remove all occurrences of BUG_ON() (bsc#1111666)\n\n - RDMA/qib: Validate ->show()/store() callbacks before calling them (bsc#1111666)\n\n - RDMA/rxe: Drop pointless checks in rxe_init_ports (bsc#1111666)\n\n - RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM (bsc#1111666)\n\n - RDMA/rxe: Fix configuration of atomic queue pair attributes (bsc#1111666)\n\n - RDMA/rxe: Fix memleak in rxe_mem_init_user (bsc#1111666)\n\n - RDMA/rxe: Fix slab-out-bounds access which lead to kernel crash later (bsc#1111666)\n\n - RDMA/rxe: Fix soft lockup problem due to using tasklets in softirq (bsc#1111666)\n\n - RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars (bsc#1111666)\n\n - RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue (bsc#1111666)\n\n - RDMA/rxe: Remove unused rxe_mem_map_pages (bsc#1111666)\n\n - RDMA/rxe: Remove useless rxe_init_device_param assignments (bsc#1111666)\n\n - RDMA/rxe: Return void from rxe_init_port_param() (bsc#1111666)\n\n - RDMA/rxe: Return void from rxe_mem_init_dma() (bsc#1111666)\n\n - RDMA/rxe: Set default vendor ID (bsc#1111666)\n\n - RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices (bsc#1111666)\n\n - RDMA/rxe: Skip dgid check in loopback mode (bsc#1111666)\n\n - RDMA/rxe: Use for_each_sg_page iterator on umem SGL (bsc#1111666)\n\n - RDMA/srp: Rework SCSI device reset handling (bsc#1111666)\n\n - RDMA/srpt: Fix typo in srpt_unregister_mad_agent docstring (bsc#1111666)\n\n - RDMA/srpt: Report the SCSI residual to the initiator (bsc#1111666)\n\n - RDMA/ucma: Add missing locking around rdma_leave_multicast() (bsc#1111666)\n\n - RDMA/ucma: Put a lock around every call to the rdma_cm layer (bsc#1111666)\n\n - RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated (bsc#1111666)\n\n - RDMA/vmw_pvrdma: Fix memory leak on pvrdma_pci_remove (bsc#1111666)\n\n - RDMA/vmw_pvrdma: Use atomic memory allocation in create AH (bsc#1111666)\n\n - RDMA: Directly cast the sockaddr union to sockaddr (bsc#1111666)\n\n - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (bsc#1111666)\n\n - Revert 'kernel/reboot.c: convert simple_strtoul to kstrtoint' (bsc#1179418).\n\n - SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1103992).\n\n - Staging: rtl8188eu: rtw_mlme: Fix uninitialized variable authmode (git-fixes).\n\n - USB: core: Fix regression in Hercules audio card (git-fixes).\n\n - Update references in patches.suse/net-smc-tolerate-future-smcd-versions (bsc#1172542 LTC#186070 git-fixes).\n\n - arm/arm64: KVM: Add PSCI version selection API (bsc#1174726).\n\n - arm64: KVM: Fix system register enumeration (bsc#1174726).\n\n - ath10k: Acquire tx_lock in tx error paths (git-fixes).\n\n - batman-adv: set .owner to THIS_MODULE (git-fixes).\n\n - bnxt_en: Fix race when modifying pause settings (bsc#1050242 ).\n\n - bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex (bsc#1050242).\n\n - btrfs: account ticket size at add/delete time (bsc#1178897).\n\n - btrfs: add helper to obtain number of devices with ongoing dev-replace (bsc#1178897).\n\n - btrfs: check rw_devices, not num_devices for balance (bsc#1178897).\n\n - btrfs: do not delete mismatched root refs (bsc#1178962).\n\n - btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1178897).\n\n - btrfs: fix force usage in inc_block_group_ro (bsc#1178897).\n\n - btrfs: fix invalid removal of root ref (bsc#1178962).\n\n - btrfs: fix reclaim counter leak of space_info objects (bsc#1178897).\n\n - btrfs: fix reclaim_size counter leak after stealing from global reserve (bsc#1178897).\n\n - btrfs: kill min_allocable_bytes in inc_block_group_ro (bsc#1178897).\n\n - btrfs: rework arguments of btrfs_unlink_subvol (bsc#1178962).\n\n - btrfs: split dev-replace locking helpers for read and write (bsc#1178897). Needed as a prep patch for further improvements around btrfs.\n\n - can: gs_usb: fix endianess problem with candleLight firmware (git-fixes).\n\n - can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes).\n\n - ceph: add check_session_state() helper and make it global (bsc#1179259).\n\n - ceph: check session state after bumping session->s_seq (bsc#1179259).\n\n - ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635).\n\n - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211).\n\n - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426).\n\n - cifs: remove bogus debug code (bsc#1179427).\n\n - cxgb4: Fix offset when clearing filter byte counters (bsc#1064802 bsc#1066129).\n\n - docs: ABI: stable: remove a duplicated documentation (git-fixes).\n\n - drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes).\n\n - drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (git-fixes).\n\n - efi/efivars: Add missing kobject_put() in sysfs entry creation error path (git-fixes).\n\n - efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes).\n\n - efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes).\n\n - efi/x86: Free efi_pgd with free_pages() (bsc#1112178).\n\n - efi/x86: Ignore the memory attributes table on i386 (git-fixes).\n\n - efi/x86: Map the entire EFI vendor string before copying it (git-fixes).\n\n - efi: cper: Fix possible out-of-bounds access (git-fixes).\n\n - efi: provide empty efi_enter_virtual_mode implementation (git-fixes).\n\n - efivarfs: fix memory leak in efivarfs_create() (git-fixes).\n\n - efivarfs: revert 'fix memory leak in efivarfs_create()' (git-fixes).\n\n - fuse: fix page dereference after free (bsc#1179213).\n\n - hv_balloon: disable warning when floor reached (git-fixes).\n\n - i40iw: Fix error handling in i40iw_manage_arp_cache() (bsc#1111666)\n\n - i40iw: Report correct firmware version (bsc#1111666)\n\n - i40iw: fix NULL pointer dereference on a null wqe pointer (bsc#1111666)\n\n - igc: Fix returning wrong statistics (bsc#1118657).\n\n - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes).\n\n - iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes).\n\n - iw_cxgb4: fix ECN check on the passive accept (bsc#1111666)\n\n - iw_cxgb4: only reconnect with MPAv1 if the peer aborts (bsc#1111666)\n\n - kABI workaround for usermodehelper changes (bsc#1179406).\n\n - kABI: add back flush_dcache_range (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - mac80211: always wind down STA state (git-fixes).\n\n - mac80211: free sta in sta_info_insert_finish() on errors (git-fixes).\n\n - mlxsw: core: Fix memory leak on module removal (bsc#1112374).\n\n - mm: always have io_remap_pfn_range() set pgprot_decrypted() (bsc#1112178).\n\n - net/tls: Fix kmap usage (bsc#1109837).\n\n - net/tls: missing received data after fast remote close (bsc#1109837).\n\n - net: DCB: Validate DCB_ATTR_DCB_BUFFER argument (bsc#1103990 ).\n\n - net: ena: fix packet's addresses for rx_offset feature (bsc#1174852).\n\n - net: ena: handle bad request id in ena_netdev (git-fixes).\n\n - net: qed: fix 'maybe uninitialized' warning (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).\n\n - net: qed: fix async event callbacks unregistering (bsc#1104393 bsc#1104389).\n\n - net: qede: fix PTP initialization on recovery (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).\n\n - net: qede: fix use-after-free on recovery and AER handling (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).\n\n - net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task() (bsc#1110096).\n\n - net_sched: fix a memory leak in atm_tc_init() (bsc#1056657 bsc#1056653 bsc#1056787).\n\n - nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes).\n\n - nfp: use correct define to return NONE fec (bsc#1109837).\n\n - pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes).\n\n - pinctrl: amd: use higher precision for 512 RtcClk (git-fixes).\n\n - pinctrl: aspeed: Fix GPI only function problem (git-fixes).\n\n - platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes).\n\n - powerpc/32: define helpers to get L1 cache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/64: flush_inval_dcache_range() becomes flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/64: reuse PPC32 static inline flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/mm: Flush cache on memory hot(un)plug (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Fix kernel crash due to wrong range value usage in flush_dcache_range (jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc: Chunk calls to flush_dcache_range in arch_*_memory (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964 git-fixes).\n\n - powerpc: define helpers to get L1 icache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - qed: fix error return code in qed_iwarp_ll2_start() (bsc#1050536 bsc#1050545).\n\n - qed: suppress 'do not support RoCE & iWARP' flooding on HW init (bsc#1050536 bsc#1050545).\n\n - qed: suppress false-positives interrupt error messages on HW init (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).\n\n - reboot: fix overflow parsing reboot cpu number (bsc#1179421).\n\n - rxe: correctly calculate iCRC for unaligned payloads (bsc#1111666)\n\n - rxe: fix error completion wr_id and qp_num (bsc#1111666)\n\n - s390/cio: add cond_resched() in the slow_eval_known_fn() loop (bsc#1177805 LTC#188737).\n\n - s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175916 LTC#187937).\n\n - s390/dasd: Fix zero write for FBA devices (bsc#1177808 LTC#188739).\n\n - s390: kernel/uv: handle length extension properly (bsc#1178940 LTC#189323).\n\n - sched/core: Fix PI boosting between RT and DEADLINE tasks (bsc#1112178).\n\n - sched/x86: SaveFLAGS on context switch (bsc#1112178).\n\n - scripts/git_sort/git_sort.py: add ceph maintainers git tree\n\n - scsi: RDMA/srpt: Fix a credit leak for aborted commands (bsc#1111666)\n\n - staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes).\n\n - svcrdma: Fix page leak in svc_rdma_recv_read_chunk() (bsc#1103992).\n\n - svcrdma: fix bounce buffers for unaligned offsets and multiple pages (bsc#1103992).\n\n - tcp: Set INET_ECN_xmit configuration in tcp_reinit_congestion_control (bsc#1109837).\n\n - tracing: Fix out of bounds write in get_trace_buf (bsc#1179403).\n\n - tty: serial: imx: keep console clocks always on (git-fixes).\n\n - usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes).\n\n - usb: gadget: Fix memleak in gadgetfs_fill_super (git-fixes).\n\n - usb: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes).\n\n - usb: host: xhci-mtk: avoid runtime suspend when removing hcd (git-fixes).\n\n - usermodehelper: reset umask to default before executing user process (bsc#1179406).\n\n - video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes).\n\n - x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect (git-fixes).\n\n - x86/PCI: Fix intel_mid_pci.c build error when ACPI is not enabled (git-fixes).\n\n - x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs (git-fixes).\n\n - x86/hyperv: Clarify comment on x2apic mode (git-fixes).\n\n - x86/hyperv: Make vapic support x2apic mode (git-fixes).\n\n - x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1112178).\n\n - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1112178).\n\n - x86/sysfb_efi: Add quirks for some devices with swapped width and height (git-fixes).\n\n - xfrm: Fix memleak on xfrm state destroy (bsc#1158775).\n\n - xfs: revert 'xfs: fix rmap key and record comparison functions' (git-fixes).", "cvss3": {}, "published": "2020-12-08T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2020-2193)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20669", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-27777", "CVE-2020-28974", "CVE-2020-29371", "CVE-2020-4788"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-2193.NASL", "href": "https://www.tenable.com/plugins/nessus/143542", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2193.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143542);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2018-20669\", \"CVE-2020-15436\", \"CVE-2020-15437\", \"CVE-2020-27777\", \"CVE-2020-28974\", \"CVE-2020-29371\", \"CVE-2020-4788\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2020-2193)\");\n script_summary(english:\"Check for the openSUSE-2020-2193 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The openSUSE Leap 15.2 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-29371: An issue was discovered in\n romfs_dev_read in fs/romfs/storage.c where uninitialized\n memory leaks to userspace, aka CID-bcf85fcedfdd\n (bnc#1179429).\n\n - CVE-2020-15436: Use-after-free vulnerability in\n fs/block_dev.c allowed local users to gain privileges or\n cause a denial of service by leveraging improper access\n to a certain error field (bnc#1179141).\n\n - CVE-2020-4788: IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1)\n processors could allow a local user to obtain sensitive\n information from the data in the L1 cache under\n extenuating circumstances. IBM X-Force ID: 189296\n (bnc#1177666).\n\n - CVE-2018-20669: An issue where a provided address with\n access_ok() is not checked was discovered in\n i915_gem_execbuffer2_ioctl in\n drivers/gpu/drm/i915/i915_gem_execbuffer.c, where a\n local attacker can craft a malicious IOCTL function call\n to overwrite arbitrary kernel memory, resulting in a\n Denial of Service or privilege escalation (bnc#1122971).\n\n - CVE-2020-15437: The Linux kernel was vulnerable to a\n NULL pointer dereference in\n drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_\n ports() that allowed local users to cause a denial of\n service by using the p->serial_in pointer which\n uninitialized (bnc#1179140).\n\n - CVE-2020-27777: Restrict RTAS requests from userspace\n (CVE-2020-27777 bsc#1179107).\n\n - CVE-2020-28974: A slab-out-of-bounds read in fbcon could\n be used by local attackers to read privileged\n information or potentially crash the kernel, aka\n CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in\n drivers/tty/vt/vt.c can be used for manipulations such\n as font height (bnc#1178589).\n\nThe following non-security bugs were fixed :\n\n - ACPI: GED: fix -Wformat (git-fixes).\n\n - ALSA: ctl: fix error path at adding user-defined element\n set (git-fixes).\n\n - ALSA: firewire: Clean up a locking issue in\n copy_resp_to_buf() (git-fixes).\n\n - ALSA: mixart: Fix mutex deadlock (git-fixes).\n\n - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes).\n\n - Bluetooth: btusb: Fix and detect most of the Chinese\n Bluetooth controllers (git-fixes).\n\n - Bluetooth: hci_bcm: fix freeing not-requested IRQ\n (git-fixes).\n\n - Convert trailing spaces and periods in path components\n (bsc#1179424).\n\n - Drivers: hv: vmbus: Remove the unused 'tsc_page' from\n struct hv_context (git-fixes).\n\n - IB/cma: Fix ports memory leak in cma_configfs\n (bsc#1111666)\n\n - IB/core: Set qp->real_qp before it may be accessed\n (bsc#1111666)\n\n - IB/hfi1, qib: Ensure RCU is locked when accessing list\n (bsc#1111666)\n\n - IB/hfi1: Add RcvShortLengthErrCnt to hfi1stats\n (bsc#1111666)\n\n - IB/hfi1: Add missing INVALIDATE opcodes for trace\n (bsc#1111666)\n\n - IB/hfi1: Add software counter for ctxt0 seq drop\n (bsc#1111666)\n\n - IB/hfi1: Avoid hardlockup with flushlist_lock\n (bsc#1111666)\n\n - IB/hfi1: Call kobject_put() when kobject_init_and_add()\n fails (bsc#1111666)\n\n - IB/hfi1: Check for error on call to alloc_rsm_map_table\n (bsc#1111666)\n\n - IB/hfi1: Close PSM sdma_progress sleep window\n (bsc#1111666)\n\n - IB/hfi1: Define variables as unsigned long to fix KASAN\n warning (bsc#1111666)\n\n - IB/hfi1: Ensure full Gen3 speed in a Gen4 system\n (bsc#1111666)\n\n - IB/hfi1: Fix Spectre v1 vulnerability (bsc#1111666)\n\n - IB/hfi1: Fix memory leaks in sysfs registration and\n unregistration (bsc#1111666)\n\n - IB/hfi1: Handle port down properly in pio (bsc#1111666)\n\n - IB/hfi1: Handle wakeup of orphaned QPs for pio\n (bsc#1111666)\n\n - IB/hfi1: Insure freeze_work work_struct is canceled on\n shutdown (bsc#1111666)\n\n - IB/hfi1: Remove unused define (bsc#1111666)\n\n - IB/hfi1: Silence txreq allocation warnings (bsc#1111666)\n\n - IB/hfi1: Validate page aligned for a given virtual\n address (bsc#1111666)\n\n - IB/hfi1: Wakeup QPs orphaned on wait list after flush\n (bsc#1111666)\n\n - IB/ipoib: Fix double free of skb in case of multicast\n traffic in CM mode (bsc#1111666)\n\n - IB/ipoib: Fix for use-after-free in ipoib_cm_tx_start\n (bsc#1111666)\n\n - IB/ipoib: drop useless LIST_HEAD (bsc#1111666)\n\n - IB/iser: Fix dma_nents type definition (bsc#1111666)\n\n - IB/iser: Pass the correct number of entries for dma\n mapped SGL (bsc#1111666)\n\n - IB/mad: Fix use-after-free in ib mad completion handling\n (bsc#1111666)\n\n - IB/mlx4: Add and improve logging (bsc#1111666)\n\n - IB/mlx4: Add support for MRA (bsc#1111666)\n\n - IB/mlx4: Adjust delayed work when a dup is observed\n (bsc#1111666)\n\n - IB/mlx4: Fix leak in id_map_find_del (bsc#1111666)\n\n - IB/mlx4: Fix memory leak in add_gid error flow\n (bsc#1111666)\n\n - IB/mlx4: Fix race condition between catas error reset\n and aliasguid flows (bsc#1111666)\n\n - IB/mlx4: Fix starvation in paravirt mux/demux\n (bsc#1111666)\n\n - IB/mlx4: Follow mirror sequence of device add during\n device removal (bsc#1111666)\n\n - IB/mlx4: Remove unneeded NULL check (bsc#1111666)\n\n - IB/mlx4: Test return value of calls to\n ib_get_cached_pkey (bsc#1111666)\n\n - IB/mlx5: Add missing XRC options to QP optional params\n mask (bsc#1111666)\n\n - IB/mlx5: Compare only index part of a memory window rkey\n (bsc#1111666)\n\n - IB/mlx5: Do not override existing ip_protocol\n (bsc#1111666)\n\n - IB/mlx5: Fix RSS Toeplitz setup to be aligned with the\n HW specification (bsc#1111666)\n\n - IB/mlx5: Fix clean_mr() to work in the expected order\n (bsc#1111666)\n\n - IB/mlx5: Fix implicit MR release flow (bsc#1111666)\n\n - IB/mlx5: Fix outstanding_pi index for GSI qps\n (bsc#1111666)\n\n - IB/mlx5: Fix unreg_umr to ignore the mkey state\n (bsc#1111666)\n\n - IB/mlx5: Improve ODP debugging messages (bsc#1111666)\n\n - IB/mlx5: Move MRs to a kernel PD when freeing them to\n the MR cache (bsc#1111666)\n\n - IB/mlx5: Prevent concurrent MR updates during\n invalidation (bsc#1111666)\n\n - IB/mlx5: Reset access mask when looping inside page\n fault handler (bsc#1111666)\n\n - IB/mlx5: Set correct write permissions for implicit ODP\n MR (bsc#1111666)\n\n - IB/mlx5: Use direct mkey destroy command upon UMR unreg\n failure (bsc#1111666)\n\n - IB/mlx5: Use fragmented QP's buffer for in-kernel users\n (bsc#1111666)\n\n - IB/mlx5: WQE dump jumps over first 16 bytes\n (bsc#1111666)\n\n - IB/mthca: fix return value of error branch in\n mthca_init_cq() (bsc#1111666)\n\n - IB/qib: Call kobject_put() when kobject_init_and_add()\n fails (bsc#1111666)\n\n - IB/qib: Fix an error code in qib_sdma_verbs_send()\n (bsc#1111666)\n\n - IB/qib: Remove a set-but-not-used variable (bsc#1111666)\n\n - IB/rdmavt: Convert timers to use timer_setup()\n (bsc#1111666)\n\n - IB/rdmavt: Fix alloc_qpn() WARN_ON() (bsc#1111666)\n\n - IB/rdmavt: Fix sizeof mismatch (bsc#1111666)\n\n - IB/rdmavt: Reset all QPs when the device is shut down\n (bsc#1111666)\n\n - IB/rxe: Fix incorrect cache cleanup in error flow\n (bsc#1111666)\n\n - IB/rxe: Make counters thread safe (bsc#1111666)\n\n - IB/srpt: Fix memory leak in srpt_add_one (bsc#1111666)\n\n - IB/umad: Avoid additional device reference during\n open()/close() (bsc#1111666)\n\n - IB/umad: Avoid destroying device while it is accessed\n (bsc#1111666)\n\n - IB/umad: Do not check status of nonseekable_open()\n (bsc#1111666)\n\n - IB/umad: Fix kernel crash while unloading ib_umad\n (bsc#1111666)\n\n - IB/umad: Refactor code to use cdev_device_add()\n (bsc#1111666)\n\n - IB/umad: Simplify and avoid dynamic allocation of class\n (bsc#1111666)\n\n - IB/usnic: Fix out of bounds index check in query pkey\n (bsc#1111666)\n\n - IB/uverbs: Fix OOPs upon device disassociation\n (bsc#1111666)\n\n - IB/(hfi1, qib): Fix WC.byte_len calculation for\n UD_SEND_WITH_IMM (bsc#1111666)\n\n - IB/(qib, hfi1, rdmavt): Correct ibv_devinfo max_mr value\n (bsc#1111666)\n\n - KVM host: kabi fixes for psci_version (bsc#1174726).\n\n - KVM: arm64: Add missing #include of <linux/string.h> in\n guest.c (bsc#1174726).\n\n - KVM: arm64: Factor out core register ID enumeration\n (bsc#1174726).\n\n - KVM: arm64: Filter out invalid core register IDs in\n KVM_GET_REG_LIST (bsc#1174726).\n\n - KVM: arm64: Refactor kvm_arm_num_regs() for easier\n maintenance (bsc#1174726).\n\n - KVM: arm64: Reject ioctl access to FPSIMD V-regs on SVE\n vcpus (bsc#1174726).\n\n - NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304).\n\n - NFS: only invalidate dentrys that are clearly invalid\n (bsc#1178669 bsc#1170139).\n\n - PCI: pci-hyperv: Fix build errors on non-SYSFS config\n (git-fixes).\n\n - RDMA/bnxt_re: Fix Send Work Entry state check while\n polling completions (bsc#1111666)\n\n - RDMA/bnxt_re: Fix lifetimes in bnxt_re_task\n (bsc#1111666)\n\n - RDMA/bnxt_re: Fix sizeof mismatch for allocation of\n pbl_tbl. (bsc#1111666)\n\n - RDMA/bnxt_re: Fix stack-out-of-bounds in\n bnxt_qplib_rcfw_send_message (bsc#1111666)\n\n - RDMA/cm: Add missing locking around id.state in\n cm_dup_req_handler (bsc#1111666)\n\n - RDMA/cm: Fix checking for allowed duplicate listens\n (bsc#1111666)\n\n - RDMA/cm: Remove a race freeing timewait_info\n (bsc#1111666)\n\n - RDMA/cm: Update num_paths in cma_resolve_iboe_route\n error flow (bsc#1111666)\n\n - RDMA/cma: Fix false error message (bsc#1111666)\n\n - RDMA/cma: Protect bind_list and listen_list while\n finding matching cm id (bsc#1111666)\n\n - RDMA/cma: add missed unregister_pernet_subsys in init\n failure (bsc#1111666)\n\n - RDMA/cma: fix null-ptr-deref Read in cma_cleanup\n (bsc#1111666)\n\n - RDMA/core: Do not depend device ODP capabilities on\n kconfig option (bsc#1111666)\n\n - RDMA/core: Fix invalid memory access in spec_filter_size\n (bsc#1111666)\n\n - RDMA/core: Fix locking in ib_uverbs_event_read\n (bsc#1111666)\n\n - RDMA/core: Fix protection fault in ib_mr_pool_destroy\n (bsc#1111666)\n\n - RDMA/core: Fix race between destroy and release FD\n object (bsc#1111666)\n\n - RDMA/core: Fix race when resolving IP address\n (bsc#1111666)\n\n - RDMA/core: Prevent mixed use of FDs between shared\n ufiles (bsc#1111666)\n\n - RDMA/cxgb3: Delete and properly mark unimplemented\n resize CQ function (bsc#1111666)\n\n - RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN\n (bsc#1111666)\n\n - RDMA/hns: Correct typo of hns_roce_create_cq()\n (bsc#1111666)\n\n - RDMA/hns: Remove unsupported modify_port callback\n (bsc#1111666)\n\n - RDMA/hns: Set the unsupported wr opcode (bsc#1111666)\n\n - RDMA/i40iw: Set queue pair state when being queried\n (bsc#1111666)\n\n - RDMA/i40iw: fix a potential NULL pointer dereference\n (bsc#1111666)\n\n - RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah()\n (bsc#1111666)\n\n - RDMA/ipoib: Remove check for ETH_SS_TEST (bsc#1111666)\n\n - RDMA/ipoib: Return void from ipoib_ib_dev_stop()\n (bsc#1111666)\n\n - RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces\n (bsc#1111666)\n\n - RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure\n case (bsc#1111666)\n\n - RDMA/iw_cxgb4: Fix the unchecked ep dereference\n (bsc#1111666)\n\n - RDMA/iwcm: Fix a lock inversion issue (bsc#1111666)\n\n - RDMA/iwcm: Fix iwcm work deallocation (bsc#1111666)\n\n - RDMA/iwcm: move iw_rem_ref() calls out of spinlock\n (bsc#1111666)\n\n - RDMA/mad: Fix possible memory leak in\n ib_mad_post_receive_mads() (bsc#1111666)\n\n - RDMA/mlx4: Initialize ib_spec on the stack (bsc#1111666)\n\n - RDMA/mlx4: Read pkey table length instead of hardcoded\n value (bsc#1111666)\n\n - RDMA/mlx5: Clear old rate limit when closing QP\n (bsc#1111666)\n\n - RDMA/mlx5: Delete unreachable handle_atomic code by\n simplifying SW completion (bsc#1111666)\n\n - RDMA/mlx5: Fix a race with mlx5_ib_update_xlt on an\n implicit MR (bsc#1111666)\n\n - RDMA/mlx5: Fix access to wrong pointer while performing\n flush due to error (bsc#1111666)\n\n - RDMA/mlx5: Fix function name typo 'fileds' -> 'fields'\n (bsc#1111666)\n\n - RDMA/mlx5: Return proper error value (bsc#1111666)\n\n - RDMA/mlx5: Set GRH fields in query QP on RoCE\n (bsc#1111666)\n\n - RDMA/mlx5: Verify that QP is created with RQ or SQ\n (bsc#1111666)\n\n - RDMA/nes: Remove second wait queue initialization call\n (bsc#1111666)\n\n - RDMA/netlink: Do not always generate an ACK for some\n netlink operations (bsc#1111666)\n\n - RDMA/ocrdma: Fix out of bounds index check in query pkey\n (bsc#1111666)\n\n - RDMA/ocrdma: Remove unsupported modify_port callback\n (bsc#1111666)\n\n - RDMA/pvrdma: Fix missing pci disable in\n pvrdma_pci_probe() (bsc#1111666)\n\n - RDMA/qedr: Endianness warnings cleanup (bsc#1111666)\n\n - RDMA/qedr: Fix KASAN: use-after-free in\n ucma_event_handler+0x532 (bsc#1050545).\n\n - RDMA/qedr: Fix doorbell setting (bsc#1111666)\n\n - RDMA/qedr: Fix memory leak in iWARP CM (bsc#1050545 ).\n\n - RDMA/qedr: Fix memory leak in user qp and mr\n (bsc#1111666)\n\n - RDMA/qedr: Fix reported firmware version (bsc#1111666)\n\n - RDMA/qedr: Fix use of uninitialized field (bsc#1111666)\n\n - RDMA/qedr: Remove unsupported modify_port callback\n (bsc#1111666)\n\n - RDMA/qedr: SRQ's bug fixes (bsc#1111666)\n\n - RDMA/qib: Delete extra line (bsc#1111666)\n\n - RDMA/qib: Remove all occurrences of BUG_ON()\n (bsc#1111666)\n\n - RDMA/qib: Validate ->show()/store() callbacks before\n calling them (bsc#1111666)\n\n - RDMA/rxe: Drop pointless checks in rxe_init_ports\n (bsc#1111666)\n\n - RDMA/rxe: Fill in wc byte_len with\n IB_WC_RECV_RDMA_WITH_IMM (bsc#1111666)\n\n - RDMA/rxe: Fix configuration of atomic queue pair\n attributes (bsc#1111666)\n\n - RDMA/rxe: Fix memleak in rxe_mem_init_user (bsc#1111666)\n\n - RDMA/rxe: Fix slab-out-bounds access which lead to\n kernel crash later (bsc#1111666)\n\n - RDMA/rxe: Fix soft lockup problem due to using tasklets\n in softirq (bsc#1111666)\n\n - RDMA/rxe: Fix the parent sysfs read when the interface\n has 15 chars (bsc#1111666)\n\n - RDMA/rxe: Prevent access to wr->next ptr afrer wr is\n posted to send queue (bsc#1111666)\n\n - RDMA/rxe: Remove unused rxe_mem_map_pages (bsc#1111666)\n\n - RDMA/rxe: Remove useless rxe_init_device_param\n assignments (bsc#1111666)\n\n - RDMA/rxe: Return void from rxe_init_port_param()\n (bsc#1111666)\n\n - RDMA/rxe: Return void from rxe_mem_init_dma()\n (bsc#1111666)\n\n - RDMA/rxe: Set default vendor ID (bsc#1111666)\n\n - RDMA/rxe: Set sys_image_guid to be aligned with HW IB\n devices (bsc#1111666)\n\n - RDMA/rxe: Skip dgid check in loopback mode (bsc#1111666)\n\n - RDMA/rxe: Use for_each_sg_page iterator on umem SGL\n (bsc#1111666)\n\n - RDMA/srp: Rework SCSI device reset handling\n (bsc#1111666)\n\n - RDMA/srpt: Fix typo in srpt_unregister_mad_agent\n docstring (bsc#1111666)\n\n - RDMA/srpt: Report the SCSI residual to the initiator\n (bsc#1111666)\n\n - RDMA/ucma: Add missing locking around\n rdma_leave_multicast() (bsc#1111666)\n\n - RDMA/ucma: Put a lock around every call to the rdma_cm\n layer (bsc#1111666)\n\n - RDMA/uverbs: Make the event_queue fds return POLLERR\n when disassociated (bsc#1111666)\n\n - RDMA/vmw_pvrdma: Fix memory leak on pvrdma_pci_remove\n (bsc#1111666)\n\n - RDMA/vmw_pvrdma: Use atomic memory allocation in create\n AH (bsc#1111666)\n\n - RDMA: Directly cast the sockaddr union to sockaddr\n (bsc#1111666)\n\n - RMDA/cm: Fix missing ib_cm_destroy_id() in\n ib_cm_insert_listen() (bsc#1111666)\n\n - Revert 'kernel/reboot.c: convert simple_strtoul to\n kstrtoint' (bsc#1179418).\n\n - SUNRPC: fix copying of multiple pages in\n gss_read_proxy_verf() (bsc#1103992).\n\n - Staging: rtl8188eu: rtw_mlme: Fix uninitialized variable\n authmode (git-fixes).\n\n - USB: core: Fix regression in Hercules audio card\n (git-fixes).\n\n - Update references in\n patches.suse/net-smc-tolerate-future-smcd-versions\n (bsc#1172542 LTC#186070 git-fixes).\n\n - arm/arm64: KVM: Add PSCI version selection API\n (bsc#1174726).\n\n - arm64: KVM: Fix system register enumeration\n (bsc#1174726).\n\n - ath10k: Acquire tx_lock in tx error paths (git-fixes).\n\n - batman-adv: set .owner to THIS_MODULE (git-fixes).\n\n - bnxt_en: Fix race when modifying pause settings\n (bsc#1050242 ).\n\n - bnxt_en: Protect bnxt_set_eee() and\n bnxt_set_pauseparam() with mutex (bsc#1050242).\n\n - btrfs: account ticket size at add/delete time\n (bsc#1178897).\n\n - btrfs: add helper to obtain number of devices with\n ongoing dev-replace (bsc#1178897).\n\n - btrfs: check rw_devices, not num_devices for balance\n (bsc#1178897).\n\n - btrfs: do not delete mismatched root refs (bsc#1178962).\n\n - btrfs: fix btrfs_calc_reclaim_metadata_size calculation\n (bsc#1178897).\n\n - btrfs: fix force usage in inc_block_group_ro\n (bsc#1178897).\n\n - btrfs: fix invalid removal of root ref (bsc#1178962).\n\n - btrfs: fix reclaim counter leak of space_info objects\n (bsc#1178897).\n\n - btrfs: fix reclaim_size counter leak after stealing from\n global reserve (bsc#1178897).\n\n - btrfs: kill min_allocable_bytes in inc_block_group_ro\n (bsc#1178897).\n\n - btrfs: rework arguments of btrfs_unlink_subvol\n (bsc#1178962).\n\n - btrfs: split dev-replace locking helpers for read and\n write (bsc#1178897). Needed as a prep patch for further\n improvements around btrfs.\n\n - can: gs_usb: fix endianess problem with candleLight\n firmware (git-fixes).\n\n - can: m_can: fix nominal bitiming tseg2 min for version\n >= 3.1 (git-fixes).\n\n - ceph: add check_session_state() helper and make it\n global (bsc#1179259).\n\n - ceph: check session state after bumping session->s_seq\n (bsc#1179259).\n\n - ceph: fix race in concurrent __ceph_remove_cap\n invocations (bsc#1178635).\n\n - cifs: Fix incomplete memory allocation on setxattr path\n (bsc#1179211).\n\n - cifs: Return the error from crypt_message when enc/dec\n key not found (bsc#1179426).\n\n - cifs: remove bogus debug code (bsc#1179427).\n\n - cxgb4: Fix offset when clearing filter byte counters\n (bsc#1064802 bsc#1066129).\n\n - docs: ABI: stable: remove a duplicated documentation\n (git-fixes).\n\n - drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes).\n\n - drm/sun4i: dw-hdmi: fix error return code in\n sun8i_dw_hdmi_bind() (git-fixes).\n\n - efi/efivars: Add missing kobject_put() in sysfs entry\n creation error path (git-fixes).\n\n - efi/esrt: Fix reference count leak in\n esre_create_sysfs_entry (git-fixes).\n\n - efi/x86: Do not panic or BUG() on non-critical error\n conditions (git-fixes).\n\n - efi/x86: Free efi_pgd with free_pages() (bsc#1112178).\n\n - efi/x86: Ignore the memory attributes table on i386\n (git-fixes).\n\n - efi/x86: Map the entire EFI vendor string before copying\n it (git-fixes).\n\n - efi: cper: Fix possible out-of-bounds access\n (git-fixes).\n\n - efi: provide empty efi_enter_virtual_mode implementation\n (git-fixes).\n\n - efivarfs: fix memory leak in efivarfs_create()\n (git-fixes).\n\n - efivarfs: revert 'fix memory leak in efivarfs_create()'\n (git-fixes).\n\n - fuse: fix page dereference after free (bsc#1179213).\n\n - hv_balloon: disable warning when floor reached\n (git-fixes).\n\n - i40iw: Fix error handling in i40iw_manage_arp_cache()\n (bsc#1111666)\n\n - i40iw: Report correct firmware version (bsc#1111666)\n\n - i40iw: fix NULL pointer dereference on a null wqe\n pointer (bsc#1111666)\n\n - igc: Fix returning wrong statistics (bsc#1118657).\n\n - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM\n for setting tablet-mode (git-fixes).\n\n - iio: accel: kxcjk1013: Replace is_smo8500_device with an\n acpi_type enum (git-fixes).\n\n - iw_cxgb4: fix ECN check on the passive accept\n (bsc#1111666)\n\n - iw_cxgb4: only reconnect with MPAv1 if the peer aborts\n (bsc#1111666)\n\n - kABI workaround for usermodehelper changes\n (bsc#1179406).\n\n - kABI: add back flush_dcache_range (jsc#SLE-16402\n jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - libnvdimm/nvdimm/flush: Allow architecture to override\n the flush barrier (jsc#SLE-16402 jsc#SLE-16497\n bsc#1176109 ltc#187964).\n\n - mac80211: always wind down STA state (git-fixes).\n\n - mac80211: free sta in sta_info_insert_finish() on errors\n (git-fixes).\n\n - mlxsw: core: Fix memory leak on module removal\n (bsc#1112374).\n\n - mm: always have io_remap_pfn_range() set\n pgprot_decrypted() (bsc#1112178).\n\n - net/tls: Fix kmap usage (bsc#1109837).\n\n - net/tls: missing received data after fast remote close\n (bsc#1109837).\n\n - net: DCB: Validate DCB_ATTR_DCB_BUFFER argument\n (bsc#1103990 ).\n\n - net: ena: fix packet's addresses for rx_offset feature\n (bsc#1174852).\n\n - net: ena: handle bad request id in ena_netdev\n (git-fixes).\n\n - net: qed: fix 'maybe uninitialized' warning (bsc#1136460\n jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).\n\n - net: qed: fix async event callbacks unregistering\n (bsc#1104393 bsc#1104389).\n\n - net: qede: fix PTP initialization on recovery\n (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).\n\n - net: qede: fix use-after-free on recovery and AER\n handling (bsc#1136460 jsc#SLE-4691 bsc#1136461\n jsc#SLE-4692).\n\n - net: thunderx: use spin_lock_bh in\n nicvf_set_rx_mode_task() (bsc#1110096).\n\n - net_sched: fix a memory leak in atm_tc_init()\n (bsc#1056657 bsc#1056653 bsc#1056787).\n\n - nfc: s3fwrn5: use signed integer for parsing GPIO\n numbers (git-fixes).\n\n - nfp: use correct define to return NONE fec\n (bsc#1109837).\n\n - pinctrl: amd: fix incorrect way to disable debounce\n filter (git-fixes).\n\n - pinctrl: amd: use higher precision for 512 RtcClk\n (git-fixes).\n\n - pinctrl: aspeed: Fix GPI only function problem\n (git-fixes).\n\n - platform/x86: toshiba_acpi: Fix the wrong variable\n assignment (git-fixes).\n\n - powerpc/32: define helpers to get L1 cache sizes\n (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/64: flush_inval_dcache_range() becomes\n flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497\n bsc#1176109 ltc#187964).\n\n - powerpc/64: reuse PPC32 static inline\n flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497\n bsc#1176109 ltc#187964).\n\n - powerpc/mm: Flush cache on memory hot(un)plug\n (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Add flush routines using new pmem store\n and sync instruction (jsc#SLE-16402 jsc#SLE-16497\n bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Add new instructions for persistent\n storage and sync (jsc#SLE-16402 jsc#SLE-16497\n bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Avoid the barrier in flush routines\n (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Fix kernel crash due to wrong range value\n usage in flush_dcache_range (jsc#SLE-16497 bsc#1176109\n ltc#187964).\n\n - powerpc/pmem: Initialize pmem device on newer hardware\n (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Restrict papr_scm to P8 and above\n (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - powerpc/pmem: Update ppc64 to use the new barrier\n instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109\n ltc#187964).\n\n - powerpc: Chunk calls to flush_dcache_range in\n arch_*_memory (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109\n ltc#187964 git-fixes).\n\n - powerpc: define helpers to get L1 icache sizes\n (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n\n - qed: fix error return code in qed_iwarp_ll2_start()\n (bsc#1050536 bsc#1050545).\n\n - qed: suppress 'do not support RoCE & iWARP' flooding on\n HW init (bsc#1050536 bsc#1050545).\n\n - qed: suppress false-positives interrupt error messages\n on HW init (bsc#1136460 jsc#SLE-4691 bsc#1136461\n jsc#SLE-4692).\n\n - reboot: fix overflow parsing reboot cpu number\n (bsc#1179421).\n\n - rxe: correctly calculate iCRC for unaligned payloads\n (bsc#1111666)\n\n - rxe: fix error completion wr_id and qp_num (bsc#1111666)\n\n - s390/cio: add cond_resched() in the slow_eval_known_fn()\n loop (bsc#1177805 LTC#188737).\n\n - s390/cpum_cf,perf: change DFLT_CCERROR counter name\n (bsc#1175916 LTC#187937).\n\n - s390/dasd: Fix zero write for FBA devices (bsc#1177808\n LTC#188739).\n\n - s390: kernel/uv: handle length extension properly\n (bsc#1178940 LTC#189323).\n\n - sched/core: Fix PI boosting between RT and DEADLINE\n tasks (bsc#1112178).\n\n - sched/x86: SaveFLAGS on context switch (bsc#1112178).\n\n - scripts/git_sort/git_sort.py: add ceph maintainers git\n tree\n\n - scsi: RDMA/srpt: Fix a credit leak for aborted commands\n (bsc#1111666)\n\n - staging: rtl8723bs: Add 024c:0627 to the list of SDIO\n device-ids (git-fixes).\n\n - svcrdma: Fix page leak in svc_rdma_recv_read_chunk()\n (bsc#1103992).\n\n - svcrdma: fix bounce buffers for unaligned offsets and\n multiple pages (bsc#1103992).\n\n - tcp: Set INET_ECN_xmit configuration in\n tcp_reinit_congestion_control (bsc#1109837).\n\n - tracing: Fix out of bounds write in get_trace_buf\n (bsc#1179403).\n\n - tty: serial: imx: keep console clocks always on\n (git-fixes).\n\n - usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download\n mode (git-fixes).\n\n - usb: gadget: Fix memleak in gadgetfs_fill_super\n (git-fixes).\n\n - usb: gadget: f_midi: Fix memleak in f_midi_alloc\n (git-fixes).\n\n - usb: host: xhci-mtk: avoid runtime suspend when removing\n hcd (git-fixes).\n\n - usermodehelper: reset umask to default before executing\n user process (bsc#1179406).\n\n - video: hyperv_fb: Fix the cache type when mapping the\n VRAM (git-fixes).\n\n - x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect\n (git-fixes).\n\n - x86/PCI: Fix intel_mid_pci.c build error when ACPI is\n not enabled (git-fixes).\n\n - x86/PCI: Mark Intel C620 MROMs as having non-compliant\n BARs (git-fixes).\n\n - x86/hyperv: Clarify comment on x2apic mode (git-fixes).\n\n - x86/hyperv: Make vapic support x2apic mode (git-fixes).\n\n - x86/microcode/intel: Check patch signature before saving\n microcode for early loading (bsc#1112178).\n\n - x86/speculation: Allow IBPB to be conditionally enabled\n on CPUs with always-on STIBP (bsc#1112178).\n\n - x86/sysfb_efi: Add quirks for some devices with swapped\n width and height (git-fixes).\n\n - xfrm: Fix memleak on xfrm state destroy (bsc#1158775).\n\n - xfs: revert 'xfs: fix rmap key and record comparison\n functions' (git-fixes).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1064802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1066129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104389\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1118657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1122971\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1136461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1158775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1170139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175916\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178669\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178897\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178962\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179141\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179259\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179403\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179418\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179429\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27777\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-base-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-base-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-debugsource-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-devel-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-devel-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-base-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-base-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-debugsource-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-devel-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-devel-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-devel-4.12.14-lp151.28.87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-docs-html-4.12.14-lp151.28.87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-base-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-debugsource-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-devel-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-macros-4.12.14-lp151.28.87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-build-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-build-debugsource-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-qa-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-source-4.12.14-lp151.28.87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-source-vanilla-4.12.14-lp151.28.87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-syms-4.12.14-lp151.28.87.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-base-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-debugsource-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-devel-4.12.14-lp151.28.87.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-lp151.28.87.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:13", "description": "The SUSE Linux Enterprise 15 SP2 kernel RT was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-25212: Fixed getxattr kernel panic and memory overflow (bsc#1176381).\n\nCVE-2020-25643: Added range checks in ppp_cp_parse_cr() (bsc#1177206).\n\nCVE-2020-25641: Allowed for_each_bvec to support zero len bvec (bsc#1177121).\n\nCVE-2020-25645: Added transport ports in route lookup for geneve (bsc#1177511).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3230-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25212", "CVE-2020-25641", "CVE-2020-25643", "CVE-2020-25645"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt", "p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt-devel", "p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-3230-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143694", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3230-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143694);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2020-25212\",\n \"CVE-2020-25641\",\n \"CVE-2020-25643\",\n \"CVE-2020-25645\"\n );\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3230-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP2 kernel RT was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-25212: Fixed getxattr kernel panic and memory overflow\n(bsc#1176381).\n\nCVE-2020-25643: Added range checks in ppp_cp_parse_cr() (bsc#1177206).\n\nCVE-2020-25641: Allowed for_each_bvec to support zero len bvec\n(bsc#1177121).\n\nCVE-2020-25645: Added transport ports in route lookup for geneve\n(bsc#1177511).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155798\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168468\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171675\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175718\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177194\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177258\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177297\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=954532\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25212/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25641/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25643/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25645/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203230-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?99f6bda6\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Realtime 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-RT-15-SP2-2020-3230=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-25645\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-5.3.18-13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-debuginfo-5.3.18-13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-5.3.18-13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-debuginfo-5.3.18-13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-5.3.18-13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-debuginfo-5.3.18-13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-5.3.18-13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-5.3.18-13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-debugsource-5.3.18-13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-devel-5.3.18-13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-devel-debuginfo-5.3.18-13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debuginfo-5.3.18-13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debugsource-5.3.18-13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-5.3.18-13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-debuginfo-5.3.18-13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-syms-rt-5.3.18-13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-5.3.18-13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-debuginfo-5.3.18-13.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:11:51", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1520 advisory.\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of- bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2020-14390)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. (CVE-2020-25645)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-28T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALAS-2020-1520)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14390", "CVE-2020-25284", "CVE-2020-25643", "CVE-2020-25645"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-livepatch-4.14.200-155.322", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2020-1520.NASL", "href": "https://www.tenable.com/plugins/nessus/141973", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1520.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141973);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2020-14390\",\n \"CVE-2020-25284\",\n \"CVE-2020-25643\",\n \"CVE-2020-25645\"\n );\n script_xref(name:\"ALAS\", value:\"2020-1520\");\n\n script_name(english:\"Amazon Linux 2 : kernel (ALAS-2020-1520)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the ALAS2-2020-1520 advisory.\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of-\n bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of\n the flaw, privilege escalation cannot be fully ruled out. (CVE-2020-14390)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete\n permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap\n rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption\n and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause\n the system to crash or cause a denial of service. The highest threat from this vulnerability is to data\n confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may\n be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE\n tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from\n this vulnerability is to data confidentiality. (CVE-2020-25645)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1520.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25643\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25645\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-25645\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-4.14.200-155.322\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n cve_list = make_list(\"CVE-2020-14390\", \"CVE-2020-25284\", \"CVE-2020-25643\", \"CVE-2020-25645\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALAS-2020-1520\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\npkgs = [\n {'reference':'kernel-4.14.200-155.322.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-4.14.200-155.322.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-debuginfo-4.14.200-155.322.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-debuginfo-4.14.200-155.322.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-debuginfo-common-aarch64-4.14.200-155.322.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-debuginfo-common-x86_64-4.14.200-155.322.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-devel-4.14.200-155.322.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-devel-4.14.200-155.322.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-headers-4.14.200-155.322.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-headers-4.14.200-155.322.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'kernel-headers-4.14.200-155.322.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-livepatch-4.14.200-155.322-1.0-0.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-tools-4.14.200-155.322.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-tools-4.14.200-155.322.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-tools-debuginfo-4.14.200-155.322.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-tools-debuginfo-4.14.200-155.322.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-tools-devel-4.14.200-155.322.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-tools-devel-4.14.200-155.322.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'perf-4.14.200-155.322.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'perf-4.14.200-155.322.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'perf-debuginfo-4.14.200-155.322.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'perf-debuginfo-4.14.200-155.322.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'python-perf-4.14.200-155.322.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'python-perf-4.14.200-155.322.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'python-perf-debuginfo-4.14.200-155.322.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'python-perf-debuginfo-4.14.200-155.322.amzn2', 'cpu':'x86_64', 'release':'AL2'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:43", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.(CVE-2020-36158)\n\n - Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2020-0543)\n\n - An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.(CVE-2019-3900)\n\n - In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931.(CVE-2018-9517)\n\n - A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction mechanism.\n But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that host has 'TSX' enabled. Confidentiality of data is the highest threat associated with this vulnerability.(CVE-2019-19338)\n\n - There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.(CVE-2020-10690)\n\n - Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.(CVE-2020-12351)\n\n - A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation.(CVE-2020-27786)\n\n - use-after-free read in sunkbd_reinit in drivers/input/keyboard/sunkbd.c(CVE-2020-25669)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.(CVE-2020-27777)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.(CVE-2020-29660)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.(CVE-2020-29661)\n\n - An out-of-bounds memory write flaw was found in how the Linux kernel's Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720.\n This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-14305)\n\n - An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.(CVE-2019-20934)\n\n - IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID:\n 189296.(CVE-2020-4788)\n\n - A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.(CVE-2020-25704)\n\n - An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.(CVE-2020-29370)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.(CVE-2020-28974)\n\n - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.(CVE-2020-28915)\n\n - An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4.\n Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.(CVE-2020-29371)\n\n - Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.(CVE-2020-15436)\n\n - The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.(CVE-2020-15437)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-03-24T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : kernel (EulerOS-SA-2021-1684)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-9517", "CVE-2019-11135", "CVE-2019-19338", "CVE-2019-20934", "CVE-2019-3900", "CVE-2020-0543", "CVE-2020-10690", "CVE-2020-12351", "CVE-2020-14305", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25669", "CVE-2020-25704", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29370", "CVE-2020-29371", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158", "CVE-2020-4788"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1684.NASL", "href": "https://www.tenable.com/plugins/nessus/148041", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148041);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-9517\",\n \"CVE-2019-3900\",\n \"CVE-2019-19338\",\n \"CVE-2019-20934\",\n \"CVE-2020-0543\",\n \"CVE-2020-4788\",\n \"CVE-2020-10690\",\n \"CVE-2020-12351\",\n \"CVE-2020-14305\",\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25669\",\n \"CVE-2020-25704\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\",\n \"CVE-2020-29370\",\n \"CVE-2020-29371\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"EulerOS 2.0 SP5 : kernel (EulerOS-SA-2021-1684)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - mwifiex_cmd_802_11_ad_hoc_start in\n drivers/net/wireless/marvell/mwifiex/join.c in the\n Linux kernel through 5.10.4 might allow remote\n attackers to execute arbitrary code via a long SSID\n value, aka CID-5c455c5ab332.(CVE-2020-36158)\n\n - Incomplete cleanup from specific special register read\n operations in some Intel(R) Processors may allow an\n authenticated user to potentially enable information\n disclosure via local access.(CVE-2020-0543)\n\n - An infinite loop issue was found in the vhost_net\n kernel module in Linux Kernel up to and including\n v5.1-rc6, while handling incoming packets in\n handle_rx(). It could occur if one end sends packets\n faster than the other end can process them. A guest\n user, maybe remote one, could use this flaw to stall\n the vhost_net kernel thread, resulting in a DoS\n scenario.(CVE-2019-3900)\n\n - In pppol2tp_connect, there is possible memory\n corruption due to a use after free. This could lead to\n local escalation of privilege with System execution\n privileges needed. User interaction is not needed for\n exploitation. Product: Android. Versions: Android\n kernel. Android ID: A-38159931.(CVE-2018-9517)\n\n - A flaw was found in the fix for CVE-2019-11135, in the\n Linux upstream kernel versions before 5.5 where, the\n way Intel CPUs handle speculative execution of\n instructions when a TSX Asynchronous Abort (TAA) error\n occurs. When a guest is running on a host CPU affected\n by the TAA flaw (TAA_NO=0), but is not affected by the\n MDS issue (MDS_NO=1), the guest was to clear the\n affected buffers by using a VERW instruction mechanism.\n But when the MDS_NO=1 bit was exported to the guests,\n the guests did not use the VERW mechanism to clear the\n affected buffers. This issue affects guests running on\n Cascade Lake CPUs and requires that host has 'TSX'\n enabled. Confidentiality of data is the highest threat\n associated with this vulnerability.(CVE-2019-19338)\n\n - There is a use-after-free in kernel versions before 5.5\n due to a race condition between the release of\n ptp_clock and cdev while resource deallocation. When a\n (high privileged) process allocates a ptp device file\n (like /dev/ptpX) and voluntarily goes to sleep. During\n this time if the underlying device is removed, it can\n cause an exploitable condition as the process wakes up\n to terminate and clean all attached files. The system\n crashes due to the cdev structure being invalid (as\n already freed) which is pointed to by the\n inode.(CVE-2020-10690)\n\n - Improper input validation in BlueZ may allow an\n unauthenticated user to potentially enable escalation\n of privilege via adjacent access.(CVE-2020-12351)\n\n - A flaw was found in the Linux kernels implementation of\n MIDI, where an attacker with a local account and the\n permissions to issue an ioctl commands to midi devices,\n could trigger a use-after-free. A write to this\n specific memory while freed and before use could cause\n the flow of execution to change and possibly allow for\n memory corruption or privilege\n escalation.(CVE-2020-27786)\n\n - use-after-free read in sunkbd_reinit in\n drivers/input/keyboard/sunkbd.c(CVE-2020-25669)\n\n - A flaw was found in the way RTAS handled memory\n accesses in userspace to kernel communication. On a\n locked down (usually due to Secure Boot) guest system\n running on top of PowerVM or KVM hypervisors (pseries\n platform) a root like local user could use this flaw to\n further increase their privileges to that of a running\n kernel.(CVE-2020-27777)\n\n - A locking inconsistency issue was discovered in the tty\n subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may\n allow a read-after-free attack against TIOCGSID, aka\n CID-c8bcd9c5be24.(CVE-2020-29660)\n\n - A locking issue was discovered in the tty subsystem of\n the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free\n attack against TIOCSPGRP, aka\n CID-54ffccbf053b.(CVE-2020-29661)\n\n - An out-of-bounds memory write flaw was found in how the\n Linux kernel's Voice Over IP H.323 connection tracking\n functionality handled connections on ipv6 port 1720.\n This flaw allows an unauthenticated remote user to\n crash the system, causing a denial of service. The\n highest threat from this vulnerability is to\n confidentiality, integrity, as well as system\n availability.(CVE-2020-14305)\n\n - An issue was discovered in the Linux kernel before\n 5.2.6. On NUMA systems, the Linux fair scheduler has a\n use-after-free in show_numa_stats() because NUMA fault\n statistics are inappropriately freed, aka\n CID-16d51a590a8c.(CVE-2019-20934)\n\n - IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors\n could allow a local user to obtain sensitive\n information from the data in the L1 cache under\n extenuating circumstances. IBM X-Force ID:\n 189296.(CVE-2020-4788)\n\n - A flaw memory leak in the Linux kernel performance\n monitoring subsystem was found in the way if using\n PERF_EVENT_IOC_SET_FILTER. A local user could use this\n flaw to starve the resources causing denial of\n service.(CVE-2020-25704)\n\n - An issue was discovered in kmem_cache_alloc_bulk in\n mm/slub.c in the Linux kernel before 5.5.11. The\n slowpath lacks the required TID increment, aka\n CID-fd4d9c7d0c71.(CVE-2020-29370)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel\n before 5.9.7 could be used by local attackers to read\n privileged information or potentially crash the kernel,\n aka CID-3c4e0dff2095. This occurs because\n KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for\n manipulations such as font height.(CVE-2020-28974)\n\n - A buffer over-read (at the framebuffer layer) in the\n fbcon code in the Linux kernel before 5.8.15 could be\n used by local attackers to read kernel memory, aka\n CID-6735b4632def.(CVE-2020-28915)\n\n - An issue was discovered in romfs_dev_read in\n fs/romfs/storage.c in the Linux kernel before 5.8.4.\n Uninitialized memory leaks to userspace, aka\n CID-bcf85fcedfdd.(CVE-2020-29371)\n\n - Use-after-free vulnerability in fs/block_dev.c in the\n Linux kernel before 5.8 allows local users to gain\n privileges or cause a denial of service by leveraging\n improper access to a certain error\n field.(CVE-2020-15436)\n\n - The Linux kernel before version 5.8 is vulnerable to a\n NULL pointer dereference in\n drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of\n service by using the p->serial_in pointer which\n uninitialized.(CVE-2020-15437)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1684\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0a74b185\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14305\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-12351\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.5.h520.eulerosv2r7\",\n \"kernel-devel-3.10.0-862.14.1.5.h520.eulerosv2r7\",\n \"kernel-headers-3.10.0-862.14.1.5.h520.eulerosv2r7\",\n \"kernel-tools-3.10.0-862.14.1.5.h520.eulerosv2r7\",\n \"kernel-tools-libs-3.10.0-862.14.1.5.h520.eulerosv2r7\",\n \"perf-3.10.0-862.14.1.5.h520.eulerosv2r7\",\n \"python-perf-3.10.0-862.14.1.5.h520.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:28", "description": "The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-12351: Fixed a type confusion while processing AMP packets aka 'BleedingTooth' aka 'BadKarma' (bsc#1177724).\n\nCVE-2020-12352: Fixed an information leak when processing certain AMP packets aka 'BleedingTooth' aka 'BadChoice' (bsc#1177725).\n\nCVE-2020-25645: Fixed an issue which traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted (bsc#1177511).\n\nCVE-2020-25212: Fixed a TOCTOU mismatch in the NFS client code (bsc#1176381).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2981-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12351", "CVE-2020-12352", "CVE-2020-25212", "CVE-2020-25645"], "modified": "2021-04-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-2981-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143673", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2981-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143673);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/12\");\n\n script_cve_id(\"CVE-2020-12351\", \"CVE-2020-12352\", \"CVE-2020-25212\", \"CVE-2020-25645\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2981-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-12351: Fixed a type confusion while processing AMP packets\naka 'BleedingTooth' aka 'BadKarma' (bsc#1177724).\n\nCVE-2020-12352: Fixed an information leak when processing certain AMP\npackets aka 'BleedingTooth' aka 'BadChoice' (bsc#1177725).\n\nCVE-2020-25645: Fixed an issue which traffic between two Geneve\nendpoints may be unencrypted when IPsec is configured to encrypt\ntraffic for the specific UDP port used by the GENEVE tunnel allowing\nanyone between the two endpoints to read the traffic unencrypted\n(bsc#1177511).\n\nCVE-2020-25212: Fixed a TOCTOU mismatch in the NFS client code\n(bsc#1176381).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140683\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152624\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172538\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172757\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175520\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176400\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176946\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177027\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177687\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177724\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177725\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-12351/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-12352/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25212/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25645/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202981-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3e30446e\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP5 :\n\nzypper in -t patch SUSE-SLE-WE-12-SP5-2020-2981=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2981=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2981=1\n\nSUSE Linux Enterprise Live Patching 12-SP5 :\n\nzypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-2981=1\n\nSUSE Linux Enterprise High Availability 12-SP5 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP5-2020-2981=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-122.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-122.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-4.12.14-122.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-base-4.12.14-122.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-base-debuginfo-4.12.14-122.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-debuginfo-4.12.14-122.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-debugsource-4.12.14-122.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-devel-4.12.14-122.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-syms-4.12.14-122.46.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:11:35", "description": "The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-12351: A type confusion while processing AMP packets could be used by physical close attackers to crash the kernel or potentially execute code was fixed (bsc#1177724).\n\n - CVE-2020-12352: A stack information leak when handling certain AMP packets could be used by physical close attackers to leak information from the kernel was fixed (bsc#1177725).\n\n - CVE-2020-25212: A TOCTOU mismatch in the NFS client code could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452 (bnc#1176381).\n\n - CVE-2020-25645: Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality (bnc#1177511).\n\nThe following non-security bugs were fixed :\n\n - 59c7c3caaaf8 ('nvme: fix possible hang when ns scanning fails during error recovery')\n\n - NFS: On fatal writeback errors, we need to call nfs_inode_remove_request() (bsc#1177340).\n\n - NFS: Revalidate the file mapping on all fatal writeback errors (bsc#1177340).\n\n - drm/sun4i: mixer: Extend regmap max_register (git-fixes).\n\n - ea43d9709f72 ('nvme: fix identify error status silent ignore')\n\n - i2c: meson: fix clock setting overwrite (git-fixes).\n\n - iommu/vt-d: Correctly calculate agaw in domain_init() (bsc#1176400).\n\n - mac80211: do not allow bigger VHT MPDUs than the hardware supports (git-fixes).\n\n - macsec: avoid use-after-free in macsec_handle_frame() (git-fixes).\n\n - mm: memcg: switch to css_tryget() in get_mem_cgroup_from_mm() (bsc#1177685).\n\n - mmc: core: do not set limits.discard_granularity as 0 (git-fixes).\n\n - nvme-multipath: do not reset on unknown status (bsc#1174748).\n\n - nvme-rdma: Avoid double freeing of async event data (bsc#1174748).\n\n - nvme: Fix ctrl use-after-free during sysfs deletion (bsc#1174748).\n\n - nvme: Namepace identification descriptor list is optional (bsc#1174748).\n\n - nvme: add a Identify Namespace Identification Descriptor list quirk (bsc#1174748).\n\n - nvme: fix deadlock caused by ANA update wrong locking (bsc#1174748).\n\n - nvme: fix possible io failures when removing multipathed ns (bsc#1174748).\n\n - nvme: make nvme_identify_ns propagate errors back (bsc#1174748).\n\n - nvme: make nvme_report_ns_ids propagate error back (bsc#1174748).\n\n - nvme: pass status to nvme_error_status (bsc#1174748).\n\n - nvme: return error from nvme_alloc_ns() (bsc#1174748).\n\n - powerpc/dma: Fix dma_map_ops::get_required_mask (bsc#1065729).\n\n - scsi: hisi_sas: Add debugfs ITCT file and add file operations (bsc#1140683).\n\n - scsi: hisi_sas: Add manual trigger for debugfs dump (bsc#1140683).\n\n - scsi: hisi_sas: Add missing seq_printf() call in hisi_sas_show_row_32() (bsc#1140683).\n\n - scsi: hisi_sas: Change return variable type in phy_up_v3_hw() (bsc#1140683).\n\n - scsi: hisi_sas: Correct memory allocation size for DQ debugfs (bsc#1140683).\n\n - scsi: hisi_sas: Do some more tidy-up (bsc#1140683).\n\n - scsi: hisi_sas: Fix a timeout race of driver internal and SMP IO (bsc#1140683).\n\n - scsi: hisi_sas: Fix type casting and missing static qualifier in debugfs code (bsc#1140683). Refresh :\n\n - scsi: hisi_sas: No need to check return value of debugfs_create functions (bsc#1140683). Update :\n\n - scsi: hisi_sas: Some misc tidy-up (bsc#1140683).\n\n - scsi: qla2xxx: Add IOCB resource tracking (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Add SLER and PI control support (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Add rport fields in debugfs (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Correct the check for sscanf() return value (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Fix I/O errors during LIP reset tests (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Fix I/O failures during remote port toggle testing (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Fix MPI reset needed message (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Fix buffer-buffer credit extraction error (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Fix crash on session cleanup with unload (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Fix memory size truncation (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Fix reset of MPI firmware (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Make tgt_port_database available in initiator mode (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Performance tweak (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Reduce duplicate code in reporting speed (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Remove unneeded variable 'rval' (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Setup debugfs entries for remote ports (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Update version to 10.02.00.102-k (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Update version to 10.02.00.103-k (bsc#1176946 bsc#1175520 bsc#1172538).", "cvss3": {}, "published": "2020-10-19T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2020-1682)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12351", "CVE-2020-12352", "CVE-2020-25212", "CVE-2020-25645"], "modified": "2021-04-12T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-1682.NASL", "href": "https://www.tenable.com/plugins/nessus/141514", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1682.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141514);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/12\");\n\n script_cve_id(\"CVE-2020-12351\", \"CVE-2020-12352\", \"CVE-2020-25212\", \"CVE-2020-25645\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2020-1682)\");\n script_summary(english:\"Check for the openSUSE-2020-1682 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The openSUSE Leap 15.1 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-12351: A type confusion while processing AMP\n packets could be used by physical close attackers to\n crash the kernel or potentially execute code was fixed\n (bsc#1177724).\n\n - CVE-2020-12352: A stack information leak when handling\n certain AMP packets could be used by physical close\n attackers to leak information from the kernel was fixed\n (bsc#1177725).\n\n - CVE-2020-25212: A TOCTOU mismatch in the NFS client code\n could be used by local attackers to corrupt memory or\n possibly have unspecified other impact because a size\n check is in fs/nfs/nfs4proc.c instead of\n fs/nfs/nfs4xdr.c, aka CID-b4487b935452 (bnc#1176381).\n\n - CVE-2020-25645: Traffic between two Geneve endpoints may\n be unencrypted when IPsec is configured to encrypt\n traffic for the specific UDP port used by the GENEVE\n tunnel allowing anyone between the two endpoints to read\n the traffic unencrypted. The main threat from this\n vulnerability is to data confidentiality (bnc#1177511).\n\nThe following non-security bugs were fixed :\n\n - 59c7c3caaaf8 ('nvme: fix possible hang when ns scanning\n fails during error recovery')\n\n - NFS: On fatal writeback errors, we need to call\n nfs_inode_remove_request() (bsc#1177340).\n\n - NFS: Revalidate the file mapping on all fatal writeback\n errors (bsc#1177340).\n\n - drm/sun4i: mixer: Extend regmap max_register\n (git-fixes).\n\n - ea43d9709f72 ('nvme: fix identify error status silent\n ignore')\n\n - i2c: meson: fix clock setting overwrite (git-fixes).\n\n - iommu/vt-d: Correctly calculate agaw in domain_init()\n (bsc#1176400).\n\n - mac80211: do not allow bigger VHT MPDUs than the\n hardware supports (git-fixes).\n\n - macsec: avoid use-after-free in macsec_handle_frame()\n (git-fixes).\n\n - mm: memcg: switch to css_tryget() in\n get_mem_cgroup_from_mm() (bsc#1177685).\n\n - mmc: core: do not set limits.discard_granularity as 0\n (git-fixes).\n\n - nvme-multipath: do not reset on unknown status\n (bsc#1174748).\n\n - nvme-rdma: Avoid double freeing of async event data\n (bsc#1174748).\n\n - nvme: Fix ctrl use-after-free during sysfs deletion\n (bsc#1174748).\n\n - nvme: Namepace identification descriptor list is\n optional (bsc#1174748).\n\n - nvme: add a Identify Namespace Identification Descriptor\n list quirk (bsc#1174748).\n\n - nvme: fix deadlock caused by ANA update wrong locking\n (bsc#1174748).\n\n - nvme: fix possible io failures when removing multipathed\n ns (bsc#1174748).\n\n - nvme: make nvme_identify_ns propagate errors back\n (bsc#1174748).\n\n - nvme: make nvme_report_ns_ids propagate error back\n (bsc#1174748).\n\n - nvme: pass status to nvme_error_status (bsc#1174748).\n\n - nvme: return error from nvme_alloc_ns() (bsc#1174748).\n\n - powerpc/dma: Fix dma_map_ops::get_required_mask\n (bsc#1065729).\n\n - scsi: hisi_sas: Add debugfs ITCT file and add file\n operations (bsc#1140683).\n\n - scsi: hisi_sas: Add manual trigger for debugfs dump\n (bsc#1140683).\n\n - scsi: hisi_sas: Add missing seq_printf() call in\n hisi_sas_show_row_32() (bsc#1140683).\n\n - scsi: hisi_sas: Change return variable type in\n phy_up_v3_hw() (bsc#1140683).\n\n - scsi: hisi_sas: Correct memory allocation size for DQ\n debugfs (bsc#1140683).\n\n - scsi: hisi_sas: Do some more tidy-up (bsc#1140683).\n\n - scsi: hisi_sas: Fix a timeout race of driver internal\n and SMP IO (bsc#1140683).\n\n - scsi: hisi_sas: Fix type casting and missing static\n qualifier in debugfs code (bsc#1140683). Refresh :\n\n - scsi: hisi_sas: No need to check return value of\n debugfs_create functions (bsc#1140683). Update :\n\n - scsi: hisi_sas: Some misc tidy-up (bsc#1140683).\n\n - scsi: qla2xxx: Add IOCB resource tracking (bsc#1176946\n bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Add SLER and PI control support\n (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Add rport fields in debugfs (bsc#1176946\n bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe\n devices (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Correct the check for sscanf() return\n value (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Fix I/O errors during LIP reset tests\n (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Fix I/O failures during remote port\n toggle testing (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Fix MPI reset needed message (bsc#1176946\n bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Fix buffer-buffer credit extraction error\n (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Fix crash on session cleanup with unload\n (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Fix inconsistent format argument type in\n qla_dbg.c (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Fix inconsistent format argument type in\n tcm_qla2xxx.c (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Fix inconsistent format argument type in\n qla_os.c (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Fix memory size truncation (bsc#1176946\n bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Fix point-to-point (N2N) device discovery\n issue (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Fix reset of MPI firmware (bsc#1176946\n bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Honor status qualifier in FCP_RSP per\n spec (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Make tgt_port_database available in\n initiator mode (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Performance tweak (bsc#1176946\n bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Reduce duplicate code in reporting speed\n (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Remove unneeded variable 'rval'\n (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Setup debugfs entries for remote ports\n (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Update version to 10.02.00.102-k\n (bsc#1176946 bsc#1175520 bsc#1172538).\n\n - scsi: qla2xxx: Update version to 10.02.00.103-k\n (bsc#1176946 bsc#1175520 bsc#1172538).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140683\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172538\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175520\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176400\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176946\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177724\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177725\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12351\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-4.12.14-lp151.28.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-base-4.12.14-lp151.28.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-base-debuginfo-4.12.14-lp151.28.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-debuginfo-4.12.14-lp151.28.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-debugsource-4.12.14-lp151.28.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-devel-4.12.14-lp151.28.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-devel-debuginfo-4.12.14-lp151.28.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-4.12.14-lp151.28.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-base-4.12.14-lp151.28.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-base-debuginfo-4.12.14-lp151.28.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-debuginfo-4.12.14-lp151.28.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-debugsource-4.12.14-lp151.28.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-devel-4.12.14-lp151.28.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-devel-debuginfo-4.12.14-lp151.28.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-devel-4.12.14-lp151.28.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-docs-html-4.12.14-lp151.28.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-4.12.14-lp151.28.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-base-4.12.14-lp151.28.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-lp151.28.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-lp151.28.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-debugsource-4.12.14-lp151.28.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-devel-4.12.14-lp151.28.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-lp151.28.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-macros-4.12.14-lp151.28.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-build-4.12.14-lp151.28.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-build-debugsource-4.12.14-lp151.28.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-qa-4.12.14-lp151.28.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-source-4.12.14-lp151.28.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-source-vanilla-4.12.14-lp151.28.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-syms-4.12.14-lp151.28.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-4.12.14-lp151.28.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-base-4.12.14-lp151.28.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-lp151.28.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-debuginfo-4.12.14-lp151.28.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-debugsource-4.12.14-lp151.28.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-devel-4.12.14-lp151.28.75.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-lp151.28.75.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:13:14", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc.Security Fix(es):An information leak flaw was found in the way the Linux kernel's Bluetooth stack implementation handled initialization of stack memory when handling certain AMP packets. A remote attacker in adjacent range could use this flaw to leak small portions of stack memory on the system by sending a specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality.(CVE-2020-12352)A flaw was found in the way the Linux kernel Bluetooth implementation handled L2CAP packets with A2MP CID. A remote attacker in adjacent range could use this flaw to crash the system causing denial of service or potentially execute arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-12351)A heap buffer overflow flaw was found in the way the Linux kernel's Bluetooth implementation processed extended advertising report events. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or to potentially execute arbitrary code on the system by sending a specially crafted Bluetooth packet. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-24490)A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.(CVE-2020-25645)A flaw was found in the Linux kernel's implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14331)A missing CAP_NET_RAW check in NFC socket creation in netfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.(CVE-2020-26088)perf:\n Fix race in perf_mmap_close function(CVE-2020-14351)A flaw was found in the Linux kernel before 5.9-rc4.\n Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.(CVE-2020-14386)A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25643)The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot.(CVE-2015-7837)A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability.(CVE-2020-25641)A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.(CVE-2020-14314)In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-143560807(CVE-2020-0432)get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit process that can use ptrace() or process_vm_readv(), aka CID-9fa2dd946743.(CVE-2020-25285)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-11-02T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-2311)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7837", "CVE-2020-0432", "CVE-2020-12351", "CVE-2020-12352", "CVE-2020-14314", "CVE-2020-14331", "CVE-2020-14351", "CVE-2020-14386", "CVE-2020-24490", "CVE-2020-25285", "CVE-2020-25641", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-26088"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bpftool", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-source", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2311.NASL", "href": "https://www.tenable.com/plugins/nessus/142148", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142148);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2015-7837\",\n \"CVE-2020-0432\",\n \"CVE-2020-12351\",\n \"CVE-2020-12352\",\n \"CVE-2020-14314\",\n \"CVE-2020-14331\",\n \"CVE-2020-14351\",\n \"CVE-2020-14386\",\n \"CVE-2020-24490\",\n \"CVE-2020-25285\",\n \"CVE-2020-25641\",\n \"CVE-2020-25643\",\n \"CVE-2020-25645\",\n \"CVE-2020-26088\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-2311)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):An information leak flaw\n was found in the way the Linux kernel's Bluetooth stack\n implementation handled initialization of stack memory\n when handling certain AMP packets. A remote attacker in\n adjacent range could use this flaw to leak small\n portions of stack memory on the system by sending a\n specially crafted AMP packets. The highest threat from\n this vulnerability is to data\n confidentiality.(CVE-2020-12352)A flaw was found in the\n way the Linux kernel Bluetooth implementation handled\n L2CAP packets with A2MP CID. A remote attacker in\n adjacent range could use this flaw to crash the system\n causing denial of service or potentially execute\n arbitrary code on the system by sending a specially\n crafted L2CAP packet. The highest threat from this\n vulnerability is to data confidentiality and integrity\n as well as system availability.(CVE-2020-12351)A heap\n buffer overflow flaw was found in the way the Linux\n kernel's Bluetooth implementation processed extended\n advertising report events. This flaw allows a remote\n attacker in an adjacent range to crash the system,\n causing a denial of service or to potentially execute\n arbitrary code on the system by sending a specially\n crafted Bluetooth packet. The highest threat from this\n vulnerability is to confidentiality, integrity, as well\n as system availability.(CVE-2020-24490)A flaw was found\n in the Linux kernel in versions before 5.9-rc7. Traffic\n between two Geneve endpoints may be unencrypted when\n IPsec is configured to encrypt traffic for the specific\n UDP port used by the GENEVE tunnel allowing anyone\n between the two endpoints to read the traffic\n unencrypted. The main threat from this vulnerability is\n to data confidentiality.(CVE-2020-25645)A flaw was\n found in the Linux kernel's implementation of the\n invert video code on VGA consoles when a local attacker\n attempts to resize the console, calling an ioctl\n VT_RESIZE, which causes an out-of-bounds write to\n occur. This flaw allows a local user with access to the\n VGA console to crash the system, potentially escalating\n their privileges on the system. The highest threat from\n this vulnerability is to data confidentiality and\n integrity as well as system\n availability.(CVE-2020-14331)A missing CAP_NET_RAW\n check in NFC socket creation in netfc/rawsock.c in the\n Linux kernel before 5.8.2 could be used by local\n attackers to create raw sockets, bypassing security\n mechanisms, aka CID-26896f01467a.(CVE-2020-26088)perf:\n Fix race in perf_mmap_close function(CVE-2020-14351)A\n flaw was found in the Linux kernel before 5.9-rc4.\n Memory corruption can be exploited to gain root\n privileges from unprivileged processes. The highest\n threat from this vulnerability is to data\n confidentiality and integrity.(CVE-2020-14386)A flaw\n was found in the HDLC_PPP module of the Linux kernel in\n versions before 5.9-rc7. Memory corruption and a read\n overflow is caused by improper input validation in the\n ppp_cp_parse_cr function which can cause the system to\n crash or cause a denial of service. The highest threat\n from this vulnerability is to data confidentiality and\n integrity as well as system\n availability.(CVE-2020-25643)The Linux kernel, as used\n in Red Hat Enterprise Linux 7, kernel-rt, and\n Enterprise MRG 2 and when booted with UEFI Secure Boot\n enabled, allows local users to bypass intended\n securelevel/secureboot restrictions by leveraging\n improper handling of secure_boot flag across kexec\n reboot.(CVE-2015-7837)A flaw was found in the Linux\n kernel's implementation of biovecs in versions before\n 5.9-rc7. A zero-length biovec request issued by the\n block subsystem could cause the kernel to enter an\n infinite loop, causing a denial of service. This flaw\n allows a local attacker with basic privileges to issue\n requests to a block device, resulting in a denial of\n service. The highest threat from this vulnerability is\n to system availability.(CVE-2020-25641)A memory\n out-of-bounds read flaw was found in the Linux kernel\n before 5.9-rc2 with the ext3/ext4 file system, in the\n way it accesses a directory with broken indexing. This\n flaw allows a local user to crash the system if the\n directory exists. The highest threat from this\n vulnerability is to system\n availability.(CVE-2020-14314)In skb_to_mamac of\n networking.c, there is a possible out of bounds write\n due to an integer overflow. This could lead to local\n escalation of privilege with no additional execution\n privileges needed. User interaction is not needed for\n exploitation.Product: AndroidVersions: Android\n kernelAndroid ID:\n A-143560807(CVE-2020-0432)get_gate_page in mm/gup.c in\n the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows\n privilege escalation because of incorrect reference\n counting (caused by gate page mishandling) of the\n struct page that backs the vsyscall page. The result is\n a refcount underflow. This can be triggered by any\n 64-bit process that can use ptrace() or\n process_vm_readv(), aka\n CID-9fa2dd946743.(CVE-2020-25285)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2311\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1d2e51dd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-12351\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"bpftool-4.19.36-vhulk1907.1.0.h874.eulerosv2r8\",\n \"kernel-4.19.36-vhulk1907.1.0.h874.eulerosv2r8\",\n \"kernel-devel-4.19.36-vhulk1907.1.0.h874.eulerosv2r8\",\n \"kernel-headers-4.19.36-vhulk1907.1.0.h874.eulerosv2r8\",\n \"kernel-source-4.19.36-vhulk1907.1.0.h874.eulerosv2r8\",\n \"kernel-tools-4.19.36-vhulk1907.1.0.h874.eulerosv2r8\",\n \"kernel-tools-libs-4.19.36-vhulk1907.1.0.h874.eulerosv2r8\",\n \"perf-4.19.36-vhulk1907.1.0.h874.eulerosv2r8\",\n \"python-perf-4.19.36-vhulk1907.1.0.h874.eulerosv2r8\",\n \"python3-perf-4.19.36-vhulk1907.1.0.h874.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:58", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed.(CVE-2020-0427)\n\n - NULL-ptr deref in the spk_ttyio_receive_buf2() function in spk_ttyio.c.(CVE-2020-27830)\n\n - In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed.(CVE-2020-0466)\n\n - In the nl80211_policy policy of nl80211.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.(CVE-2020-27068)\n\n - use-after-free read in sunkbd_reinit in drivers/input/keyboard/sunkbd.c.(CVE-2020-25669)\n\n - A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation.(CVE-2020-27786)\n\n - An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4.\n Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.(CVE-2020-29371)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.(CVE-2020-28974)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.(CVE-2020-29660)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.(CVE-2020-29661)\n\n - An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.(CVE-2020-28941)\n\n - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.(CVE-2020-28915)\n\n - A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.\n Kernel versions before 5.10 may be vulnerable to this issue.(CVE-2020-25705)\n\n - race condition in fg_console can lead to use-after-free in con_font_op.(CVE-2020-25668)\n\n - The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.(CVE-2020-15437)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.(CVE-2020-27673)\n\n - An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.(CVE-2020-29368)\n\n - An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x.\n drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5.(CVE-2020-27675)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.(CVE-2020-27777)\n\n - There is a memory leak in perf_event_parse_addr_filter.(CVE-2020-25704)\n\n - Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2020-8694)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.(CVE-2020-25656)\n\n - In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-144161459(CVE-2020-0431)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service.\n The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25643)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.(CVE-2020-25645)\n\n - An information leak flaw was found in the way the Linux kernel's Bluetooth stack implementation handled initialization of stack memory when handling certain AMP packets. A remote attacker in adjacent range could use this flaw to leak small portions of stack memory on the system by sending a specially crafted AMP packets.\n The highest threat from this vulnerability is to data confidentiality.(CVE-2020-12352)\n\n - A flaw was found in the way the Linux kernel Bluetooth implementation handled L2CAP packets with A2MP CID. A remote attacker in adjacent range could use this flaw to crash the system causing denial of service or potentially execute arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-12351)\n\n - A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.(CVE-2020-26088)\n\n - A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability.(CVE-2020-25641)\n\n - In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-143560807(CVE-2020-0432)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/ nfs/ nfs4proc.c instead of fs/ nfs/ nfs4xdr.c, aka CID-b4487b935452..(CVE-2020-25212)\n\n - A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.(CVE-2020-14385)\n\n - In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel(CVE-2020-0404)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.(CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.(CVE-2020-25285)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.(CVE-2020-14314)\n\n - A flaw was found in the Linux kernel before 5.9-rc4.\n Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.(CVE-2020-14386)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-03-11T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.0 : kernel (EulerOS-SA-2021-1642)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0404", "CVE-2020-0427", "CVE-2020-0431", "CVE-2020-0432", "CVE-2020-0466", "CVE-2020-12351", "CVE-2020-12352", "CVE-2020-14314", "CVE-2020-14385", "CVE-2020-14386", "CVE-2020-15437", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285", "CVE-2020-25641", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-25668", "CVE-2020-25669", "CVE-2020-25704", "CVE-2020-25705", "CVE-2020-26088", "CVE-2020-27068", "CVE-2020-27673", "CVE-2020-27675", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-27830", "CVE-2020-28915", "CVE-2020-28941", "CVE-2020-28974", "CVE-2020-29368", "CVE-2020-29371", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-8694"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:uvp:2.9.0"], "id": "EULEROS_SA-2021-1642.NASL", "href": "https://www.tenable.com/plugins/nessus/147690", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147690);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\n \"CVE-2020-0404\",\n \"CVE-2020-0427\",\n \"CVE-2020-0431\",\n \"CVE-2020-0432\",\n \"CVE-2020-0466\",\n \"CVE-2020-8694\",\n \"CVE-2020-12351\",\n \"CVE-2020-12352\",\n \"CVE-2020-14314\",\n \"CVE-2020-14385\",\n \"CVE-2020-14386\",\n \"CVE-2020-15437\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\",\n \"CVE-2020-25641\",\n \"CVE-2020-25643\",\n \"CVE-2020-25645\",\n \"CVE-2020-25656\",\n \"CVE-2020-25668\",\n \"CVE-2020-25669\",\n \"CVE-2020-25704\",\n \"CVE-2020-25705\",\n \"CVE-2020-26088\",\n \"CVE-2020-27068\",\n \"CVE-2020-27673\",\n \"CVE-2020-27675\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-27830\",\n \"CVE-2020-28915\",\n \"CVE-2020-28941\",\n \"CVE-2020-28974\",\n \"CVE-2020-29368\",\n \"CVE-2020-29371\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"EulerOS Virtualization 2.9.0 : kernel (EulerOS-SA-2021-1642)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - In create_pinctrl of core.c, there is a possible out of\n bounds read due to a use after free. This could lead to\n local information disclosure with no additional\n execution privileges needed.(CVE-2020-0427)\n\n - NULL-ptr deref in the spk_ttyio_receive_buf2() function\n in spk_ttyio.c.(CVE-2020-27830)\n\n - In do_epoll_ctl and ep_loop_check_proc of eventpoll.c,\n there is a possible use after free due to a logic\n error. This could lead to local escalation of privilege\n with no additional execution privileges\n needed.(CVE-2020-0466)\n\n - In the nl80211_policy policy of nl80211.c, there is a\n possible out of bounds read due to a missing bounds\n check. This could lead to local information disclosure\n with System execution privileges\n needed.(CVE-2020-27068)\n\n - use-after-free read in sunkbd_reinit in\n drivers/input/keyboard/sunkbd.c.(CVE-2020-25669)\n\n - A flaw was found in the Linux kernels implementation of\n MIDI, where an attacker with a local account and the\n permissions to issue an ioctl commands to midi devices,\n could trigger a use-after-free. A write to this\n specific memory while freed and before use could cause\n the flow of execution to change and possibly allow for\n memory corruption or privilege\n escalation.(CVE-2020-27786)\n\n - An issue was discovered in romfs_dev_read in\n fs/romfs/storage.c in the Linux kernel before 5.8.4.\n Uninitialized memory leaks to userspace, aka\n CID-bcf85fcedfdd.(CVE-2020-29371)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel\n before 5.9.7 could be used by local attackers to read\n privileged information or potentially crash the kernel,\n aka CID-3c4e0dff2095. This occurs because\n KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for\n manipulations such as font height.(CVE-2020-28974)\n\n - A locking inconsistency issue was discovered in the tty\n subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may\n allow a read-after-free attack against TIOCGSID, aka\n CID-c8bcd9c5be24.(CVE-2020-29660)\n\n - A locking issue was discovered in the tty subsystem of\n the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free\n attack against TIOCSPGRP, aka\n CID-54ffccbf053b.(CVE-2020-29661)\n\n - An issue was discovered in\n drivers/accessibility/speakup/spk_ttyio.c in the Linux\n kernel through 5.9.9. Local attackers on systems with\n the speakup driver could cause a local denial of\n service attack, aka CID-d41227544427. This occurs\n because of an invalid free when the line discipline is\n used more than once.(CVE-2020-28941)\n\n - A buffer over-read (at the framebuffer layer) in the\n fbcon code in the Linux kernel before 5.8.15 could be\n used by local attackers to read kernel memory, aka\n CID-6735b4632def.(CVE-2020-28915)\n\n - A flaw in the way reply ICMP packets are limited in the\n Linux kernel functionality was found that allows to\n quickly scan open UDP ports. This flaw allows an\n off-path remote user to effectively bypassing source\n port UDP randomization. The highest threat from this\n vulnerability is to confidentiality and possibly\n integrity, because software that relies on UDP source\n port randomization are indirectly affected as well.\n Kernel versions before 5.10 may be vulnerable to this\n issue.(CVE-2020-25705)\n\n - race condition in fg_console can lead to use-after-free\n in con_font_op.(CVE-2020-25668)\n\n - The Linux kernel before version 5.8 is vulnerable to a\n NULL pointer dereference in\n drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of\n service by using the p->serial_in pointer which\n uninitialized.(CVE-2020-15437)\n\n - An issue was discovered in the Linux kernel through\n 5.9.1, as used with Xen through 4.14.x. Guest OS users\n can cause a denial of service (host OS hang) via a high\n rate of events to dom0, aka\n CID-e99502f76271.(CVE-2020-27673)\n\n - An issue was discovered in __split_huge_pmd in\n mm/huge_memory.c in the Linux kernel before 5.7.5. The\n copy-on-write implementation can grant unintended write\n access because of a race condition in a THP mapcount\n check, aka CID-c444eb564fb1.(CVE-2020-29368)\n\n - An issue was discovered in the Linux kernel through\n 5.9.1, as used with Xen through 4.14.x.\n drivers/xen/events/events_base.c allows event-channel\n removal during the event-handling loop (a race\n condition). This can cause a use-after-free or NULL\n pointer dereference, as demonstrated by a dom0 crash\n via events for an in-reconfiguration paravirtualized\n device, aka CID-073d0552ead5.(CVE-2020-27675)\n\n - A flaw was found in the way RTAS handled memory\n accesses in userspace to kernel communication. On a\n locked down (usually due to Secure Boot) guest system\n running on top of PowerVM or KVM hypervisors (pseries\n platform) a root like local user could use this flaw to\n further increase their privileges to that of a running\n kernel.(CVE-2020-27777)\n\n - There is a memory leak in\n perf_event_parse_addr_filter.(CVE-2020-25704)\n\n - Insufficient access control in the Linux kernel driver\n for some Intel(R) Processors may allow an authenticated\n user to potentially enable information disclosure via\n local access.(CVE-2020-8694)\n\n - A flaw was found in the Linux kernel. A use-after-free\n was found in the way the console subsystem was using\n ioctls KDGKBSENT and KDSKBSENT. A local user could use\n this flaw to get read memory access out of bounds. The\n highest threat from this vulnerability is to data\n confidentiality.(CVE-2020-25656)\n\n - In kbd_keycode of keyboard.c, there is a possible out\n of bounds write due to a missing bounds check. This\n could lead to local escalation of privilege with no\n additional execution privileges needed. User\n interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-144161459(CVE-2020-0431)\n\n - A flaw was found in the HDLC_PPP module of the Linux\n kernel in versions before 5.9-rc7. Memory corruption\n and a read overflow is caused by improper input\n validation in the ppp_cp_parse_cr function which can\n cause the system to crash or cause a denial of service.\n The highest threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability.(CVE-2020-25643)\n\n - A flaw was found in the Linux kernel in versions before\n 5.9-rc7. Traffic between two Geneve endpoints may be\n unencrypted when IPsec is configured to encrypt traffic\n for the specific UDP port used by the GENEVE tunnel\n allowing anyone between the two endpoints to read the\n traffic unencrypted. The main threat from this\n vulnerability is to data\n confidentiality.(CVE-2020-25645)\n\n - An information leak flaw was found in the way the Linux\n kernel's Bluetooth stack implementation handled\n initialization of stack memory when handling certain\n AMP packets. A remote attacker in adjacent range could\n use this flaw to leak small portions of stack memory on\n the system by sending a specially crafted AMP packets.\n The highest threat from this vulnerability is to data\n confidentiality.(CVE-2020-12352)\n\n - A flaw was found in the way the Linux kernel Bluetooth\n implementation handled L2CAP packets with A2MP CID. A\n remote attacker in adjacent range could use this flaw\n to crash the system causing denial of service or\n potentially execute arbitrary code on the system by\n sending a specially crafted L2CAP packet. The highest\n threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability.(CVE-2020-12351)\n\n - A missing CAP_NET_RAW check in NFC socket creation in\n net/nfc/rawsock.c in the Linux kernel before 5.8.2\n could be used by local attackers to create raw sockets,\n bypassing security mechanisms, aka\n CID-26896f01467a.(CVE-2020-26088)\n\n - A flaw was found in the Linux kernel's implementation\n of biovecs in versions before 5.9-rc7. A zero-length\n biovec request issued by the block subsystem could\n cause the kernel to enter an infinite loop, causing a\n denial of service. This flaw allows a local attacker\n with basic privileges to issue requests to a block\n device, resulting in a denial of service. The highest\n threat from this vulnerability is to system\n availability.(CVE-2020-25641)\n\n - In skb_to_mamac of networking.c, there is a possible\n out of bounds write due to an integer overflow. This\n could lead to local escalation of privilege with no\n additional execution privileges needed. User\n interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-143560807(CVE-2020-0432)\n\n - A TOCTOU mismatch in the NFS client code in the Linux\n kernel before 5.8.3 could be used by local attackers to\n corrupt memory or possibly have unspecified other\n impact because a size check is in fs/ nfs/ nfs4proc.c\n instead of fs/ nfs/ nfs4xdr.c, aka\n CID-b4487b935452..(CVE-2020-25212)\n\n - A flaw was found in the Linux kernel before 5.9-rc4. A\n failure of the file system metadata validator in XFS\n can cause an inode with a valid, user-creatable\n extended attribute to be flagged as corrupt. This can\n lead to the filesystem being shutdown, or otherwise\n rendered inaccessible until it is remounted, leading to\n a denial of service. The highest threat from this\n vulnerability is to system\n availability.(CVE-2020-14385)\n\n - In uvc_scan_chain_forward of uvc_driver.c, there is a\n possible linked list corruption due to an unusual root\n cause. This could lead to local escalation of privilege\n in the kernel with no additional execution privileges\n needed. User interaction is not needed for\n exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-111893654References: Upstream\n kernel(CVE-2020-0404)\n\n - The rbd block device driver in drivers/block/rbd.c in\n the Linux kernel through 5.8.9 used incomplete\n permission checking for access to rbd devices, which\n could be leveraged by local attackers to map or unmap\n rbd block devices, aka\n CID-f44d04e696fe.(CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in\n mm/hugetlb.c in the Linux kernel before 5.8.8 could be\n used by local attackers to corrupt memory, cause a NULL\n pointer dereference, or possibly have unspecified other\n impact, aka CID-17743798d812.(CVE-2020-25285)\n\n - A memory out-of-bounds read flaw was found in the Linux\n kernel before 5.9-rc2 with the ext3/ext4 file system,\n in the way it accesses a directory with broken\n indexing. This flaw allows a local user to crash the\n system if the directory exists. The highest threat from\n this vulnerability is to system\n availability.(CVE-2020-14314)\n\n - A flaw was found in the Linux kernel before 5.9-rc4.\n Memory corruption can be exploited to gain root\n privileges from unprivileged processes. The highest\n threat from this vulnerability is to data\n confidentiality and integrity.(CVE-2020-14386)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1642\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0fbd2c64\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.18.0-147.5.1.2.h314.eulerosv2r9\",\n \"kernel-tools-4.18.0-147.5.1.2.h314.eulerosv2r9\",\n \"kernel-tools-libs-4.18.0-147.5.1.2.h314.eulerosv2r9\",\n \"python3-perf-4.18.0-147.5.1.2.h314.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:14:26", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0878 advisory.\n\n - kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n - kernel: umask not applied on filesystem without ACL support (CVE-2020-24394)\n\n - kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-17T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2021:0878)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14351", "CVE-2020-24394", "CVE-2020-25212", "CVE-2020-29661"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.6", "cpe:/o:redhat:rhel_e4s:7.6", "cpe:/o:redhat:rhel_eus:7.6", "cpe:/o:redhat:rhel_tus:7.6", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2021-0878.NASL", "href": "https://www.tenable.com/plugins/nessus/147842", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0878. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147842);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2020-14351\",\n \"CVE-2020-24394\",\n \"CVE-2020-25212\",\n \"CVE-2020-29661\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0878\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2021:0878)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0878 advisory.\n\n - kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n - kernel: umask not applied on filesystem without ACL support (CVE-2020-24394)\n\n - kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-24394\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25212\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1862849\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1869141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1877575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1906525\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(367, 416, 667, 732);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.6')) audit(AUDIT_OS_NOT, 'Red Hat 7.6', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-14351', 'CVE-2020-24394', 'CVE-2020-25212', 'CVE-2020-29661');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:0878');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.6/x86_64/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.6/x86_64/os',\n 'content/aus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/optional/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/optional/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/optional/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap-hana/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap-hana/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap-hana/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/source/SRPMS',\n 'content/eus/rhel/power/7/7.6/ppc64/debug',\n 'content/eus/rhel/power/7/7.6/ppc64/optional/debug',\n 'content/eus/rhel/power/7/7.6/ppc64/optional/os',\n 'content/eus/rhel/power/7/7.6/ppc64/optional/source/SRPMS',\n 'content/eus/rhel/power/7/7.6/ppc64/os',\n 'content/eus/rhel/power/7/7.6/ppc64/sap/debug',\n 'content/eus/rhel/power/7/7.6/ppc64/sap/os',\n 'content/eus/rhel/power/7/7.6/ppc64/sap/source/SRPMS',\n 'content/eus/rhel/power/7/7.6/ppc64/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/os',\n 'content/tus/rhel/server/7/7.6/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-3.10.0-957.70.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.70.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.70.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.70.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.70.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-957.70.1.el7', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-957.70.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-957.70.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.70.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.70.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.70.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.70.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.70.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.70.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.70.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.70.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.70.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.70.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.70.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.70.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-3.10.0-957.70.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-3.10.0-957.70.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-957.70.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-957.70.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-957.70.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-957.70.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-957.70.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-957.70.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.70.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.70.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.70.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.70.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.70.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.70.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.70.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.70.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.70.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.70.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.70.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-bootwrapper / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:15", "description": "The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178123).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).\n\nCVE-2020-25704: Fixed a leak in perf_event_parse_addr_filter() (bsc#1178393).\n\nCVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429).\n\nCVE-2020-25705: Fixed an issue which could have allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization (bsc#1175721).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3717-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25668", "CVE-2020-25669", "CVE-2020-25704", "CVE-2020-25705", "CVE-2020-27777", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29371"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-3717-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143860", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3717-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143860);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25668\",\n \"CVE-2020-25669\",\n \"CVE-2020-25704\",\n \"CVE-2020-25705\",\n \"CVE-2020-27777\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\",\n \"CVE-2020-29371\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3717-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c\nwhich could have allowed local users to gain privileges or cause a\ndenial of service (bsc#1179141).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have\nallowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-25668: Fixed a concurrency use-after-free in con_font_op\n(bsc#1178123).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit()\n(bsc#1178182).\n\nCVE-2020-25704: Fixed a leak in perf_event_parse_addr_filter()\n(bsc#1178393).\n\nCVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could\nhave been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could\nhave been used by local attackers to read privileged information or\npotentially crash the kernel (bsc#1178589).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace\n(bsc#1179429).\n\nCVE-2020-25705: Fixed an issue which could have allowed to quickly\nscan open UDP ports. This flaw allowed an off-path remote user to\neffectively bypassing source port UDP randomization (bsc#1175721).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1067665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175916\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177703\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177808\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177809\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177819\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178123\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178182\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178838\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179213\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179259\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=927455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15436/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15437/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25668/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25669/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25704/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25705/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28915/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28974/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29371/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203717-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9106a420\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP5 :\n\nzypper in -t patch SUSE-SLE-WE-12-SP5-2020-3717=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3717=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3717=1\n\nSUSE Linux Enterprise Live Patching 12-SP5 :\n\nzypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-3717=1\n\nSUSE Linux Enterprise High Availability 12-SP5 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP5-2020-3717=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27777\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-25669\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-base-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-base-debuginfo-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-debuginfo-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-debugsource-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-devel-4.12.14-122.54.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-syms-4.12.14-122.54.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:57", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1437 advisory.\n\n - In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure. (CVE-2019-19448)\n\n - The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. (CVE-2020-12888)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - A flaw was found in the Linux kernels implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14331)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of- bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2020-14390)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. (CVE-2020-25285)\n\n - A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability. (CVE-2020-25641)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a. (CVE-2020-26088)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-28T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2020-1437)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19448", "CVE-2020-12888", "CVE-2020-14314", "CVE-2020-14331", "CVE-2020-14390", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285", "CVE-2020-25641", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-26088"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2020-1437.NASL", "href": "https://www.tenable.com/plugins/nessus/141961", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1437.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141961);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2019-19448\",\n \"CVE-2020-12888\",\n \"CVE-2020-14314\",\n \"CVE-2020-14331\",\n \"CVE-2020-14390\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\",\n \"CVE-2020-25641\",\n \"CVE-2020-25643\",\n \"CVE-2020-25645\",\n \"CVE-2020-26088\"\n );\n script_xref(name:\"ALAS\", value:\"2020-1437\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2020-1437)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the ALAS-2020-1437 advisory.\n\n - In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some\n operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in\n fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to\n a right data structure. (CVE-2019-19448)\n\n - The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory\n space. (CVE-2020-12888)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file\n system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash\n the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - A flaw was found in the Linux kernels implementation of the invert video code on VGA consoles when a\n local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds\n write to occur. This flaw allows a local user with access to the VGA console to crash the system,\n potentially escalating their privileges on the system. The highest threat from this vulnerability is to\n data confidentiality and integrity as well as system availability. (CVE-2020-14331)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of-\n bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of\n the flaw, privilege escalation cannot be fully ruled out. (CVE-2020-14390)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers\n to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c\n instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete\n permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap\n rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be\n used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified\n other impact, aka CID-17743798d812. (CVE-2020-25285)\n\n - A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length\n biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a\n denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block\n device, resulting in a denial of service. The highest threat from this vulnerability is to system\n availability. (CVE-2020-25641)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption\n and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause\n the system to crash or cause a denial of service. The highest threat from this vulnerability is to data\n confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may\n be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE\n tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from\n this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2\n could be used by local attackers to create raw sockets, bypassing security mechanisms, aka\n CID-26896f01467a. (CVE-2020-26088)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2020-1437.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14314\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25212\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25641\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25643\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-26088\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-19448\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n cve_list = make_list(\"CVE-2019-19448\", \"CVE-2020-12888\", \"CVE-2020-14314\", \"CVE-2020-14331\", \"CVE-2020-14390\", \"CVE-2020-25212\", \"CVE-2020-25284\", \"CVE-2020-25285\", \"CVE-2020-25641\", \"CVE-2020-25643\", \"CVE-2020-25645\", \"CVE-2020-26088\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALAS-2020-1437\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\npkgs = [\n {'reference':'kernel-4.14.200-116.320.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-4.14.200-116.320.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'kernel-debuginfo-4.14.200-116.320.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-debuginfo-4.14.200-116.320.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'kernel-debuginfo-common-i686-4.14.200-116.320.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-debuginfo-common-x86_64-4.14.200-116.320.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'kernel-devel-4.14.200-116.320.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-devel-4.14.200-116.320.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'kernel-headers-4.14.200-116.320.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-headers-4.14.200-116.320.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'kernel-tools-4.14.200-116.320.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-tools-4.14.200-116.320.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'kernel-tools-debuginfo-4.14.200-116.320.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-tools-debuginfo-4.14.200-116.320.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'kernel-tools-devel-4.14.200-116.320.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'kernel-tools-devel-4.14.200-116.320.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'perf-4.14.200-116.320.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'perf-4.14.200-116.320.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'perf-debuginfo-4.14.200-116.320.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'perf-debuginfo-4.14.200-116.320.amzn1', 'cpu':'x86_64', 'release':'ALA'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:23", "description": "The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-12351: Fixed a type confusion while processing AMP packets aka 'BleedingTooth' aka 'BadKarma' (bsc#1177724).\n\n - CVE-2020-24490: Fixed a heap buffer overflow when processing extended advertising report events aka 'BleedingTooth' aka 'BadVibes' (bsc#1177726).\n\n - CVE-2020-12352: Fixed an information leak when processing certain AMP packets aka 'BleedingTooth' aka 'BadChoice' (bsc#1177725).\n\n - CVE-2020-25212: A TOCTOU mismatch in the NFS client code in the Linux kernel could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452 (bnc#1176381).\n\n - CVE-2020-25645: Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confid

EulerOS 2.0 SP3 : kernel (EulerOS-SA-2021-1079)

Description

Related